API Cortex Disable Policy

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

API Cortex Disable Policy

L1 Bithead

Dear all,

 

Does anyone knows the specific endpoint to disable Policy Rule through the API?

In the API Doc only shows get-policy associated to endpoint.

 

Thanks in advance!

 

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-API-Reference/Get-Policy

 

 

luismianton_0-1677584651879.png

 

2 accepted solutions

Accepted Solutions

L3 Networker

Hi Luismi.Anton,

There is not an API for disabling policies, this must be done via the UI. If you are using specific policies temporarily, one possible workaround is to target endpoints for these policies based on the endpoint 'tags'. If the policies are configured in that way, you can effectively change the endpoints assigned policy via API by assigning or removing endpoint tags via API.


Thanks,
Ben

View solution in original post

Hi @luismi.anton,

 

Removing the endpoint tag will just remove that tag assignment from the specified endpoint(s). The tag will still be available for future assignment and will still be referenced in any Policy Rule(s), if they are configured to target endpoints with that tag. The endpoint which has the tag removed will no longer be governed by that particular policy and will be evaluated against the other policies' target criteria until one is matched.

 

Regards,

Tim

View solution in original post

6 REPLIES 6

L3 Networker

Hi Luismi.Anton,

There is not an API for disabling policies, this must be done via the UI. If you are using specific policies temporarily, one possible workaround is to target endpoints for these policies based on the endpoint 'tags'. If the policies are configured in that way, you can effectively change the endpoints assigned policy via API by assigning or removing endpoint tags via API.


Thanks,
Ben

Great!, thank you very match Bbucao!!

This policies are not temporarily, but if I remove one endpoint tag, in the future is possible to create again with the same API? or only is possible with de UI.

The concept is develop a button that triggers a query to the API for enable and disable policy...

Hi @luismi.anton,

 

Removing the endpoint tag will just remove that tag assignment from the specified endpoint(s). The tag will still be available for future assignment and will still be referenced in any Policy Rule(s), if they are configured to target endpoints with that tag. The endpoint which has the tag removed will no longer be governed by that particular policy and will be evaluated against the other policies' target criteria until one is matched.

 

Regards,

Tim

L1 Bithead

Finally we´re able to do this implementation. Thanks at all folks!!!

L1 Bithead

Hi Again Folks,

 

After assign a tag to a specific group via API, how can we confirm that all de endpoints presents on that group have that specific tag assigned?

 

Thank you very much.

 

L3 Networker

Hi @luismi.anton,

 

To verify the tag is present on the endpoints, you could validate in the console by navigating to Endpoints > Endpoint Groups and then right click the group name and select "View endpoints." In the resulting table, make sure the "Tags" column is shown by customizing the table layout using the ellipsis in the upper right corner. This will show all of the endpoint tags associated with the endpoints in your target group.

 

You could also return the information via the Get Endpoint API. Within the request body, you can specify filters and use the group_name field - this will return all endpoints in that group, and one of the properties returned in the response for each endpoint would be endpointTags.

 

I hope this helps!

 

Regards,

Tim

  • 2 accepted solutions
  • 6540 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!