About JimmyHolland

JimmyHolland

Hi @Srikant, does this NGFW CLI configuration command help? set deviceconfig setting management disable-commit-recovery yes

JimmyHolland

Hello @raji_toor, we have a dedicated MineMeld area in our Live Community, Could I ask you to post your query there please? https://live.paloaltonetworks.com/t5/minemeld-discussions/bd-p/MineMeldDiscussions Thanks!

JimmyHolland

@KarlaLedesma That's a different question than was originally asked 🙂 We've shown how to retrieve the HIP report for a user. If you say you want the HIP report for all 4000 users, your workflow would be to enumerate the lists of users and machines and IP addresses (via logs or API), and then have some logic to loop through each of the users and get the HIP report for each, storing the results somewhere for whatever the purpose is of the data gathering exercise. You could use your choice of scripting or programming language to implement this workflow/logic. Hope this helps.

JimmyHolland

Hi @NikKaretko, You can specify multiple members in the element portion, so instead of &element=<member>11.11.16.0/24</member>&element=<member>12.12.17.0/24</member>&element=<member>13.13.17.0/24</member> Use: &element=<member>11.11.16.0/24</member><member>12.12.17.0/24</member><member>13.13.17.0/24</member>

JimmyHolland

Hio @le.wang, in your example, the current User-ID entry is for username "wangle" per " show user ip-user-mapping-mp ip 10.65.69.147". But , your API call is trying to remove/logout username "11:22:33:aa:bb:cc". Is that the problem?

JimmyHolland

Hi @sachet230, can you share which agent you are referring to? Thanks

JimmyHolland

Hi @KarlaLedesma, I'd recommend getting a successful output on CLI first maybe? Here is my example, try matching everything you see in the HIP logs with the CLI command like I did here, then move to the API after:

JimmyHolland

Does this help? https://{{host}}/api/?key={{key}}&type=op&cmd=<show><user><hip-report><user>{{username}}</user><ip>{{user-ip}}</ip><computer>{{user-hostname}}</computer></hip-report></user></show>

JimmyHolland

Does this help? https://{{host}}/api/?key={{key}}&type=op&cmd=<show><user><hip-report><user>{{username}}</user><ip>{{user-ip}}</ip><computer>{{user-hostname}}</computer></hip-report></user></show>

JimmyHolland

Great news @jkostic1, happy to help. There are parameters to control the input/output format too (e.g. &input-format=json&output-format=json ) in case you wanted to use XML. For future reference, the docs are here (and there's a PDF download button too): https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-panorama-api/get-started-with-the-pan-os-rest-api.html. Also the firewall has docs onboard, at https://{{firewall-hostname}}/restapi-doc

JimmyHolland

Hi @jkostic1, I can't help much on the PowerShell side, but the final line in your script needs to have a request that looks something like this: https://{{host}}/restapi/v10.0/Objects/Addresses?name={{object-name}}&location=vsys&vsys=vsys1 Then the body you pass in needs to look something like this (you didn't share what's in the $body variable): { "entry": { "@name": "My-Address", "ip-netmask": "8.8.8.8", "description": "My test address" } } POSTing my REST API call above with Postman works fine, so you just need to translate that into your PowerShell script with the variable names you're using. Maybe it's the shared part in your location, are you on single-vsys or multi-vsys firewall? Or the version? These are the acceptable versions in the API endpoint URI (obvisouly you can only go up to the version which matches the PAN-OS version your firewall is currently running, you can't target v10.0 on a v9.1 firewall, etc): https://{{host}}/restapi/9.0/... https://{{host}}/restapi/v9.1/... https://{{host}}/restapi/v10.0/... Hope that helps!

JimmyHolland

@vvenkatara Can you help here?

JimmyHolland · ‎05-13-2021

Hi @usabina, I can confirm that as of today this is not available in the REST API, but will be added in a future version of PAN-OS.

JimmyHolland · ‎05-12-2021

Hi @mrzepa2 @grchew, Does this help, for the example of a variable which is an IP address? https://{{host}}/api/?key={{key}}&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/template-stack/entry[@name='{{template-stack-name}}']/devices/entry[@name='{{serial-number}}']/variable&element=<entry name="{{var-name}}"><type><ip-netmask>{{object-ip-1}}</ip-netmask></type></entry>

JimmyHolland · ‎05-12-2021

Hi @Serhan, At Panorama level, this command will get stats for all rules at summary level: https://{{host}}/api?key={{key}}&type=op&cmd=<show><rule-hit-count><device-group><entry name='{{device-group-name}}'><pre-rulebase><entry name='security'><rules><all/></rules></entry></pre-rulebase></entry></device-group></rule-hit-count></show> If you use a similar command for a specific rule, you can detailed stats including last-hit-timestamp: https://{{host}}/api?key={{key}}&type=op&cmd=<show><rule-hit-count><device-group><entry name='{{device-group-name}}'><pre-rulebase><entry name='security'><rules><rule-name><entry name='{{rule-name}}'/></rule-name></rules></entry></pre-rulebase></entry></device-group></rule-hit-count></show> Hope that helps.

Member Since	‎07-17-2014 06:16 AM
Date Last Visited	Friday
Posts	90
Total Likes Received	6

Online Status	Offline
Date Last Visited	Friday

About JimmyHolland

Re: CLI: Disable automated commit recovery

Re: Split Minemeld Feed

Re: Querying for Detailed HIP Report on XML API

Re: GlobalProtect Gateway Exclude Access Route and Domains

Re: "Delete mapping failed" from XML API / uid-message / logout

Re: Unable to create an address object using the API from Powershell

Re: Rest API for security advisories?

Re: API-KEY after 9.0. Will it work on all firewalls after the "API Key Lifetime" option is added in 9.0?

Re: Find where is the address in Active/Active config

Re: Panorama Orchestrated Azure Deployments Now in Beta

Re: Remove Firewall from Log Collector Group and Push Changes to Collector

April VM-Series and CN-Series Updates

Re: API-KEY after 9.0. Will it work on all firewalls after the "API Key Lifetime" option is added in 9.0?

Re: PanOS7.1 Panorama API how can I find out if the Device group is locked?

Telemetry Agent Release Notes V1.0

Re: CLI: Disable automated commit recovery

Re: Split Minemeld Feed

Re: Querying for Detailed HIP Report on XML API

Re: GlobalProtect Gateway Exclude Access Route and Domains

Re: "Delete mapping failed" from XML API / uid-message / logout

Re: I can't able to install Agent

Re: Querying for Detailed HIP Report on XML API

Re: Download HIP Report via XML API

Re: Querying for Detailed HIP Report on XML API

Re: Unable to create an address object using the API from Powershell

Re: Unable to create an address object using the API from Powershell

Re: Unable to deploy PAN->AzureVWAN

Re: Create new IpSec Crypto Profile in rest api

Re: Template Stack variable assignments via API

Re: Using the API to get unused and used rules

Seattle Beta

Network Security

Cloud Security

Security Operations

About JimmyHolland