06-15-2021 12:51 PM
Across a large environment, what would be the best way to audit Palo administrator accounts? That is accounts found at Device > Administrators.
For various reasons we all end up with lots of AD accounts, service accounts and so on there, what I'd like to do is find a way to periodically check those accounts against AD to see if they are still valid.
So far the only way that I have found is to export the csv and run a powershell script against the names which pipes out to a simple "true or false". Problem with that is that I have to run it across a ton of Palo's one by one.
There has to be a better way. Even if it's a script that will run against all my palos to get the names first.
06-15-2021 02:19 PM
So with your existing script I would just tie in calls to the firewall's API to grab any administrator on the system, instead of doing a CSV export. The API URL would be /api/?type=config&action=get&xpath=/config/mgmt-config/users
06-17-2021 09:28 AM
Is there a way to show the Administrators on a template via command line?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!