[API]PYTHON PANDEVICE - SET SECURITY PROFILE

Reply
Highlighted
L1 Bithead

[API]PYTHON PANDEVICE - SET SECURITY PROFILE

Hi all,

 

I'm using PaloAlto's API for the first time.

My idea is the following:

 

 - for each rule, I would like to apply a security profile based on the service setted.

 

Reading some docs online i wrote this pseudocode.

 

 

HOSTNAME = '192.168.55.10'
API_KEY = 'My_Api_Key'

fw = pandevice.firewall.Firewall(hostname=HOSTNAME, api_key=API_KEY)
rulebase = pandevice.policies.Rulebase()
fw.add(rulebase)
rules = pandevice.policies.SecurityRule.refreshall(rulebase)

for rule in rules:

       if (rule.service is ugual to any):

                 //set security_profile (like av,URL Filtering Profiles,Vulnerability Protection Profiles,etc...)

       rule.apply()

fw.commit(sync=True)

 

 

Do you have any ideas ? Could you help me?

Thanks in advice!

 

 

CHANGÒ

Accepted Solutions
Highlighted
L1 Bithead

@BPry 

Yes i know that my script as written will not work.

I worte a pseudocode. I don't know what is the method that allows me to set the security profile. I didn't find it in the documentation.

Could you tell me what is the method?

Thanks in advice.

 

CHANGÒ

View solution in original post

Highlighted
L1 Bithead

Hi Changò,

 

use this:

 

for rule in rules:
    rule.virus = "my-antivirus-profile"

Regards 

CE

View solution in original post


All Replies
Highlighted
Cyber Elite

@Chango,

My advice would be to really learn the api before you even attempt to do something that actually makes changes to your policy. Spend some time messing around and reading the docs before you attempt to modify your rulebase, and when you start modifing the rulebase focus on modifying a set rule instead of attempting such a brod modfication as your first script. 

Highlighted
L1 Bithead

@BPry 

Hi BPri, thanks for the answer.
Yes sure, i know. I will try it in a test environment.
If possible I'd like to have some advice aboute the code.

CHANGÒ
Highlighted
Cyber Elite

@Chango

I don't give any support for code unless I've directly supplied it to address a users issues; this is a long-standing policy I've had in this forum to avoid any potential issues due to untested code. 

The only thing I'll mention is that your script as written will 100% not work as expected, as I'm sure you are already fully aware. For starters,  where you have "if (service is equal to any):" you'll simply get a error since you've never defined 'service'. To get the service of the rule you would need to do something like the following:

for rule in rules:
    if (rule.service is equal to any):

That any statement also won't work due to how the value actually returns.

Highlighted
L1 Bithead

@BPry 

Yes i know that my script as written will not work.

I worte a pseudocode. I don't know what is the method that allows me to set the security profile. I didn't find it in the documentation.

Could you tell me what is the method?

Thanks in advice.

 

CHANGÒ

View solution in original post

Highlighted
L1 Bithead

Hi Changò,

 

use this:

 

for rule in rules:
    rule.virus = "my-antivirus-profile"

 

 

EC
Highlighted
L1 Bithead

Hi Changò,

 

use this:

 

for rule in rules:
    rule.virus = "my-antivirus-profile"

Regards 

CE

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!