Palo Alto Networks Pan-OS

87 min

the palo alto networks pan os connector enables seamless integration with swimlane turbine, allowing automated interaction with firewall settings, security policies, and log data palo alto networks pan os is a leading network security platform that provides comprehensive cybersecurity solutions the palo alto networks pan os connector for swimlane turbine enables users to automate critical security operations, such as applying configuration changes, managing security policies, and handling address objects by integrating with swimlane turbine, security teams can streamline their workflows, respond to threats more efficiently, and maintain a strong security posture without manual intervention this connector empowers users to leverage the full capabilities of pan os within the swimlane ecosystem, enhancing overall security automation and response times prerequisites before you can use the palo alto networks pan os connector for turbine, ensure you have the following api key authentication with the following parameters url the base url of your palo alto networks pan os instance api key your unique api key to authenticate requests actions setup commit changes the following are examples of commit commands note that the 'cmd' input is a valid xml commit type=commit cmd=\<commit>\</commit> force commit type=commit cmd=\<commit>\<force>\</force>\</commit> partial commit while excluding shared objects and device and network configuration type=commit action=partial cmd=\<commit>\<partial>\<device and network>excluded\</device and network>\<shared object>excluded\</shared object>\</partial>\</commit> partial commit admin level changes on a firewall or panorama while excluding shared objects type=commit action=partial cmd=\<commit>\<partial>\<device and network>excluded\</device and network>\<shared object>excluded\</shared object>\<admin>\<member>socadmin\</member>\</admin>\</partial>\</commit capabilities this connector provides the following capabilities commit changes create a security policy rule create an address object create url filtering security profile delete an address object delete custom url category delete url filtering security profile edit an address object edit custom url category edit dynamic user group generic task get log list addresses list custom url categories list dynamic user groups and so on palo alto documentation the panorama and pan os documentation can be found within the instance of palo alto under the following endoints rest api https //yourinstance/restapi doc https //yourinstance/restapi doc xml api https //10 32 1 98/php/rest/browse php https //10 32 1 98/php/rest/browse phplink to address objects rest api documentation https //docs paloaltonetworks com/pan os/10 1/pan os panorama api/get started with the pan os rest api/work with address objects rest api additional notes in the edit an address object action, if you are modifying the description and adding a new tag called red to the address object if the tag does not already exist, you must first create the tag before you can reference it in the address object in the create an address object action , you please pass in the request body that include the name, location and other properties to define the object configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x pan key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions commit changes applies pending configuration changes to palo alto networks pan os devices, activating the latest settings endpoint url /api/ method get input argument name type required description type string optional type of the resource action string optional parameter for commit changes cmd string optional the entire commit command in xml format output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 200, "response headers" { "date" "thu, 29 dec 2022 21 22 48 gmt", "content type" "application/xml; charset=utf 8", "content length" "286", "connection" "keep alive", "cache control" "no store, no cache, must revalidate", "expires" "thu, 19 nov 1981 08 52 00 gmt", "pragma" "no cache", "set cookie" "phpsessid=qs4tqup6tgokarqb2bau83kobp; path=/; secure; httponly, phpsessid=qs4tqu ", "content security policy" "frame ancestors 'none'", "strict transport security" "max age=86400", "x content type options" "nosniff", "x frame options" "deny", "allow" "get, head, post, put, delete, options" }, "reason" "ok", "response text" "\<response status=\\"success\\" code=\\"13\\">\<msg>the result of this commit would be the " } ] create a security policy rule creates a new security policy rule in palo alto networks pan os with specified parameters and data body endpoint url restapi/v11 0/policies/securityrules method post input argument name type required description location string optional the location type where the security rule will be created vsys string optional the name of the vsys when location type is vsys name string optional the name of the security rule data body object required response data entry array optional the entry of the security rule @location string optional the location type where the security rule will be created @name string optional the name of the security rule @vsys string optional the name of the vsys when location type is vsys action string optional the action of the security rule application object optional the application of the security rule member array optional the member of the application category object optional the category of the security rule member array optional the member of the category destination object optional the destination of the security rule member array optional the member of the destination from object optional the from of the security rule member array optional the member of the from source hip object optional the source hip of the security rule member array optional the member of the source hip destination hip object optional the destination hip of the security rule member array optional the member of the destination hip service object optional the service of the security rule member array optional the member of the service source object optional the source of the security rule member array optional the member of the source output parameter type description status code number http status code of the response reason string response reason phrase @code string output field @code @status string status value result object result of the operation @count string count value @total count string count value entry array output field entry @location string output field @location @name string name of the resource @vsys string output field @vsys fqdn string output field fqdn ip netmask string output field ip netmask @oldname string name of the resource example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "@code" "19", "@status" "success", "result" {} } } ] create an address object executes a post request to create an address object in palo alto networks pan os with a specified name and location endpoint url /restapi/v11 0/objects/addresses method post input argument name type required description location string required location name string required name entry array optional entry @location string optional location @name string optional name description string optional description fqdn string optional fqdn tag object optional tag member array optional member output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 201, "response headers" { "content type" "text/html; charset=utf 8", "x hsci cache time" "2024 12 06t12 01 22 328z", "content encoding" "gzip" }, "reason" "ok", "json body" {} } ] create url filtering security profile creates a url filtering security profile to manage web access and traffic within palo alto networks pan os endpoint url /restapi/v10 2/objects/urlfilteringsecurityprofiles method post input argument name type required description location string optional parameter for create url filtering security profile vsys string optional parameter for create url filtering security profile name string optional name of the resource entry object optional parameter for create url filtering security profile @name string optional name of the resource description string optional parameter for create url filtering security profile allow object optional parameter for create url filtering security profile member array optional parameter for create url filtering security profile alert object optional parameter for create url filtering security profile member array optional parameter for create url filtering security profile block object optional parameter for create url filtering security profile member array optional parameter for create url filtering security profile continue object optional parameter for create url filtering security profile member array optional parameter for create url filtering security profile override object optional unique identifier member array optional parameter for create url filtering security profile credential enforcement object optional parameter for create url filtering security profile mode object optional parameter for create url filtering security profile disabled object optional parameter for create url filtering security profile log severity string optional parameter for create url filtering security profile allow object optional parameter for create url filtering security profile member array optional parameter for create url filtering security profile alert object optional parameter for create url filtering security profile member array optional parameter for create url filtering security profile block object optional parameter for create url filtering security profile output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 200, "response headers" { "date" "thu, 29 dec 2022 21 22 48 gmt", "content type" "application/xml; charset=utf 8", "content length" "286", "connection" "keep alive", "cache control" "no store, no cache, must revalidate", "expires" "thu, 19 nov 1981 08 52 00 gmt", "pragma" "no cache", "set cookie" "phpsessid=qs4tqup6tgokarqb2bau83kobp; path=/; secure; httponly, phpsessid=qs4tqu ", "content security policy" "frame ancestors 'none'", "strict transport security" "max age=86400", "x content type options" "nosniff", "x frame options" "deny", "allow" "get, head, post, put, delete, options" }, "reason" "ok", "response text" "\<response status=\\"success\\" code=\\"13\\">\<msg>the result of this commit would be the " } ] delete an address object removes a specified address object from a location in palo alto networks pan os using the 'location' and 'name' parameters endpoint url /restapi/v11 0/objects/addresses method delete input argument name type required description location string required location name string required name output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content type" "text/html; charset=utf 8", "x hsci cache time" "2024 12 06t12 01 22 328z", "content encoding" "gzip" }, "reason" "ok", "json body" {} } ] delete custom url category removes a custom url category from a specified location in palo alto networks pan os, requiring the 'location' parameter endpoint url /restapi/v10 2/objects/customurlcategories method delete input argument name type required description location string required the location of the entry name string optional the name of the entry vsys string optional the name of the vsys when location type is vsys output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 200, "response headers" { "date" "thu, 29 dec 2022 21 22 48 gmt", "content type" "application/xml; charset=utf 8", "content length" "286", "connection" "keep alive", "cache control" "no store, no cache, must revalidate", "expires" "thu, 19 nov 1981 08 52 00 gmt", "pragma" "no cache", "set cookie" "phpsessid=qs4tqup6tgokarqb2bau83kobp; path=/; secure; httponly, phpsessid=qs4tqu ", "content security policy" "frame ancestors 'none'", "strict transport security" "max age=86400", "x content type options" "nosniff", "x frame options" "deny", "allow" "get, head, post, put, delete, options" }, "reason" "ok", "response text" "\<response status=\\"success\\" code=\\"13\\">\<msg>the result of this commit would be the " } ] delete url filtering security profile removes a specified url filtering security profile from a location in palo alto networks pan os, requiring the 'location' parameter endpoint url /restapi/v10 2/objects/urlfilteringsecurityprofile method delete input argument name type required description location string required the location of the entry name string optional the name of the entry vsys string optional the name of the vsys when location type is vsys output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 200, "response headers" { "date" "thu, 29 dec 2022 21 22 48 gmt", "content type" "application/xml; charset=utf 8", "content length" "286", "connection" "keep alive", "cache control" "no store, no cache, must revalidate", "expires" "thu, 19 nov 1981 08 52 00 gmt", "pragma" "no cache", "set cookie" "phpsessid=qs4tqup6tgokarqb2bau83kobp; path=/; secure; httponly, phpsessid=qs4tqu ", "content security policy" "frame ancestors 'none'", "strict transport security" "max age=86400", "x content type options" "nosniff", "x frame options" "deny", "allow" "get, head, post, put, delete, options" }, "reason" "ok", "response text" "\<response status=\\"success\\" code=\\"13\\">\<msg>the result of this commit would be the " } ] edit an address object modifies an existing address object in palo alto networks pan os with specified name and location endpoint url /restapi/v11 0/objects/addresses method put input argument name type required description location string required location name string required name entry array optional parameter for edit an address object @location string optional location @name string optional name description string optional description fqdn string optional fqdn tag object optional tag member array optional member output parameter type description status code number http status code of the response reason string response reason phrase @code string output field @code @status string status value msg string output field msg example \[ { "status code" 200, "response headers" { "content type" "text/html; charset=utf 8", "x hsci cache time" "2024 12 06t12 01 22 328z", "content encoding" "gzip" }, "reason" "ok", "json body" { "@code" "20", "@status" "success", "msg" "command succeeded" } } ] edit custom url category modify an existing custom url category in palo alto networks pan os by specifying the location and name endpoint url /restapi/v10 2/objects/customurlcategories method put input argument name type required description location string required parameter for edit custom url category vsys string optional the name of the vsys when location type is vsys name string required name of the resource entry object optional parameter for edit custom url category @name string optional name of the resource description string optional parameter for edit custom url category list object optional parameter for edit custom url category member array optional parameter for edit custom url category type string optional type of the resource output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" {} } ] edit dynamic user group updates criteria or membership of an existing dynamic user group in palo alto networks pan os endpoint url /restapi/v10 2/objects/dynamicusergroups method put input argument name type required description location string optional parameter for edit dynamic user group vsys string optional parameter for edit dynamic user group name string optional name of the resource entry object optional parameter for edit dynamic user group @name string optional name of the resource description string optional parameter for edit dynamic user group filter string optional parameter for edit dynamic user group tag object optional parameter for edit dynamic user group member array optional parameter for edit dynamic user group output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "response text" "string" } ] generic task execute a customizable task in palo alto networks pan os, offering full control over the request parameters for tailored operations input argument name type required description endpoint string optional path to the endpoint after url in asset use double brackets with path parameters for dynamic urls method string optional method of the request such as post, get, put, patch, delete (note, others are available to use) data body object optional body to send as data, this allows you to set the content type in the headers manually headers object optional request headers to send with the individual request output parameter type description status code number the http response status code data object the json response body response text string output field response text reason string the http reason, often times an error message can be here ok means success example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "response text" "string" } ] get log retrieves a specific log entry from palo alto networks pan os using the provided queue id endpoint url /api/ method get input argument name type required description type string optional type of the resource action string optional parameter for get log job id number optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 200, "response headers" { "date" "thu, 29 dec 2022 22 21 55 gmt", "content type" "application/xml; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "cache control" "no store, no cache, must revalidate", "expires" "thu, 19 nov 1981 08 52 00 gmt", "pragma" "no cache", "set cookie" "phpsessid=sqie6u23458jkdo2n0rt28jfgt; path=/; secure; httponly, phpsessid=sqie6u ", "content security policy" "frame ancestors 'none'", "strict transport security" "max age=86400", "x content type options" "nosniff", "x frame options" "deny", "allow" "get, head, post, put, delete, options" }, "reason" "ok", "response text" "\<response status=\\"success\\">\<result>\n \<job>\n \<tenq>14 21 37\</tenq>\n \<tdeq> " } ] list addresses retrieve a list of address objects from a specified location in palo alto networks pan os, requiring the 'location' parameter endpoint url /restapi/v11 0/objects/addresses method get input argument name type required description location string required the location of the entry vsys string optional the name of the vsys when location type is vsys output parameter type description status code number http status code of the response reason string response reason phrase @status string status value @code string output field @code result object result of the operation @count string count value entry array output field entry ip netmask string output field ip netmask tag object output field tag member array output field member example \[ { "status code" 200, "response headers" { "date" "thu, 29 dec 2022 20 32 48 gmt", "content type" "application/json; charset=utf 8", "content length" "45", "connection" "keep alive", "set cookie" "phpsessid=55kmh2bk7l06fmkrs0ptdrejeo; path=/; secure; httponly, phpsessid=55kmh2 ", "expires" "thu, 19 nov 1981 08 52 00 gmt", "cache control" "no store, no cache, must revalidate", "pragma" "no cache", "allow" "get, head, post, put, delete, options" }, "reason" "ok", "json body" { "@status" "success", "@code" "19", "result" {} } } ] list custom url categories retrieve a list of custom url categories from palo alto networks pan os at the specified location, requiring 'location' parameter endpoint url /restapi/v10 2/objects/customurlcategories method get input argument name type required description location string required the location of the entry vsys string optional the name of the vsys when location type is vsys output parameter type description status code number http status code of the response reason string response reason phrase @status string status value @code string output field @code result object result of the operation @count string count value entry array output field entry @name string name of the resource @location string output field @location @vsys string output field @vsys description string output field description list object output field list member array output field member type string type of the resource example \[ { "status code" 200, "response headers" { "date" "thu, 29 dec 2022 20 32 48 gmt", "content type" "application/json; charset=utf 8", "content length" "45", "connection" "keep alive", "set cookie" "phpsessid=55kmh2bk7l06fmkrs0ptdrejeo; path=/; secure; httponly, phpsessid=55kmh2 ", "expires" "thu, 19 nov 1981 08 52 00 gmt", "cache control" "no store, no cache, must revalidate", "pragma" "no cache", "allow" "get, head, post, put, delete, options" }, "reason" "ok", "json body" { "@status" "success", "@code" "7", "result" {} } } ] list dynamic user groups retrieve a list of dynamic user groups from palo alto networks pan os using the specified location parameter endpoint url /restapi/v10 2/objects/dynamicusergroups method get input argument name type required description location string required the location of the entry vsys string optional the name of the vsys when location type is vsys output parameter type description status code number http status code of the response reason string response reason phrase @status string status value @code string output field @code result object result of the operation @count string count value entry array output field entry @name string name of the resource @location string output field @location @vsys string output field @vsys description string output field description list object output field list member array output field member type string type of the resource example \[ { "status code" 200, "response headers" { "date" "thu, 29 dec 2022 20 32 48 gmt", "content type" "application/json; charset=utf 8", "content length" "45", "connection" "keep alive", "set cookie" "phpsessid=55kmh2bk7l06fmkrs0ptdrejeo; path=/; secure; httponly, phpsessid=55kmh2 ", "expires" "thu, 19 nov 1981 08 52 00 gmt", "cache control" "no store, no cache, must revalidate", "pragma" "no cache", "allow" "get, head, post, put, delete, options" }, "reason" "ok", "json body" { "@status" "success", "@code" "7", "result" {} } } ] list syslogs profiles retrieves a list of syslog server profiles from a specified location in palo alto networks pan os, with the 'location' parameter required endpoint url /restapi/v10 2/network/tunnelinterfaces method get input argument name type required description location string required the location of the entry name string optional the name of the entry output parameter type description status code number http status code of the response reason string response reason phrase @status string status value @code string output field @code result object result of the operation @count string count value entry array output field entry @name string name of the resource @location string output field @location server object output field server entry array output field entry @name string name of the resource server string output field server transport string output field transport port number output field port format string output field format facility string output field facility format object output field format traffic string output field traffic threat string output field threat wildfire string output field wildfire url string url endpoint for the request data string response data gtp string output field gtp sctp string output field sctp example \[ { "status code" 200, "response headers" { "date" "thu, 29 dec 2022 20 32 48 gmt", "content type" "application/json; charset=utf 8", "content length" "45", "connection" "keep alive", "set cookie" "phpsessid=55kmh2bk7l06fmkrs0ptdrejeo; path=/; secure; httponly, phpsessid=55kmh2 ", "expires" "thu, 19 nov 1981 08 52 00 gmt", "cache control" "no store, no cache, must revalidate", "pragma" "no cache", "allow" "get, head, post, put, delete, options" }, "reason" "ok", "json body" { "@status" "success", "@code" "19", "result" {} } } ] list url filtering security profiles retrieve a list of url filtering security profiles from palo alto networks pan os using the specified location parameter endpoint url /restapi/v10 2/objects/urlfilteringsecurityprofiles method get input argument name type required description location string required the location of the entry name string optional the name of the entry vsys string optional the name of the vsys when location type is vsys output parameter type description status code number http status code of the response reason string response reason phrase @status string status value @code string output field @code result object result of the operation @count string count value entry array output field entry @name string name of the resource @location string output field @location @vsys string output field @vsys description string output field description allow object output field allow member array output field member alert object output field alert member array output field member block object output field block member array output field member continue object output field continue member array output field member override object unique identifier member array output field member credential enforcement object output field credential enforcement mode object output field mode disabled object output field disabled log severity string output field log severity example \[ { "status code" 200, "response headers" { "date" "thu, 29 dec 2022 20 32 48 gmt", "content type" "application/json; charset=utf 8", "content length" "45", "connection" "keep alive", "set cookie" "phpsessid=55kmh2bk7l06fmkrs0ptdrejeo; path=/; secure; httponly, phpsessid=55kmh2 ", "expires" "thu, 19 nov 1981 08 52 00 gmt", "cache control" "no store, no cache, must revalidate", "pragma" "no cache", "allow" "get, head, post, put, delete, options" }, "reason" "ok", "json body" { "@status" "success", "@code" "19", "result" {} } } ] rename an address object renames an existing address object in palo alto networks pan os, requiring the current name, location, and new name endpoint url /restapi/v11 0/objects/addresses\ rename method post input argument name type required description location string optional location name string optional current name of the address object newname string optional new name for the address object output parameter type description status code number http status code of the response reason string response reason phrase @code string output field @code @status string status value msg string output field msg example \[ { "status code" 200, "reason" "ok", "json body" { "@code" "20", "@status" "success", "msg" "command succeeded" } } ] run logs initiates a log query in palo alto networks pan os, returning an id for retrieval with parameters such as type, log type, direction, number of logs, and skip value endpoint url /api/ method get input argument name type required description type string required type of the resource log type string required type of the resource dir string required parameter for run logs nlogs number required parameter for run logs skip number required parameter for run logs query string optional parameter for run logs output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 200, "response headers" { "date" "thu, 29 dec 2022 22 13 37 gmt", "content type" "application/xml; charset=utf 8", "content length" "134", "connection" "keep alive", "cache control" "no store, no cache, must revalidate", "expires" "thu, 19 nov 1981 08 52 00 gmt", "pragma" "no cache", "set cookie" "phpsessid=1c391le6gkn8o2h175ipuq5nik; path=/; secure; httponly, phpsessid=1c391l ", "content security policy" "frame ancestors 'none'", "strict transport security" "max age=86400", "x content type options" "nosniff", "x frame options" "deny", "allow" "get, head, post, put, delete, options" }, "reason" "ok", "response text" "\<response status=\\"success\\" code=\\"19\\">\<result>\<msg>\<line>query job enqueued with " } ] response headers header description example allow http response header allow get, head, post, put, delete, options cache control directives for caching mechanisms no store, no cache, must revalidate connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 286 content security policy http response header content security policy frame ancestors 'none' content type the media type of the resource application/xml; charset=utf 8 date the date and time at which the message was originated thu, 29 dec 2022 21 22 48 gmt expires the date/time after which the response is considered stale thu, 19 nov 1981 08 52 00 gmt pragma http response header pragma no cache set cookie http response header set cookie phpsessid=1c391le6gkn8o2h175ipuq5nik; path=/; secure; httponly, phpsessid=1c391le6gkn8o2h175ipuq5nik; path=/; secure; httponly; samesite=strict strict transport security http response header strict transport security max age=86400 transfer encoding http response header transfer encoding chunked x content type options http response header x content type options nosniff x frame options http response header x frame options deny x hsci cache time http response header x hsci cache time 2024 12 06t12 01 22 328z