01-31-2025 06:28 AM
Hello,
I'd like to retrieve the list of members of a dynamic group object using API.
It's working fine to obtain the members of a static list
- the following request
/restapi/v11.1/Objects/AddressGroups?name=mystaticgroup&location=shared
returns a json like
02-27-2025 02:41 PM
Hi @marie-merlier ,
I see that you are using the REST API. The REST API is used for CRUD operations. https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-panorama-api/get-started-with-the-pan-os-rest-a...
I would guess since viewing the dynamic members of a groups is more an operational command and not a configuration create/read/update/delete command that it is not available on the REST API. Here is the syntax on the XML API to run the operational command:
/api/?type=op&cmd=<show><object><dynamic-address-group><name>mydynamicgroup</name></dynamic-address-group></object></show>
Thanks,
Tom
02-28-2025 02:34 AM
Hi @TomYoung ,
Thank you for you reply!
I've tested it on my dynamic group, but it returns an empty list like
<dyn-addr-grp>
<entry>
<member-list>
</member-list>
</entry
</dyn-addr-grp>
It's a list based on SGT filter, I'm able to see what's inside in Panorama WebUI, only when I'm on the concerned device-group.
But there is no such filter for the API, maybe this is why I see an empty list ?
I think I will open a ticket with Palo to investigate it.
02-28-2025 09:29 AM
Hi @marie-merlier ,
I have a DAG that is IP-based, and I cannot see it on Panorama. I have to connect to the NGFW to see the members.
Very interesting.
Thanks,
Tom
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
