Skip to main content

Palo Alto Networks - Strata Cloud Manager

This Integration is part of the Palo Alto Networks - Strata Cloud Manager Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

Provides commands for interaction with Prisma SASE API. This integration was integrated and tested with version v1 of Palo Alto Networks - Prisma SASE

Configure Palo Alto Networks - Strata Cloud Manager in Cortex#

ParameterDescriptionRequired
Server URLTrue
API Client IDTrue
API Client SecretTrue
Tenant Services Group IDDefault Tenant Services Group ID to use for API calls. Example: 1234567890.True
Trust any certificate (not secure)False
Use system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

prisma-sase-security-rule-create#


Create a new security rule.

Base Command#

prisma-sase-security-rule-create

Input#

Argument NameDescriptionRequired
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
positionRule position. Possible values are: pre, post. Default is pre.Optional
nameThe name of the security rule.Required
actionRule action. Possible values are: deny, allow, drop, reset-client, reset-server, reset-both.Required
descriptionThe security rule's description.Optional
log_settingRule log setting.Optional
applicationA comma-separated list of applications. Default is any.Optional
categoryA comma-separated list of categories. You can get category values by running the prisma-sase-custom-url-category-list command. Default is any.Optional
destinationA comma-separated list of destination networks. Default is any.Optional
destination_hipA comma-separated list of destination HIPs.Optional
profile_settingSecurity profiles to apply to the traffic.Optional
serviceServices the rule applies to. Default is any.Optional
sourceA comma-separated list of source networks. Default is any.Optional
source_hipA comma-separated list of source HIPs.Optional
source_userA semi-colon (;) separated list of source users or groups. Default is any.Optional
tagA comma-separated list of rule tags.Optional
fromA comma-separated list of source zones. Default is any.Optional
toA comma-separated list of destination zones. Default is any.Optional
disabledWhether the rule is disabled.Optional
negate_sourceNegate the source.Optional
negate_destinationNegate the destination.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.SecurityRuleStringCreated security rule.
PrismaSase.SecurityRule.actionStringSecurity rule action.
PrismaSase.SecurityRule.applicationStringSecurity rule application.
PrismaSase.SecurityRule.categoryStringSecurity rule category.
PrismaSase.SecurityRule.descriptionStringSecurity rule description.
PrismaSase.SecurityRule.destinationStringSecurity rule destination.
PrismaSase.SecurityRule.folderStringSecurity rule folder.
PrismaSase.SecurityRule.fromStringSecurity rule from field (source zone(s)).
PrismaSase.SecurityRule.idStringSecurity rule ID.
PrismaSase.SecurityRule.nameStringSecurity rule name.
PrismaSase.SecurityRule.positionStringSecurity rule position.
PrismaSase.SecurityRule.profile_setting.groupStringSecurity rule group.
PrismaSase.SecurityRule.serviceStringSecurity rule service.
PrismaSase.SecurityRule.sourceStringSecurity rule source.
PrismaSase.SecurityRule.source_userStringSecurity rule source user.
PrismaSase.SecurityRule.toStringSecurity rule to field (destination zone(s)).

Command example#

!prisma-sase-security-rule-create name="somename11" action="allow"

Context Example#

{
"PrismaSase": {
"SecurityRule": {
"action": "allow",
"application": [
"any"
],
"category": [
"any"
],
"destination": [
"any"
],
"folder": "Shared",
"from": [
"any"
],
"id": "Id",
"name": "somename11",
"position": "pre",
"service": [
"any"
],
"source": [
"any"
],
"source_user": [
"any"
],
"to": [
"any"
]
}
}
}

Human Readable Output#

Security Rule Created#

ActionApplicationCategoryDestinationFolderFromIdNamePositionServiceSourceSource UserTo
allowanyanyanySharedanyIdsomename11preanyanyanyany

prisma-sase-security-rule-list#


Lists all security rules.

Base Command#

prisma-sase-security-rule-list

Input#

Argument NameDescriptionRequired
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
positionSecurity rule position. Possible values are: pre, post. Default is pre.Optional
limitThe maximum number of results to return. Default is 50.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size.Optional
page_sizeNumber of results per page to display.Optional
rule_idA specific security rule to return. If not specified, all security rules will be returned.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.SecurityRuleStringFound security rule.
PrismaSase.SecurityRule.actionStringSecurity rule action.
PrismaSase.SecurityRule.applicationStringSecurity rule application.
PrismaSase.SecurityRule.categoryStringSecurity rule category.
PrismaSase.SecurityRule.descriptionStringSecurity rule description.
PrismaSase.SecurityRule.destinationStringSecurity rule destination.
PrismaSase.SecurityRule.folderStringSecurity rule folder.
PrismaSase.SecurityRule.fromStringSecurity rule from field (source zone(s)).
PrismaSase.SecurityRule.idStringSecurity rule ID.
PrismaSase.SecurityRule.log_settingStringSecurity rule log setting.
PrismaSase.SecurityRule.nameStringSecurity rule name.
PrismaSase.SecurityRule.positionStringSecurity rule position.
PrismaSase.SecurityRule.serviceStringSecurity rule service.
PrismaSase.SecurityRule.sourceStringSecurity rule source.
PrismaSase.SecurityRule.source_userStringSecurity rule source user.
PrismaSase.SecurityRule.tagStringSecurity rule tag.
PrismaSase.SecurityRule.toStringSecurity rule to field (destination zone(s)).
PrismaSase.SecurityRule.negate_destinationBooleanSecurity rule negate destination.

Command example#

!prisma-sase-security-rule-list limit=1

Context Example#

{
"PrismaSase": {
"SecurityRule": {
"action": "drop",
"application": [
"any"
],
"category": [
"any"
],
"description": "Rule to block",
"destination": [
"panw-highrisk-ip-list"
],
"folder": "Shared",
"from": [
"any"
],
"id": "Id",
"log_setting": "Cortex Data Lake",
"name": "name",
"negate_destination": false,
"position": "pre",
"service": [
"any"
],
"source": [
"any"
],
"source_user": [
"any"
],
"tag": [
"best-practice"
],
"to": [
"any"
]
}
}
}

Human Readable Output#

Security Rules#

IdNameDescriptionActionDestinationFolder
IdNameRule to blockdroppanw-highrisk-ip-listShared

prisma-sase-candidate-config-push#


Push the candidate configuration.

Base Command#

prisma-sase-candidate-config-push

Input#

Argument NameDescriptionRequired
foldersComma-separated list of targets (Remote Networks, Mobile Users, Service Connections).Required
descriptionConfiguration push job description.Optional
interval_in_secondsinterval for polling command. Default is 30.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.CandidateConfig.job_idStringConfiguration job ID.
PrismaSase.CandidateConfig.resultStringThe configuration push result, e.g. OK, FAIL.
PrismaSase.CandidateConfig.detailsStringThe configuration push details.

Command example#

!prisma-sase-candidate-config-push folders="Mobile Users"

Human Readable Output#

Waiting for all data to push for job id 201

prisma-sase-security-rule-update#


Update an existing security rule.

Base Command#

prisma-sase-security-rule-update

Input#

Argument NameDescriptionRequired
rule_idID of the rule to be changed.Required
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
positionSecurity rule position. Possible values are: pre, post. Default is pre.Optional
actionRule action. Possible values are: deny, allow, drop, reset-client, reset-server, reset-both.Optional
descriptionThe security rule's description.Optional
log_settingRule log setting.Optional
applicationA comma-separated list of applications.Optional
categoryA comma-separated list of categories.Optional
destinationA comma-separated list of destination networks.Optional
destination_hipA comma-separated list of destination HIPs.Optional
profile_settingSecurity profiles to apply to the traffic.Optional
serviceServices the rule applies to.Optional
sourceA comma-separated list of source networks.Optional
source_hipA comma-separated list of source HIPs.Optional
source_userA semi-colon (;) separated list of source user(s).Optional
tagA comma-separated list of rule tags.Optional
fromA comma-separated list of source zones.Optional
toA comma-separated list of destination zones.Optional
disabledWhether the rule is disabled.Optional
negate_sourceNegate source.Optional
negate_destinationNegate the destination.Optional
overwriteWhether to overwrite the original rule values. Possible values are: true, false. Default is false.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.SecurityRuleStringEdited security rule.
PrismaSase.SecurityRule.actionStringSecurity rule action.
PrismaSase.SecurityRule.applicationStringSecurity rule application.
PrismaSase.SecurityRule.categoryStringSecurity rule category.
PrismaSase.SecurityRule.descriptionStringSecurity rule description.
PrismaSase.SecurityRule.destinationStringSecurity rule destination.
PrismaSase.SecurityRule.folderStringSecurity rule folder.
PrismaSase.SecurityRule.fromStringSecurity rule from field (source zone(s)).
PrismaSase.SecurityRule.idStringSecurity rule ID.
PrismaSase.SecurityRule.nameStringSecurity rule name.
PrismaSase.SecurityRule.profile_setting.groupStringSecurity rule profile setting.
PrismaSase.SecurityRule.serviceStringSecurity rule service.
PrismaSase.SecurityRule.sourceStringSecurity rule source.
PrismaSase.SecurityRule.source_userStringSecurity rule source user.
PrismaSase.SecurityRule.toStringSecurity rule to field (destination zone(s)).

Command example#

!prisma-sase-security-rule-update rule_id="Id" position="pre" action="deny"

Context Example#

{
"PrismaSase": {
"SecurityRule": {
"action": "deny",
"application": [
"any"
],
"category": [
"test"
],
"description": "test",
"destination": [
"any"
],
"folder": "Shared",
"from": [
"any"
],
"id": "Id",
"name": "somename",
"position": "pre",
"service": [
"any"
],
"source": [
"any"
],
"source_user": [
"any"
],
"to": [
"any"
]
}
}
}

Human Readable Output#

Security Rule Updated#

ActionApplicationCategoryDescriptionDestinationFolderFromIdNamePositionServiceSourceSource UserTo
denyanytesttestanySharedanyIdnamepreanyanyanyany

prisma-sase-address-object-update#


Update an existing address object.

Base Command#

prisma-sase-address-object-update

Input#

Argument NameDescriptionRequired
object_idID of the address object to edit.Required
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
descriptionThe address object's description.Optional
typeThe type of the address. Possible values are: ip_netmask, ip_range, ip_wildcard, fqdn.Optional
address_valueThe address value (should match the type).Required
tagA comma-separated list of address object tags.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.Address.descriptionStringAddress description.
PrismaSase.Address.folderStringAddress folder.
PrismaSase.Address.idStringAddress ID.
PrismaSase.Address.address_valueStringAddress value.
PrismaSase.Address.typeStringAddress type.
PrismaSase.Address.nameStringAddress name.

Command example#

!prisma-sase-address-object-update object_id="Id" address_value="8.8.8.4/32"

Context Example#

{
"PrismaSase": {
"Address": {
"address_value": "8.8.8.4/32",
"folder": "Shared",
"id": "Id",
"name": "name",
"type": "ip_netmask"
}
}
}

Human Readable Output#

Address Object updated#

Address ValueFolderIdNameType
8.8.8.4/32SharedIdnameip_netmask

prisma-sase-config-job-list#


Lists all configuration jobs.

Base Command#

prisma-sase-config-job-list

Input#

Argument NameDescriptionRequired
job_idA specific config job to return. If not specified, all config jobs will be returned.Optional
limitThe maximum number of results to return. Default is 50.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size.Optional
page_sizeNumber of results per page to display.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.ConfigJob.descriptionStringConfiguration job description.
PrismaSase.ConfigJob.end_tsDateConfiguration job end timestamp.
PrismaSase.ConfigJob.idStringConfiguration job ID.
PrismaSase.ConfigJob.job_resultStringConfiguration job result.
PrismaSase.ConfigJob.job_statusStringConfiguration job status.
PrismaSase.ConfigJob.job_typeStringConfiguration job type.
PrismaSase.ConfigJob.parent_idStringConfiguration job parent ID.
PrismaSase.ConfigJob.percentStringConfiguration job percent.
PrismaSase.ConfigJob.result_strStringConfiguration job result string.
PrismaSase.ConfigJob.start_tsDateConfiguration job start timestamp.
PrismaSase.ConfigJob.status_strStringConfiguration job status string.
PrismaSase.ConfigJob.summaryStringConfiguration job summary.
PrismaSase.ConfigJob.type_strStringConfiguration job type string.
PrismaSase.ConfigJob.unameStringConfiguration job uname.

prisma-sase-security-rule-delete#


Delete a specific security rule.

Base Command#

prisma-sase-security-rule-delete

Input#

Argument NameDescriptionRequired
rule_idRule ID of the rule to be deleted.Required
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

There is no context output for this command.

Command example#

!prisma-sase-security-rule-delete rule_id="Id"

Human Readable Output#

Security Rule object with id Id and name name was deleted successfully

prisma-sase-address-object-create#


Create a new address object.

Base Command#

prisma-sase-address-object-create

Input#

Argument NameDescriptionRequired
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
nameThe name of the address object.Required
descriptionThe address object's description.Optional
typeThe type of the address. Possible values are: ip_netmask, ip_range, ip_wildcard, fqdn.Required
tagA comma-separated list of address object tags.Optional
address_valueThe address value (should match the type).Required
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.AddressStringCreated address object.
PrismaSase.Address.descriptionStringAddress description.
PrismaSase.Address.folderStringAddress folder.
PrismaSase.Address.idStringAddress ID.
PrismaSase.Address.typeStringAddress type.
PrismaSase.Address.address_valueStringAddress value.
PrismaSase.Address.nameStringAddress name.

Command example#

!prisma-sase-address-object-create name="somename11" type="ip_netmask" address_value="8.8.8.8/32"

Context Example#

{
"PrismaSase": {
"Address": {
"address_value": "8.8.8.8/32",
"folder": "Shared",
"id": "id",
"name": "somename11",
"type": "ip_netmask"
}
}
}

Human Readable Output#

Address Object Created#

Address ValueFolderIdNameType
8.8.8.8/32SharedIdsomename11ip_netmask

prisma-sase-address-object-delete#


Delete a specific address object.

Base Command#

prisma-sase-address-object-delete

Input#

Argument NameDescriptionRequired
object_idID of the address object to delete.Required
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

There is no context output for this command.

Command example#

!prisma-sase-address-object-delete object_id="Id"

Human Readable Output#

Address object with id Id and name name was deleted successfully

prisma-sase-address-object-list#


Lists all addresses objects.

Base Command#

prisma-sase-address-object-list

Input#

Argument NameDescriptionRequired
object_idThe specific address object to return. If not specified, all addresses will be returned.Optional
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
limitThe maximum number of results to return. Default is 50.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size.Optional
page_sizeNumber of results per page to display.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.Address.descriptionStringAddress description.
PrismaSase.Address.folderStringAddress folder.
PrismaSase.Address.idStringAddress ID.
PrismaSase.Address.nameStringAddress name.
PrismaSase.Address.address_valueStringAddress value.
PrismaSase.Address.typeStringAddress type.

Command example#

!prisma-sase-address-object-list limit=1

Context Example#

{
"PrismaSase": {
"Address": {
"address_value": "test.com",
"description": "description",
"folder": "Shared",
"id": "Id",
"name": "name",
"type": "fqdn"
}
}
}

Human Readable Output#

Address Objects#

IdNameDescriptionTypeAddress ValueTag
IdPalo Alto Networks SinkholePalo Alto Networksfqdntest.com

prisma-sase-tag-list#


Lists all tags.

Base Command#

prisma-sase-tag-list

Input#

Argument NameDescriptionRequired
tag_idA specific tag to return. If not specified, all tags will be returned.Optional
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
limitThe maximum number of results to return. Default is 50.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size.Optional
page_sizeNumber of results per page to display.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.Tag.idStringTag ID.
PrismaSase.Tag.nameStringTag name.
PrismaSase.Tag.folderStringTag folder.
PrismaSase.Tag.commentsStringTag comments.
PrismaSase.Tag.colorStringThe tag color.

Command example#

!prisma-sase-tag-list limit=1

Context Example#

{
"PrismaSase": {
"Tag": {
"color": "Olive",
"folder": "predefined",
"name": "Sanctioned"
}
}
}

Human Readable Output#

Tags#

IdNameFolderColorComments
IdtestpredefinedOlive

prisma-sase-tag-create#


Create a new tag.

Base Command#

prisma-sase-tag-create

Input#

Argument NameDescriptionRequired
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
nameThe tag unique name.Required
colorTag color. Possible values are: Red, Green, Blue, Yellow, Copper, Orange, Purple, Gray, Light Green, Cyan, Light Gray, Blue Gray, Lime, Black, Gold, Brown, Olive, Maroon, Red-Orange, Yellow-Orange, Forest Green, Turquoise Blue, Azure Blue, Cerulean Blue, Midnight Blue, Medium Blue, Cobalt Blue, Violet Blue, Blue Violet, Medium Violet, Medium Rose, Lavender, Orchid, Thistle, Peach, Salmon, Magenta, Red Violet, Mahogany, Burnt Sienna, Chestnut.Optional
commentsTag comments.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.Tag.idStringThe tag ID.
PrismaSase.Tag.nameStringThe tag name.
PrismaSase.Tag.folderStringThe tag folder.
PrismaSase.Tag.colorStringThe tag color.
PrismaSase.Tag.commentsStringThe tag comments.

Command example#

!prisma-sase-tag-create name="somename11" color="Azure Blue"

Context Example#

{
"PrismaSase": {
"Tag": {
"color": "Azure Blue",
"folder": "Shared",
"id": "Id",
"name": "somename11"
}
}
}

Human Readable Output#

Address Object Created#

ColorFolderIdName
Azure BlueSharedIdsomename11

prisma-sase-tag-update#


Update an existing tag.

Base Command#

prisma-sase-tag-update

Input#

Argument NameDescriptionRequired
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
tag_idThe tag ID.Required
colorTag color. Possible values are: Red, Green, Blue, Yellow, Copper, Orange, Purple, Gray, Light Green, Cyan, Light Gray, Blue Gray, Lime, Black, Gold, Brown, Olive, Maroon, Red-Orange, Yellow-Orange, Forest Green, Turquoise Blue, Azure Blue, Cerulean Blue, Midnight Blue, Medium Blue, Cobalt Blue, Violet Blue, Blue Violet, Medium Violet, Medium Rose, Lavender, Orchid, Thistle, Peach, Salmon, Magenta, Red Violet, Mahogany, Burnt Sienna, Chestnut.Optional
commentsTag comments.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.Tag.idStringThe tag ID.
PrismaSase.Tag.nameStringThe tag name.
PrismaSase.Tag.folderStringThe tag folder.
PrismaSase.Tag.colorStringThe tag color.
PrismaSase.Tag.commentsStringThe tag comments.

Command example#

!prisma-sase-tag-update tag_id="Id" color="Black"

Context Example#

{
"PrismaSase": {
"Tag": {
"color": "Black",
"folder": "Shared",
"id": "Id",
"name": "somename"
}
}
}

Human Readable Output#

Tag Edited#

ColorFolderIdName
BlackSharedIdsomename

prisma-sase-tag-delete#


Delete a specific tag.

Base Command#

prisma-sase-tag-delete

Input#

Argument NameDescriptionRequired
tag_idThe specific tag to delete.Required
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

There is no context output for this command.

Command example#

!prisma-sase-tag-delete tag_id="Id"

Human Readable Output#

Tag with id Id and name somename was deleted successfully

prisma-sase-address-group-list#


Lists all address groups.

Base Command#

prisma-sase-address-group-list

Input#

Argument NameDescriptionRequired
group_idA specific address group to return. If not specified, all address groups will be returned.Optional
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
limitThe maximum number of results to return. Default is 50.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size.Optional
page_sizeNumber of results per page to display.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.AddressGroup.idStringThe address group ID.
PrismaSase.AddressGroup.nameStringThe address group name.
PrismaSase.AddressGroup.descriptionStringThe address group description.
PrismaSase.AddressGroup.addressesStringThe address group addresses.
PrismaSase.AddressGroup.dynamic_filterStringThe address group filter.

Command example#

!prisma-sase-address-group-list limit=1

Context Example#

{
"PrismaSase": {
"AddressGroup": {
"description": "test",
"dynamic_filter": "'test' or 'test1' and 'best-practice'",
"folder": "Shared",
"id": "Id",
"name": "Test"
}
}
}

Human Readable Output#

Address Groups#

IdNameDescriptionAddressesDynamic Filter
IdMoishy_Testtest'test' or 'test1' and 'best-practice'

prisma-sase-address-group-create#


Create a new address group.

Base Command#

prisma-sase-address-group-create

Input#

Argument NameDescriptionRequired
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
typeThe address group type. Possible values are: static, dynamic.Required
static_addressesStatic addresses for the address group. If the type is static, a value must be provided.Optional
dynamic_filterDynamic filter for the address group. If the type is dynamic, a value must be provided.Optional
descriptionThe address group's description.Optional
nameThe name of the address group.Required
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.AddressGroup.idStringThe address group ID.
PrismaSase.AddressGroup.nameStringThe address group name.
PrismaSase.AddressGroup.folderStringThe address group folder.
PrismaSase.AddressGroup.descriptionStringThe address group description.
PrismaSase.AddressGroup.addressesStringThe address group addresses.
PrismaSase.AddressGroup.dynamic_filterStringThe address group filter.

Command example#

!prisma-sase-address-group-create name="somename" dynamic_filter="test" overwrite="false"

Context Example#

{
"PrismaSase": {
"AddressGroup": {
"dynamic_filter": "test",
"folder": "Shared",
"id": "Id",
"name": "somename"
}
}
}

Human Readable Output#

Address Group created#

Dynamic FilterFolderIdName
testSharedIdsomename

prisma-sase-address-group-update#


Update an existing address group.

Base Command#

prisma-sase-address-group-update

Input#

Argument NameDescriptionRequired
group_idThe id of the address group.Required
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
static_addressesStatic addresses for the address group. If the type is static, a value must be provided.Optional
dynamic_filterDynamic filter for the address group. If the type is dynamic, a value must be provided.Optional
overwriteWhether to overwrite the original address group values. Possible values are: true, false. Default is false.Optional
descriptionThe address group's description.Optional
typeThe address group type. Possible values are: dynamic, static.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.AddressGroup.idStringThe address group ID.
PrismaSase.AddressGroup.nameStringThe address group name.
PrismaSase.AddressGroup.folderStringThe address group folder.
PrismaSase.AddressGroup.descriptionStringThe address group description.
PrismaSase.AddressGroup.addressesStringThe address group addresses.
PrismaSase.AddressGroup.dynamic_filterStringThe address group filter.

Command example#

!prisma-sase-address-group-update group_id="Id" dynamic_filter="and 'test2'" overwrite="false"

Context Example#

{
"PrismaSase": {
"AddressGroup": {
"dynamic_filter": "test and test2",
"folder": "Shared",
"id": "Id",
"name": "somename"
}
}
}

Human Readable Output#

Address Group updated#

Dynamic FilterFolderIdName
test and test2SharedIdsomename

prisma-sase-address-group-delete#


Delete a specific address group.

Base Command#

prisma-sase-address-group-delete

Input#

Argument NameDescriptionRequired
group_idThe name of the address group.Required
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

There is no context output for this command.

Command example#

!prisma-sase-address-group-delete group_id="Id"

Human Readable Output#

Address group with id Id and name somename was deleted successfully

prisma-sase-custom-url-category-list#


Lists all custom URL categories.

Base Command#

prisma-sase-custom-url-category-list

Input#

Argument NameDescriptionRequired
idA specific url category to return. If not specified, all url categories will be returned.Optional
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
limitThe maximum number of results to return. Default is 50.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size.Optional
page_sizeNumber of results per page to display.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.CustomURLCategory.idStringThe URL category ID.
PrismaSase.CustomURLCategory.nameStringThe URL category name.
PrismaSase.CustomURLCategory.folderStringThe URL category folder.
PrismaSase.CustomURLCategory.typeStringThe URL category type.
PrismaSase.CustomURLCategory.listStringThe URL category match list.
PrismaSase.CustomURLCategory.descriptionStringThe URL category description.

Command example#

!prisma-sase-custom-url-category-list limit=1

Context Example#

{
"PrismaSase": {
"CustomURLCategory": {
"folder": "Shared",
"id": "Id",
"list": [
"www.test.com",
"www.test2.com"
],
"name": "name",
"type": "URL List"
}
}
}

Human Readable Output#

Custom Url Categories#

IdNameFolderTypeList
IdnameSharedURL Listwww.test2.com,
www.test.com

prisma-sase-custom-url-category-create#


Create a new URL category.

Base Command#

prisma-sase-custom-url-category-create

Input#

Argument NameDescriptionRequired
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
typeThe custom URL category's type. Possible values are: URL List, Category Match.Required
valueIf the type is URL List, the value will be a comma-separated array of URL addresses. If the type is Category Match, the value will be a comma-separated array of category names. You can get the names by running the prisma-sase-url-access-profile-list command.Required
descriptionThe custom URL category's description.Optional
nameThe name of the custom URL category.Required
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.CustomURLCategory.idStringThe URL category ID.
PrismaSase.CustomURLCategory.nameStringThe URL category name.
PrismaSase.CustomURLCategory.folderStringThe URL category folder.
PrismaSase.CustomURLCategory.typeStringThe URL category type.
PrismaSase.CustomURLCategory.listStringThe URL category match list.
PrismaSase.CustomURLCategory.descriptionStringThe URL category description.

Command example#

!prisma-sase-custom-url-category-create type="Category Match" value="low-risk" name="somename11"

Context Example#

{
"PrismaSase": {
"CustomURLCategory": {
"folder": "Shared",
"id": "id",
"list": [
"low-risk"
],
"name": "somename11",
"type": "Category Match"
}
}
}

Human Readable Output#

Custom URrl Category Created#

FolderIdListNameType
SharedIdlow-risksomename11Category Match

prisma-sase-custom-url-category-update#


Update an existing url category.

Base Command#

prisma-sase-custom-url-category-update

Input#

Argument NameDescriptionRequired
idThe custom URL category id.Required
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
valueThe custom URL category's value.Optional
overwriteWhether to overwrite the original custom URL category values. Possible values are: true, false. Default is false.Optional
descriptionThe custom URL category's description.Optional
typeThe custom URL category's type. Possible values are: URL List, Category Match.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.CustomURLCategory.idStringThe URL category ID.
PrismaSase.CustomURLCategory.nameStringThe URL category name.
PrismaSase.CustomURLCategory.folderStringThe URL category folder.
PrismaSase.CustomURLCategory.typeStringThe URL category type.
PrismaSase.CustomURLCategory.listStringThe URL category match list.
PrismaSase.CustomURLCategory.descriptionStringThe URL category description.

Command example#

!prisma-sase-custom-url-category-update id="Id" value="high-risk" overwrite="false"

Context Example#

{
"PrismaSase": {
"CustomURLCategory": {
"folder": "Shared",
"id": "Id",
"list": [
"low-risk",
"high-risk"
],
"name": "somename",
"type": "Category Match"
}
}
}

Human Readable Output#

Custom Url Category updated#

FolderIdListNameType
SharedIdlow-risk,
high-risk
somenameCategory Match

prisma-sase-custom-url-category-delete#


Delete a specific url category.

Base Command#

prisma-sase-custom-url-category-delete

Input#

Argument NameDescriptionRequired
idThe custom URL category id.Required
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

There is no context output for this command.

Command example#

!prisma-sase-custom-url-category-delete id="Id"

Human Readable Output#

Custom Url Category with id Id and name somename was deleted successfully

prisma-sase-external-dynamic-list-list#


Lists all external dynamic lists.

Base Command#

prisma-sase-external-dynamic-list-list

Input#

Argument NameDescriptionRequired
idA specific external dynamic list to return. If not specified, all external dynamic lists will be returned.Optional
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
limitThe maximum number of results to return. Default is 50.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size.Optional
page_sizeNumber of results per page to display.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.ExternalDynamicList.idStringThe external dynamic list ID.
PrismaSase.ExternalDynamicList.nameStringThe external dynamic list name.
PrismaSase.ExternalDynamicList.folderStringThe external dynamic list folder.
PrismaSase.ExternalDynamicList.descriptionStringThe external dynamic list description.
PrismaSase.ExternalDynamicList.typeStringThe external dynamic list type.
PrismaSase.ExternalDynamicList.sourceStringThe external dynamic list source.
PrismaSase.ExternalDynamicList.frequencyStringThe external dynamic list frequency.

Command example#

!prisma-sase-external-dynamic-list-list limit=1

Context Example#

{
"PrismaSase": {
"ExternalDynamicList": {
"description": "description",
"display_name": "display name",
"folder": "predefined",
"name": "panw-known-ip-list",
"source": "predefined",
"type": "predefined"
}
}
}

Human Readable Output#

External Dynamic Lists#

IdNameTypeFolderDescriptionSourceFrequency
panw-known-ip-listpredefinedpredefineddescriptionpredefined

prisma-sase-external-dynamic-list-create#


Create a new dynamic list.

Base Command#

prisma-sase-external-dynamic-list-create

Input#

Argument NameDescriptionRequired
nameThe external dynamic list name.Required
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
descriptionThe dynamic list's description.Optional
typeThe dynamic list's type. Possible values are: predefined_ip, predefined_url, ip, domain, url.Required
predefined_ip_listThe predefined IP list. If the type is predefined_ip, a value must be provided. Possible values are: panw-torexit-ip-list, panw-bulletproof-ip-list, panw-highrisk-ip-list, panw-known-ip-list.Optional
predefined_url_listThe predefined URL list. If the type is predefined_url, a value must be provided. Possible values are: panw–auth-portal-exclude-list.Optional
source_urlThe source URL. If the type is ip, url or domain, a value must be provided.Optional
frequencyFrequency to check for updates. Possible values are: five_minute, hourly, daily, weekly, monthly.Optional
frequency_hourThe frequency hour. If the frequency argument is daily, weekly or monthly, value must be provided. Possible values are 00-23.Optional
day_of_weekThe day of the week. If the frequency argument is weekly or monthly, a value must be provided. Possible values are: monday, tuesday, wednesday, thursday, friday, saturday, sunday.Optional
day_of_monthThe day of the month. If the frequency argument is monthly, a value must be provided. Possible values are between 1 and 31.Optional
exception_listThe user can exclude certain addresses from the list depending on the type of list.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.ExternalDynamicList.idStringThe external dynamic list ID.
PrismaSase.ExternalDynamicList.nameStringThe external dynamic list name.
PrismaSase.ExternalDynamicList.folderStringThe external dynamic list folder.
PrismaSase.ExternalDynamicList.descriptionStringThe external dynamic list description.
PrismaSase.ExternalDynamicList.typeStringThe external dynamic list type.
PrismaSase.ExternalDynamicList.sourceStringThe external dynamic list source.
PrismaSase.ExternalDynamicList.frequencyStringThe external dynamic list frequency.

Command example#

!prisma-sase-external-dynamic-list-create name="somename11" folder="Shared" type="predefined_ip" predefined_ip_list="panw-highrisk-ip-list"

Context Example#

{
"PrismaSase": {
"ExternalDynamicList": {
"description": null,
"exception_list": null,
"folder": "Shared",
"frequency": null,
"id": "Id",
"name": "somename11",
"source": "panw-highrisk-ip-list",
"type": "predefined_ip"
}
}
}

Human Readable Output#

External Dynamic List Created#

IdNameTypeFolderDescriptionSourceFrequency
Idsomename11predefined_ipSharedpanw-highrisk-ip-list

Command example#

!prisma-sase-external-dynamic-list-create name="somename111" folder="Shared" type="domain" source_url="test.com" frequency="monthly" frequency_hour="09" day_of_month="1"

Context Example#

{
"PrismaSase": {
"ExternalDynamicList": {
"description": null,
"exception_list": null,
"folder": "Shared",
"frequency": {
"monthly": {
"at": "09",
"day_of_month": 1
}
},
"id": "Id",
"name": "somename111",
"source": "test.com",
"type": "domain"
}
}
}

Human Readable Output#

External Dynamic List Created#

IdNameTypeFolderDescriptionSourceFrequency
Idsomename111domainSharedtest.commonthly:
at: 09
day_of_month: 1

prisma-sase-external-dynamic-list-update#


Update an existing dynamic list.

Base Command#

prisma-sase-external-dynamic-list-update

Input#

Argument NameDescriptionRequired
idThe external dynamic list id.Required
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
overwriteWhether to overwrite the external dynamic list values. Possible values are: true, false. Default is false.Optional
descriptionThe dynamic list's description.Optional
typeThe dynamic list's type. Possible values are: predefined_ip, predefined_url, ip, domain, url.Optional
predefined_ip_listThe predefined ip list. If the type is predefined_ip, a value must be provided. Possible values are: panw-torexit-ip-list, panw-bulletproof-ip-list, panw-highrisk-ip-list, panw-known-ip-list.Optional
predefined_url_listThe predefined URL list. If the type is predefined_url, a value must be provided. Possible values are: panw–auth-portal-exclude-list.Optional
source_urlThe source URL. If the type is ip, url or domain, a value must be provided.Optional
frequencyFrequency to check for updates. Possible values are: five_minute, hourly, daily, weekly, monthly.Optional
frequency_hourThe frequency hour.Optional
day_of_weekThe day of the week. Possible values are: monday, tuesday, wednesday, thursday, friday, saturday, sunday.Optional
day_of_monthThe day of the month. Possible values are between 1 and 31.Optional
exception_listThe user can exclude certain addresses from the list depending on the type of list.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

PathTypeDescription
PrismaSase.ExternalDynamicList.idStringThe external dynamic list ID.
PrismaSase.ExternalDynamicList.nameStringThe external dynamic list name.
PrismaSase.ExternalDynamicList.folderStringThe external dynamic list folder.
PrismaSase.ExternalDynamicList.descriptionStringThe external dynamic list description.
PrismaSase.ExternalDynamicList.typeStringThe external dynamic list type.
PrismaSase.ExternalDynamicList.sourceStringThe external dynamic list source.
PrismaSase.ExternalDynamicList.frequencyStringThe external dynamic list frequency.

Command example#

!prisma-sase-external-dynamic-list-update id'"Id"" predefined_ip_list="panw-lowrisk-ip-list"

Context Example#

{
"PrismaSase": {
"ExternalDynamicList": {
"description": null,
"exception_list": null,
"folder": "Shared",
"frequency": null,
"id": "Id",
"name": "somename11",
"source": "panw-lowrisk-ip-list",
"type": "predefined_ip"
}
}
}

Human Readable Output#

External Dynamic List Updated#

IdNameTypeFolderDescriptionSourceFrequency
Idsomename11predefined_ipSharedpanw-lowrisk-ip-list

prisma-sase-external-dynamic-list-delete#


Delete a specific dynamic list.

Base Command#

prisma-sase-external-dynamic-list-delete

Input#

Argument NameDescriptionRequired
idThe external dynamic list id.Required
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

There is no context output for this command.

Command example#

!prisma-sase-external-dynamic-list-delete id="Id"

Human Readable Output#

External Dynamic List with id Id and name name was deleted successfully

prisma-sase-url-category-list#


Get all predefined URL categories.

Base Command#

prisma-sase-url-category-list

Input#

Argument NameDescriptionRequired
folderThe configuration folder group setting. Possible values are: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy. Default is Shared.Optional
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional

Context Output#

There is no context output for this command.

Command example#

!prisma-sase-url-category-list limit=1

Human Readable Output#

URL categories#

alertallowblockcontinueoverride
recreation-and-hobbies,
educational-institutions,
real-estate,
web-advertisements,
health-and-medicine,
stock-advice-and-tools,
travel,
computer-and-internet-info,
personal-sites-and-blogs,
swimsuits-and-intimate-apparel,
social-networking,
religion,
medium-risk,
business-and-economy,
private-ip-addresses,
web-hosting,
entertainment-and-arts,
streaming-media,
abortion,
translation,
internet-portals,
online-storage-and-backup,
job-search,
motor-vehicles,
web-based-email,
nudity,
sports,
training-and-tools,
government,
shareware-and-freeware,
legal,
shopping,
alcohol-and-tobacco,
low-risk,
auctions,
high-risk,
search-engines,
cryptocurrency,
not-resolved,
society,
financial-services,
military,
news,
philosophy-and-political-advocacy,
content-delivery-networks,
internet-communications-and-telephony,
music,
home-and-garden,
hunting-and-fishing,
reference-and-research,
dating,
sex-education,
games
hacking,
extremism,
weapons,
command-and-control,
ransomware,
copyright-infringement,
dynamic-dns,
parked,
phishing,
medium-risk,
unknown,
abused-drugs,
insufficient-content,
adult,
newly-registered-domain,
grayware,
high-risk,
gambling,
malware,
peer-to-peer,
proxy-avoidance-and-anonymizers,
questionable

prisma-sase-quarantine-host#


Quarantine a host.

Base Command#

prisma-sase-quarantine-host

Input#

Argument NameDescriptionRequired
tsg_idTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional
host_idThe host ID.Required

Context Output#

There is no context output for this command.

Command example#

!prisma-sase-quarantine-host host_id="host_id"

Human Readable Output#

Host Quarantined#

host_id
test_host