PAN-OS 9.0.6 API Curl JSON output

Reply
Highlighted
L1 Bithead

PAN-OS 9.0.6 API Curl JSON output

I'm working on a project to get information from the Palo Altos and use it for an input to a SIEM.  I'm able to run the below and get XML output.

curl -k 'https://<PAN>/api/?type=op&cmd=<show><system><info></info></system></show>&key=<KEY>'

I would prefer getting this in json so I tried &output-format=json after the key and get XML.  I did some research and see that /api appears to be XML output only.  Is this the case?  If so, is there an alternate to get the same output but in json?

 

TIA,

Joe

Tags (3)

Accepted Solutions
Highlighted
L7 Applicator

Re: PAN-OS 9.0.6 API Curl JSON output

@jwhughes,

So your polling from a Panorama appliance then. Honestly this sounds far more like a process/people issue and not something I would solve like this, but whatever. The /api address will direct you to the XML API, so yes the output is XML. 

There is a limited REST API available in 9.0 and above, but it's pretty limited in what it can do at the moment and can't do any sort of operational command. 

 

You'll need to utilize the XML response at this time until the REST API gets to the point where it's fully functional or you fix your people/process problem. 

View solution in original post


All Replies
Highlighted
L7 Applicator

Re: PAN-OS 9.0.6 API Curl JSON output

Hello,

What information are you looking to get from the PANs to the SIEM?

 

Please advise,

Highlighted
L1 Bithead

Re: PAN-OS 9.0.6 API Curl JSON output

The hostname, ip address, serial number, ha peer, and ha state.  Both the PAN team and the team I am on are tired of asking them if there are any new devices that we need the SIEM to monitor the feed of.  If I could get that from the API only a weekly basis I wouldn't have to ask them and manually update the csv file that the SIEM reads.

Highlighted
L7 Applicator

Re: PAN-OS 9.0.6 API Curl JSON output

Hello,

So you are looking for new PAN's on the network? Sounds like something for a monitoring tool and not a SIEM?

 

Please advise,

Highlighted
L1 Bithead

Re: PAN-OS 9.0.6 API Curl JSON output

The SIEM monitors all the events from the PANs for correlating with other security appliances.  The issue as a member of the SIEM team is keeping up with the changes the PAN team makes.  That is why I'm looking for a way of getting a list of all the PANs.  I can get it with

curl -k 'https://<PAN>/api/?type=op&cmd=<show><devices><connected></connected></devices></show>&key=<KEY>'

Unfortunately the response is XML and the software I work with prefers JSON.  So either I have to convert from XML to JSON or find out if there is an alternative method of getting the information that outputs as JSON.

Highlighted
L7 Applicator

Re: PAN-OS 9.0.6 API Curl JSON output

Hello,

Are you running that against the panorama? There should be logs that are generated when a new device connects. From there you should be able to generate an alert from the SIEM if that new IP is not being monitored.

 

Hope I understood you correctly.

 

Regards,

Highlighted
L1 Bithead

Re: PAN-OS 9.0.6 API Curl JSON output

Hi,

 

Correct.  I'm running this against the Panorama.  What do the logs look like?  I still would like an answer to my original question to do a sanity check on what is currently there, but I can use the log for future PANs.

 

Regards

Highlighted
L7 Applicator

Re: PAN-OS 9.0.6 API Curl JSON output

Hello,

That is something I do not know. However it should be a 'system' log so you might be able to run a SIEM query against that type of log, check its contents and write an alarm/alert around it.

 

Regards,

Highlighted
L7 Applicator

Re: PAN-OS 9.0.6 API Curl JSON output

@jwhughes,

So your polling from a Panorama appliance then. Honestly this sounds far more like a process/people issue and not something I would solve like this, but whatever. The /api address will direct you to the XML API, so yes the output is XML. 

There is a limited REST API available in 9.0 and above, but it's pretty limited in what it can do at the moment and can't do any sort of operational command. 

 

You'll need to utilize the XML response at this time until the REST API gets to the point where it's fully functional or you fix your people/process problem. 

View solution in original post

Highlighted
L1 Bithead

Re: PAN-OS 9.0.6 API Curl JSON output

@BPryThanks.  It isn't what I wanted to hear, but it is what it is.  For now I will need to convert from XML to JSON in an external script.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!