Find disabled administrator accounts

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Find disabled administrator accounts

L4 Transporter

Across a large environment, what would be the best way to audit Palo administrator accounts?  That is accounts found at Device > Administrators.

 

For various reasons we all end up with lots of AD accounts, service accounts and so on there, what I'd like to do is find a way to periodically check those accounts against AD to see if they are still valid.

 

So far the only way that I have found is to export the csv and run a powershell script against the names which pipes out to a simple "true or false".  Problem with that is that I have to run it across a ton of Palo's one by one.

 

There has to be a better way.  Even if it's a script that will run against all my palos to get the names first.

2 REPLIES 2

Cyber Elite
Cyber Elite

@RobertShawver,

So with your existing script I would just tie in calls to the firewall's API to grab any administrator on the system, instead of doing a CSV export.  The API URL would be /api/?type=config&action=get&xpath=/config/mgmt-config/users

Is there a way to show the Administrators on a template via command line?

  • 2255 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!