Skip to main content

Palo Alto Networks PAN-OS

This Integration is part of the PAN-OS Pack.#

This integration supports both Palo Alto Networks Panorama and Palo Alto Networks Firewall. You can create separate instances of each integration, and they are not necessarily related or dependent on one another.

This integration enables you to manage the Palo Alto Networks Firewall and Panorama. For more information see the PAN-OS documentation. This integration was integrated and tested with version 8.1.0 and 9.0.1 of Palo Alto Firewall, Palo Alto Panorama.

Use Cases#

  • Create custom security rules in Palo Alto Networks PAN-OS.

  • Create and update address objects, address-groups, custom URL categories, and URL filtering objects.

  • Use the URL Filtering category information from Palo Alto Networks to enrich URLs by checking the use_url_filtering parameter. A valid license for the Firewall is required.

  • Get URL Filtering category information from Palo Alto. Request Change is a known Palo Alto limitation.

  • Add URL filtering objects including overrides to Palo Alto Panorama and Firewall.

  • Commit a configuration to Palo Alto Firewall and to Panorama, and push a configuration from Panorama to Pre-Defined Device-Groups of Firewalls.

  • Block IP addresses using registered IP tags from PAN-OS without committing the PAN-OS instance. First you have to create a registered IP tag, DAG, and security rule, and commit the instance. You can then register additional IP addresses to the tag without committing the instance.

    1. Create a registered IP tag and add the necessary IP addresses by running the panorama-register-ip-tag command.
    2. Create a dynamic address group (DAG), by running the panorama-create-address-group command. Specify values for the following arguments: type="dynamic", match={ tagname }.
    3. Create a security rule using the DAG created in the previous step, by running the panorama-create-rule command.
    4. Commit the PAN-OS instance by running the PanoramaCommitConfiguration playbook.
    5. You can now register IP addresses to, or unregister IP addresses from the IP tag by running the panorama-register-ip-tag command, or panorama-unregister-ip-tag command, respectively, without committing the PAN-OS instance.
  • Create a predefined security profiles with the best practices by Palo Alto Networks.

  • Get security profiles best practices as defined by Palo Alto Networks. For more information about Palo Alto Networks best practices, visit Palo Alto Networks best practices.

  • Apply security profiles to specific rule.

  • Set default categories to block in the URL filtering profile.

  • Enforce WildFire best practice.

    1. Set file upload to the maximum size.
    2. Set WildFire Update Schedule to download and install updates every minute.
    3. All file types are forwarded.

Known Limitations#

Configure Panorama on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Panorama.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
serverServer URL (e.g., https://192.168.0.1\)True
portPort (e.g 443)False
keyAPI KeyTrue
device_groupDevice group - Panorama instances only (write shared for Shared location)False
vsysVsys - Firewall instances onlyFalse
templateTemplate - Panorama instances onlyFalse
use_url_filteringUse URL Filtering for auto enrichmentFalse
additional_suspiciousURL Filtering Additional suspicious categories. CSV list of categories that will be considered suspicious.False
additional_maliciousURL Filtering Additional malicious categories. CSV list of categories that will be considered malicious.False
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
  1. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. Run any command supported in the Panorama API: panorama
  2. Get pre-defined threats list from a Firewall or Panorama and stores as a JSON file in the context: panorama-get-predefined-threats-list
  3. Commit a configuration: panorama-commit
  4. Pushes rules from PAN-OS to the configured device group: panorama-push-to-device-group
  5. Returns a list of addresses: panorama-list-addresses
  6. Returns address details for the supplied address name: panorama-get-address
  7. Creates an address object: panorama-create-address
  8. Delete an address object: panorama-delete-address
  9. Returns a list of address groups: panorama-list-address-groups
  10. Get details for the specified address group: panorama-get-address-group
  11. Creates a static or dynamic address group: panorama-create-address-group
  12. Sets a vulnerability signature to block mode: panorama-block-vulnerability
  13. Deletes an address group: panorama-delete-address-group
  14. Edits a static or dynamic address group: panorama-edit-address-group
  15. Returns a list of addresses: panorama-list-services
  16. Returns service details for the supplied service name: panorama-get-service
  17. Creates a service: panorama-create-service
  18. Deletes a service: panorama-delete-service
  19. Returns a list of service groups: panorama-list-service-groups
  20. Returns details for the specified service group: panorama-get-service-group
  21. Creates a service group: panorama-create-service-group
  22. Deletes a service group: panorama-delete-service-group
  23. Edit a service group: panorama-edit-service-group
  24. Returns information for a custom URL category: panorama-get-custom-url-category
  25. Creates a custom URL category: panorama-create-custom-url-category
  26. Deletes a custom URL category: panorama-delete-custom-url-category
  27. Adds or removes sites to and from a custom URL category: panorama-edit-custom-url-category
  28. Gets a URL category from URL Filtering: panorama-get-url-category
  29. Gets a URL information: url
  30. Returns a URL category from URL Filtering in the cloud: panorama-get-url-category-from-cloud
  31. Returns a URL category from URL Filtering on the host: panorama-get-url-category-from-host
  32. Returns information for a URL filtering rule: panorama-get-url-filter
  33. Creates a URL filtering rule: panorama-create-url-filter
  34. Edit a URL filtering rule: panorama-edit-url-filter
  35. Deletes a URL filtering rule: panorama-delete-url-filter
  36. Returns a list of external dynamic lists: panorama-list-edls
  37. Returns information for an external dynamic list: panorama-get-edl
  38. Creates an external dynamic list: panorama-create-edl
  39. Modifies an element of an external dynamic list: panorama-edit-edl
  40. Deletes an external dynamic list: panorama-delete-edl
  41. Refreshes the specified external dynamic list: panorama-refresh-edl
  42. Creates a policy rule: panorama-create-rule
  43. Creates a custom block policy rule: panorama-custom-block-rule
  44. Changes the location of a policy rule: panorama-move-rule
  45. Edits a policy rule: panorama-edit-rule
  46. Deletes a policy rule: panorama-delete-rule
  47. Returns a list of applications: panorama-list-applications
  48. Returns commit status for a configuration: panorama-commit-status
  49. Returns the push status for a configuration: panorama-push-status
  50. Returns information for a Panorama PCAP file: panorama-get-pcap
  51. Returns a list of all PCAP files by PCAP type: panorama-list-pcaps
  52. Registers IP addresses to a tag: panorama-register-ip-tag
  53. Unregisters IP addresses from a tag: panorama-unregister-ip-tag
  54. Registers Users to a tag: panorama-register-user-tag
  55. Unregisters Users from a tag: panorama-unregister-user-tag
  56. Deprecated. Queries traffic logs: panorama-query-traffic-logs
  57. Deprecated. Checks the query status of traffic logs: panorama-check-traffic-logs-status
  58. Deprecated. Retrieves traffic log query data by job id: panorama-get-traffic-logs
  59. Returns a list of predefined Security Rules: panorama-list-rules
  60. Query logs in Panorama: panorama-query-logs
  61. Checks the status of a logs query: panorama-check-logs-status
  62. Retrieves the data of a logs query: panorama-get-logs
  63. Checks whether a session matches the specified security policy: panorama-security-policy-match
  64. Lists the static routes of a virtual router: panorama-list-static-routes
  65. Returns the specified static route of a virtual router: panorama-get-static-route
  66. Adds a static route: panorama-add-static-route
  67. Deletes a static route: panorama-delete-static-route
  68. Show firewall device software version: panorama-show-device-version
  69. Downloads the latest content update: panorama-download-latest-content-update
  70. Checks the download status of a content update: panorama-content-update-download-status
  71. Installs the latest content update: panorama-install-latest-content-update
  72. Gets the installation status of the content update: panorama-content-update-install-status
  73. Checks the PAN-OS software version from the repository: panorama-check-latest-panos-software
  74. Downloads the target PAN-OS software version to install on the target device: panorama-download-panos-version
  75. Gets the download status of the target PAN-OS software: panorama-download-panos-status
  76. Installs the target PAN-OS version on the specified target device: panorama-install-panos-version
  77. Gets the installation status of the PAN-OS software: panorama-install-panos-status
  78. Reboots the Firewall device: panorama-device-reboot
  79. Gets location information for an IP address: panorama-show-location-ip
  80. Gets information about available PAN-OS licenses and their statuses: panorama-get-licenses
  81. Gets information for the specified security profile: panorama-get-security-profiles
  82. Apply a security profile to specific rules or rules with a specific tag: panorama-apply-security-profile
  83. Get SSL decryption rules: panorama-get-ssl-decryption-rules
  84. Retrieves the Wildfire configuration: panorama-get-wildfire-configuration
  85. Set default categories to block in the URL filtering profile: panorama-url-filtering-block-default-categories
  86. Get anti-spyware best practices: panorama-get-anti-spyware-best-practice
  87. Get file-blocking best practices: panorama-get-file-blocking-best-practice
  88. Get anti-virus best practices: panorama-get-antivirus-best-practice
  89. Get vulnerability-protection best practices: panorama-get-vulnerability-protection-best-practice
  90. View WildFire best practices: panorama-get-wildfire-best-practice
  91. View URL Filtering best practices: panorama-get-url-filtering-best-practice
  92. Enforces wildfire best practices to upload files to the maximum size, forwards all file types, and updates the schedule: panorama-enforce-wildfire-best-practice
  93. Creates an antivirus best practice profile: panorama-create-antivirus-best-practice-profile
  94. Creates an Anti-Spyware best practice profile: panorama-create-anti-spyware-best-practice-profile
  95. Creates a vulnerability protection best practice profile: panorama-create-vulnerability-best-practice-profile
  96. Creates a URL filtering best practice profile: panorama-create-url-filtering-best-practice-profile
  97. Creates a file blocking best practice profile: panorama-create-file-blocking-best-practice-profile
  98. Creates a WildFire analysis best practice profile: panorama-create-wildfire-best-practice-profile
  99. Shows the user ID interface configuration.
  100. Shows the zones configuration.
  101. Retrieves list of user-ID agents configured in the system.

panorama#


Run any command supported in the API.

Base Command#

panorama

Input#

Argument NameDescriptionRequired
actionAction to be taken, such as show, get, set, edit, delete, rename, clone, move, override, multi-move, multi-clone, or complete.Optional
categoryCategory parameter. For example, when exporting a configuration file, use "category=configuration".Optional
cmdSpecifies the xml structure that defines the command. Used for operation commands.Optional
commandRun a command. For example, command =<show><arp><entry name='all'/></arp></show>Optional
dstSpecifies a destination.Optional
elementUsed to define a new value for an object.Optional
toEnd time (used when cloning an object).Optional
fromStart time (used when cloning an object).Optional
keySets a key value.Optional
log-typeRetrieves log types. For example, log-type=threat for threat logs.Optional
whereSpecifies the type of a move operation (for example, where=after, where=before, where=top, where=bottom).Optional
periodTime period. For example, period=last-24-hrsOptional
xpathxpath location. For example, xpath=/config/predefined/application/entry[@name='hotmail']Optional
pcap-idPCAP ID included in the threat log.Optional
serialnoSpecifies the device serial number.Optional
reporttypeChooses the report type, such as dynamic, predefined or custom.Optional
reportnameReport name.Optional
typeRequest type (e.g. export, import, log, config).Optional
search-timeThe time that the PCAP was received on the firewall. Used for threat PCAPs.Optional
targetTarget number of the firewall. Use only on a Panorama instance.Optional
job-idJob ID.Optional
queryQuery string.Optional

Context Output#

There is no context output for this command.

panorama-get-predefined-threats-list#


Gets the pre-defined threats list from a Firewall or Panorama and stores as a JSON file in the context.

Base Command#

panorama-get-predefined-threats-list

Input#

Argument NameDescriptionRequired
targetThe firewall managed by Panorama from which to retrieve the predefined threats.Optional

Context Output#

PathTypeDescription
File.SizenumberFile size.
File.NamestringFile name.
File.TypestringFile type.
File.InfostringFile info.
File.ExtensionstringFile extension.
File.EntryIDstringFile entryID.
File.MD5stringMD5 hash of the file.
File.SHA1stringSHA1 hash of the file.
File.SHA256stringSHA256 hash of the file.
File.SHA512stringSHA512 hash of the file.
File.SSDeepstringSSDeep hash of the file.

Command Example#

!panorama-get-predefined-threats-list

panorama-commit#


Commits a configuration to Palo Alto Firewall or Panorama, but does not validate if the commit was successful. Committing to Panorama does not push the configuration to the Firewalls. To push the configuration, run the panorama-push-to-device-group command.

Base Command#

panorama-commit

Input#

Argument NameDescriptionRequired
descriptionCommit description.Optional

Context Output#

PathTypeDescription
Panorama.Commit.JobIDnumberJob ID to commit.
Panorama.Commit.StatusstringCommit status

Command Example#

!panorama-commit

Context Example#

{
"Panorama": {
"Commit": {
"JobID": "113198",
"Status": "Pending"
}
}
}

Human Readable Output#

Commit:#

JobIDStatus
113198Pending

panorama-push-to-device-group#


Pushes rules from PAN-OS to the configured device group. In order to push the configuration to Prisma Access managed tenants (single or multi tenancy), use the device group argument with the device group which is associated with the tenant ID.

Base Command#

panorama-push-to-device-group

Input#

Argument NameDescriptionRequired
device-groupThe device group for which to return addresses (Panorama instances).Optional
validate-onlyPre policy validation.Optional.
include-templateWhether to include template changes.Optional.
descriptionPush description.Optional

Context Output#

PathTypeDescription
Panorama.Push.DeviceGroupStringDevice group in which the policies were pushed.
Panorama.Push.JobIDNumberJob ID of the polices that were pushed.
Panorama.Push.StatusStringPush status.

Command Example#

!panorama-push-to-device-group

Human Readable Output#

Push to Device Group Status:#

JobIDStatus
113198Pending

panorama-list-addresses#


Returns a list of addresses.

Base Command#

panorama-list-addresses

Input#

Argument NameDescriptionRequired
device-groupThe device group for which to return addresses (Panorama instances).Optional
tagTag for which to filter the list of addresses.Optional

Context Output#

PathTypeDescription
Panorama.Addresses.NamestringAddress name.
Panorama.Addresses.DescriptionstringAddress description.
Panorama.Addresses.FQDNstringAddress FQDN.
Panorama.Addresses.IP_NetmaskstringAddress IP Netmask.
Panorama.Addresses.IP_RangestringAddress IP range.
Panorama.Addresses.DeviceGroupStringAddress device group.
Panorama.Addresses.TagsStringAddress tags.

Command Example#

!panorama-list-addresses

Context Example#

{
"Panorama": {
"Addresses": [
{
"IP_Netmask": "10.10.10.1/24",
"Name": "Demisto address"
},
{
"Description": "a",
"IP_Netmask": "1.1.1.1",
"Name": "test1"
}
]
}
}

Human Readable Output#

Addresses:#

NameIP_NetmaskIP_RangeFQDN
Demisto address10.10.10.1/24
test11.1.1.1

panorama-get-address#


Returns address details for the supplied address name.

Base Command#

panorama-get-address

Input#

Argument NameDescriptionRequired
nameAddress name.Required
device-groupThe device group for which to return addresses (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.Addresses.NamestringAddress name.
Panorama.Addresses.DescriptionstringAddress description.
Panorama.Addresses.FQDNstringAddress FQDN.
Panorama.Addresses.IP_NetmaskstringAddress IP Netmask.
Panorama.Addresses.IP_RangestringAddress IP range.
Panorama.Addresses.DeviceGroupStringDevice group for the address (Panorama instances).
Panorama.Addresses.TagsStringAddress tags.

Command Example#

!panorama-get-address name="Demisto address"

Context Example#

{
"Panorama": {
"Addresses": {
"IP_Netmask": "10.10.10.1/24",
"Name": "Demisto address"
}
}
}

Human Readable Output#

Address:#

NameIP_Netmask
Demisto address10.10.10.1/24

panorama-create-address#


Creates an address object.

Base Command#

panorama-create-address

Input#

Argument NameDescriptionRequired
nameNew address name.Required
descriptionNew address description.Optional
fqdnFQDN of the new address.Optional
ip_netmaskIP Netmask of the new address. For example, 10.10.10.10/24Optional
ip_rangeIP range of the new address IP. For example, 10.10.10.0-10.10.10.255Optional
device-groupThe device group for which to return addresses (Panorama instances).Optional
tagThe tag for the new address.Optional

Context Output#

PathTypeDescription
Panorama.Addresses.NamestringAddress name.
Panorama.Addresses.DescriptionstringAddress description.
Panorama.Addresses.FQDNstringAddress FQDN.
Panorama.Addresses.IP_NetmaskstringAddress IP Netmask.
Panorama.Addresses.IP_RangestringAddress IP range.
Panorama.Addresses.DeviceGroupStringDevice group for the address (Panorama instances).
Panorama.Addresses.TagStringAddress tag.

Command Example#

!panorama-create-address name="address_test_pb" description="just a desc" ip_range="10.10.10.9-10.10.10.10"

Context Example#

{
"Panorama": {
"Addresses": {
"Description": "just a desc",
"IP_Range": "10.10.10.9-10.10.10.10",
"Name": "address_test_pb"
}
}
}

Human Readable Output#

Address was created successfully.

panorama-delete-address#


Delete an address object

Base Command#

panorama-delete-address

Input#

Argument NameDescriptionRequired
nameName of the address to delete.Required
device-groupThe device group for which to return addresses (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.Addresses.NamestringAddress name that was deleted.
Panorama.Addresses.DeviceGroupStringDevice group for the address (Panorama instances).

Command Example#

!panorama-delete-address name="address_test_pb"

Context Example#

{
"Panorama": {
"Addresses": {
"Name": "address_test_pb"
}
}
}

Human Readable Output#

Address was deleted successfully.

panorama-list-address-groups#


Returns a list of address groups.

Base Command#

panorama-list-address-groups

Input#

Argument NameDescriptionRequired
device-groupThe device group for which to return addresses (Panorama instances).Optional
tagTag for which to filter the Address groups.Optional

Context Output#

PathTypeDescription
Panorama.AddressGroups.NamestringAddress group name.
Panorama.AddressGroups.TypestringAddress group type.
Panorama.AddressGroups.MatchstringDynamic Address group match.
Panorama.AddressGroups.DescriptionstringAddress group description.
Panorama.AddressGroups.AddressesStringStatic Address group addresses.
Panorama.AddressGroups.DeviceGroupStringDevice group for the address group (Panorama instances).
Panorama.AddressGroups.TagStringAddress group tag.

Command Example#

!panorama-list-address-groups

Context Example#

{
"Panorama": {
"AddressGroups": [
{
"Match": "2.2.2.2",
"Name": "a_g_1",
"Type": "dynamic"
},
{
"Addresses": [
"Demisto address",
"test3",
"test_demo3"
],
"Name": "Demisto group",
"Type": "static"
},
{
"Description": "jajja",
"Match": "4.4.4.4",
"Name": "dynamic2",
"Type": "dynamic"
},
{
"Addresses": [
"test4",
"test2"
],
"Name": "static2",
"Type": "static"
}
]
}
}

Human Readable Output#

Address groups:#

NameTypeAddressesMatchDescriptionTags
a_g_1dynamic2.2.2.2
Demisto groupstaticDemisto address,
test3,
test_demo3
dynamic2dynamic4.4.4.4jajja
static2statictest4,
test2

panorama-get-address-group#


Get details for the specified address group

Base Command#

panorama-get-address-group

Input#

Argument NameDescriptionRequired
nameAddress group name.Required
device-groupThe device group for which to return addresses (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.AddressGroups.NamestringAddress group name.
Panorama.AddressGroups.TypestringAddress group type.
Panorama.AddressGroups.MatchstringDynamic Address group match.
Panorama.AddressGroups.DescriptionstringAddress group description.
Panorama.AddressGroups.AddressesstringStatic Address group addresses.
Panorama.AddressGroups.DeviceGroupStringDevice group for the address group (Panorama instances).
Panorama.AddressGroups.TagsStringAddress group tags.

Command Example#

!panorama-get-address-group name=suspicious_address_group

Human Readable Output#

Address groups:#

NameTypeAddressesMatchDescription
suspicious_address_groupdynamic1.1.1.1this ip is very bad

panorama-create-address-group#


Creates a static or dynamic address group.

Base Command#

panorama-create-address-group

Input#

Argument NameDescriptionRequired
nameAddress group name.Required
typeAddress group type.Required
matchDynamic Address group match. e.g: "1.1.1.1 or 2.2.2.2"Optional
addressesStatic address group list of addresses.Optional
descriptionAddress group description.Optional
device-groupThe device group for which to return addresses (Panorama instances).Optional
tagsThe tags for the Address group.Optional

Context Output#

PathTypeDescription
Panorama.AddressGroups.NamestringAddress group name.
Panorama.AddressGroups.TypestringAddress group type.
Panorama.AddressGroups.MatchstringDynamic Address group match.
Panorama.AddressGroups.AddressesstringStatic Address group list of addresses.
Panorama.AddressGroups.DescriptionstringAddress group description.
Panorama.AddressGroups.DeviceGroupStringDevice group for the address group (Panorama instances).
Panorama.AddressGroups.TagStringAddress group tags.

Command Example#

!panorama-create-address-group name=suspicious_address_group type=dynamic match=1.1.1.1 description="this ip is very bad"

Context Example#

{
"Panorama": {
"AddressGroups": {
"Description": "this ip is very bad",
"Match": "1.1.1.1",
"Name": "suspicious_address_group",
"Type": "dynamic"
}
}
}

Human Readable Output#

Address group was created successfully.

panorama-block-vulnerability#


Sets a vulnerability signature to block mode.

Base Command#

panorama-block-vulnerability

Input#

Argument NameDescriptionRequired
drop_modeType of session rejection. Possible values are: "drop", "alert", "block-ip", "reset-both", "reset-client", and "reset-server".' Default is "drop".Optional
vulnerability_profileName of vulnerability profile.Required
threat_idNumerical threat ID.Required

Context Output#

PathTypeDescription
Panorama.Vulnerability.IDstringID of vulnerability that has been blocked/overridden.
Panorama.Vulnerability.NewActionstringNew action for the vulnerability.

Command Example#

!panorama-block-vulnerability threat_id=18250 vulnerability_profile=name

Human Readable Output#

Threat with ID 18250 overridden.

panorama-delete-address-group#


Deletes an address group.

Base Command#

panorama-delete-address-group

Input#

Argument NameDescriptionRequired
nameName of address group to delete.Required
device-groupThe device group for which to return addresses (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.AddressGroups.NamestringName of address group that was deleted.
Panorama.AddressGroups.DeviceGroupStringDevice group for the address group (Panorama instances).

Command Example#

!panorama-delete-address-group name="dynamic_address_group_test_pb3"

Human Readable Output#

Address group was deleted successfully

panorama-edit-address-group#


Edits a static or dynamic address group.

Base Command#

panorama-edit-address-group

Input#

Argument NameDescriptionRequired
nameName of the address group to edit.Required
typeAddress group type.Required
matchAddress group new match. For example, '1.1.1.1 and 2.2.2.2'.Optional
element_to_addElement to add to the list of the static address group. Only existing Address objects can be added.Optional
element_to_removeElement to remove from the list of the static address group. Only existing Address objects can be removed.Optional
descriptionAddress group new description.Optional
tagsThe tag of the Address group to edit.Optional

Context Output#

PathTypeDescription
Panorama.AddressGroups.NamestringAddress group name.
Panorama.AddressGroups.TypestringAddress group type.
Panorama.AddressGroups.FilterstringDynamic Address group match.
Panorama.AddressGroups.DescriptionstringAddress group description.
Panorama.AddressGroups.AddressesstringStatic Address group addresses.
Panorama.AddressGroups.DeviceGroupStringDevice group for the address group (Panorama instances).
Panorama.AddressGroups.TagsStringAddress group tags.

panorama-list-services#


Returns a list of addresses.

Base Command#

panorama-list-services

Input#

Argument NameDescriptionRequired
device-groupThe device group for which to return addresses (Panorama instances).Optional
tagTag for which to filter the Services.Optional

Context Output#

PathTypeDescription
Panorama.Services.NamestringService name.
Panorama.Services.ProtocolstringService protocol.
Panorama.Services.DescriptionstringService description.
Panorama.Services.DestinationPortstringService destination port.
Panorama.Services.SourcePortstringService source port.
Panorama.Services.DeviceGroupstringDevice group in which the service was configured (Panorama instances).
Panorama.Services.TagsStringService tags.

Command Example#

!panorama-list-services

Context Example#

{
"Panorama": {
"Services": [
{
"Description": "rgfg",
"DestinationPort": "55",
"Name": "demisto_service1",
"Protocol": "tcp",
"SourcePort": "567-569"
},
{
"Description": "mojo",
"DestinationPort": "55",
"Name": "demi_service_test_pb",
"Protocol": "sctp",
"SourcePort": "60"
},
]
}
}

Human Readable Output#

Services:#

NameProtocolSourcePortDestinationPortDescription
demisto_service1tcp567-56955rgfg
demi_service_test_pbsctp6055mojo

panorama-get-service#


Returns service details for the supplied service name.

Base Command#

panorama-get-service

Input#

Argument NameDescriptionRequired
nameService name.Required
device-groupThe device group for which to return addresses (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.Services.NamestringService name.
Panorama.Services.ProtocolstringService protocol.
Panorama.Services.DescriptionstringService description.
Panorama.Services.DestinationPortstringService destination port.
Panorama.Services.SourcePortstringService source port.
Panorama.Services.DeviceGroupstringDevice group for the service (Panorama instances).
Panorama.Service.TagsStringService tags.

Command Example#

!panorama-get-service name=demisto_service1

Human Readable Output#

Address#

NameProtocolSourcePortDestinationPortDescription
demisto_service1tcp567-56955rgfg

panorama-create-service#


Creates a service.

Base Command#

panorama-create-service

Input#

Argument NameDescriptionRequired
nameName for the new service.Required
protocolProtocol for the new service.Required
destination_portDestination port for the new service.Required
source_portSource port for the new service.Optional
descriptionDescription for the new service.Optional
device-groupThe device group for which to return addresses (Panorama instances).Optional
tagsTags for the new service.Optional

Context Output#

PathTypeDescription
Panorama.Services.NamestringService name.
Panorama.Services.ProtocolstringService protocol.
Panorama.Services.DescritpionstringService description.
Panorama.Services.DestinationPortstringService destination port.
Panorama.Services.SourcePortstringService source port.
Panorama.Services.DeviceGroupstringDevice group for the service (Panorama instances).
Panorama.Services.TagsStringService tags.

Command Example#

!panorama-create-service name=guy_ser3 protocol=udp destination_port=36 description=bfds

Context Example#

{
"Panorama": {
"Services": {
"Description": "bfds",
"DestinationPort": "36",
"Name": "guy_ser3",
"Protocol": "udp"
}
}
}

Human Readable Output#

Service was created successfully.

panorama-delete-service#


Deletes a service.

Base Command#

panorama-delete-service

Input#

Argument NameDescriptionRequired
nameName of the service to delete.Required
device-groupThe device group for which to return addresses (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.Services.NamestringName of the deleted service.
Panorama.Services.DeviceGroupstringDevice group for the service (Panorama instances).

Command Example#

!panorama-delete-service name=guy_ser3

Context Example#

{
"Panorama": {
"Services": {
"Name": "guy_ser3"
}
}
}

Human Readable Output#

Service was deleted successfully.

panorama-list-service-groups#


Returns a list of service groups.

Base Command#

panorama-list-service-groups

Input#

Argument NameDescriptionRequired
device-groupThe device group for which to return addresses (Panorama instances).Optional
tagTags for which to filter the Service groups.Optional

Context Output#

PathTypeDescription
Panorama.ServiceGroups.NamestringService group name.
Panorama.ServiceGroups.ServicesstringService group related services.
Panorama.ServiceGroups.DeviceGroupstringDevice group for the service group (Panorama instances).
Panorama.ServiceGroups.TagsStringService group tags.

Command Example#

!panorama-list-service-groups

Context Example#

{
"Panorama": {
"ServiceGroups": [
{
"Name": "demisto_default_service_groups",
"Services": [
"service-http",
"service-https"
]
},
{
"Name": "demisto_test_pb_service_group",
"Services": "serice_tcp_test_pb"
}
]
}
}

Human Readable Output#

Service groups:#

NameServices
demisto_default_service_groupsservice-http,
service-https
demisto_test_pb_service_groupserice_tcp_test_pb

panorama-get-service-group#


Returns details for the specified service group.

Base Command#

panorama-get-service-group

Input#

Argument NameDescriptionRequired
nameService group name.Required
device-groupThe device group for which to return addresses (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.ServiceGroups.NamestringService group name.
Panorama.ServiceGroups.ServicesstringService group related services.
Panorama.ServiceGroups.DeviceGroupstringDevice group for the service group (Panorama instances).
Panorama.ServiceGroups.TagsStringService group tags.

Command Example#

!panorama-get-service-group name=ser_group6

Context Example#

{
"Panorama": {
"ServiceGroups": {
"Name": "ser_group6",
"Services": [
"serice_tcp_test_pb",
"demi_service_test_pb"
]
}
}
}

Human Readable Output#

Service group:#

NameServices
ser_group6serice_tcp_test_pb,
demi_service_test_pb

panorama-create-service-group#


Creates a service group.

Base Command#

panorama-create-service-group

Input#

Argument NameDescriptionRequired
nameService group name.Required
servicesService group related services.Required
device-groupThe device group for which to return addresses (Panorama instances).Optional
tagsTags for which to filter Service groups.Optional

Context Output#

PathTypeDescription
Panorama.ServiceGroups.NamestringService group name.
Panorama.ServiceGroups.ServicesstringService group related services.
Panorama.ServiceGroups.DeviceGroupstringDevice group for the service group (Panorama instances).
Panorama.ServiceGroups.TagsStringService group tags.

Command Example#

!panorama-create-service-group name=lalush_sg4 services=`["demisto_service1","demi_service_test_pb"]

panorama-delete-service-group#


Deletes a service group.

Base Command#

panorama-delete-service-group

Input#

Argument NameDescriptionRequired
nameName of the service group to delete.Required
device-groupThe device group for which to return addresses (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.ServiceGroups.NamestringName of the deleted service group.
Panorama.ServiceGroups.DeviceGroupstringDevice group for the service group (Panorama instances).

Command Example#

!panorama-delete-service-group name=lalush_sg4

panorama-edit-service-group#


Edit a service group.

Base Command#

panorama-edit-service-group

Input#

Argument NameDescriptionRequired
nameName of the service group to edit.Required
services_to_addServices to add to the service group. Only existing Services objects can be added.Optional
services_to_removeServices to remove from the service group. Only existing Services objects can be removed.Optional
tagsTag of the Service group to edit.Optional

Context Output#

PathTypeDescription
Panorama.ServiceGroups.NamestringService group name.
Panorama.ServiceGroups.ServicesstringService group related services.
Panorama.ServiceGroups.DeviceGroupstringDevice group for the service group (Panorama instances).
Panorama.ServiceGroups.TagsStringService group tags.

Command Example#

!panorama-edit-service-group name=lalush_sg4 services_to_remove=`["serice_udp_test_pb","demisto_service1"]

Human Readable Output#

Service group was edited successfully

panorama-get-custom-url-category#


Returns information for a custom URL category.

Base Command#

panorama-get-custom-url-category

Input#

Argument NameDescriptionRequired
nameCustom URL category name.Required
device-groupThe device group for which to return addresses for the custom URL category (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.CustomURLCategory.NameStringThe category name of the custom URL.
Panorama.CustomURLCategory.DescriptionStringThe category description of the custom URL.
Panorama.CustomURLCategory.SitesStringThe list of sites of the custom URL category.
Panorama.CustomURLCategory.DeviceGroupStringThe device group for the custom URL Category (Panorama instances).
Panorama.CustomURLCategory.CategoriesStringThe list of categories of the custom URL category.
Panorama.CustomURLCategory.TypeStringThe category type of the custom URL.

Command Example#

!panorama-get-custom-url-category name=my_personal_url_category

Human Readable Output#

Custom URL Category:#

NameSites
my_personal_url_categorythepill.com,
abortion.com

panorama-create-custom-url-category#


Creates a custom URL category.

Base Command#

panorama-create-custom-url-category

Input#

Argument NameDescriptionRequired
nameThe name of the custom URL category to create.Required
descriptionDescription of the custom URL category to create.Optional
sitesList of sites for the custom URL category.Optional
device-groupThe device group for which to return addresses for the custom URL category (Panorama instances).Optional
typeThe category type of the URL. Relevant from PAN-OS v9.x.Optional
categoriesThe list of categories. Relevant from PAN-OS v9.x.Optional

Context Output#

PathTypeDescription
Panorama.CustomURLCategory.NameStringCustom URL category name.
Panorama.CustomURLCategory.DescriptionStringCustom URL category description.
Panorama.CustomURLCategory.SitesStringCustom URL category list of sites.
Panorama.CustomURLCategory.DeviceGroupStringDevice group for the Custom URL Category (Panorama instances).
Panorama.CustomURLCategory.SitesStringCustom URL category list of categories.
Panorama.CustomURLCategory.TypeStringCustom URL category type.

Command Example#

!panorama-create-custom-url-category name=suspicious_address_group sites=["thepill.com","abortion.com"] description=momo

Context Example#

{
"Panorama": {
"CustomURLCategory": {
"Description": "momo",
"Name": "suspicious_address_group",
"Sites": [
"thepill.com",
"abortion.com"
]
}
}
}

Human Readable Output#

Created Custom URL Category:#

NameSitesDescription
suspicious_address_groupthepill.com,
abortion.com
momo

panorama-delete-custom-url-category#


Deletes a custom URL category.

Base Command#

panorama-delete-custom-url-category

Input#

Argument NameDescriptionRequired
nameName of the custom URL category to delete.Optional
device-groupThe device group for which to return addresses (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.CustomURLCategory.NamestringName of the custom URL category to delete.
Panorama.CustomURLCategory.DeviceGroupstringDevice group for the Custom URL Category (Panorama instances).

Command Example#

!panorama-delete-custom-url-category name=suspicious_address_group

Context Example#

{
"Panorama": {
"CustomURLCategory": {
"Name": "suspicious_address_group"
}
}
}

Human Readable Output#

Custom URL category was deleted successfully.

panorama-edit-custom-url-category#


Adds or removes sites to and from a custom URL category.

Base Command#

panorama-edit-custom-url-category

Input#

Argument NameDescriptionRequired
nameName of the custom URL category to add or remove sites.Required
sitesA comma separated list of sites to add to the custom URL category.Optional
actionAdds or removes sites or categories. Can be "add",or "remove".Required
categoriesA comma separated list of categories to add to the custom URL category.Optional

Context Output#

PathTypeDescription
Panorama.CustomURLCategory.NamestringCustom URL category name.
Panorama.CustomURLCategory.DescriptionstringCustom URL category description.
Panorama.CustomURLCategory.SitesstringCustom URL category list of sites.
Panorama.CustomURLCategory.DeviceGroupstringDevice group for the Custom URL Category (Panorama instances).

panorama-get-url-category#


Gets a URL category from URL Filtering. This command is only available on Firewall devices.

Base Command#

panorama-get-url-category

Input#

Argument NameDescriptionRequired
urlURL to check.Optional

Context Output#

PathTypeDescription
Panorama.URLFilter.URLstringURL.
Panorama.URLFilter.CategorystringURL category.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.IndicatorStringThe indicator that was tested.
URL.DataStringThe URL address.
URL.CategoryStringThe URL Category.

Command Example#

!panorama-get-url-category url="poker.com"

Context Example#

{
"DBotScore": {
"Indicator": "poker.com",
"Score": 1,
"Type": "url",
"Vendor": "PAN-OS"
},
"Panorama": {
"URLFilter": {
"Category": "gambling",
"URL": [
"poker.com"
]
}
},
"URL": {
"Category": "gambling",
"Data": "poker.com"
}
}

Human Readable Output#

URL Filtering:#

URLCategory
poker.comgambling

url#


Gets a URL category from URL Filtering. This command is only available on Firewall devices.

Base Command#

url

Input#

Argument NameDescriptionRequired
urlURL to check.Optional

Context Output#

PathTypeDescription
Panorama.URLFilter.URLstringURL.
Panorama.URLFilter.CategorystringThe URL category.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.IndicatorStringThe indicator that was tested.
URL.DataStringThe URL address.
URL.CategoryStringThe URL category.

panorama-get-url-category-from-cloud#


Returns a URL category from URL filtering. This command is only available on Firewall devices.

Base Command#

panorama-get-url-category-from-cloud

Input#

Argument NameDescriptionRequired
urlURL to check.Required

Context Output#

PathTypeDescription
Panorama.URLFilter.URLstringThe URL.
Panorama.URLFilter.CategorystringURL category.

Command Example#

!panorama-get-url-category-from-cloud url=google.com

Human Readable Output#

URL Filtering from cloud:#

URLCategory
google.comsearch-engines

panorama-get-url-category-from-host#


Returns a URL category from URL Filtering.

Base Command#

panorama-get-url-category-from-host

Input#

Argument NameDescriptionRequired
urlURL to check.Required

Context Output#

PathTypeDescription
Panorama.URLFilter.URLstringThe URL.
Panorama.URLFilter.CategorystringThe URL category.

Command Example#

!panorama-get-url-category-from-host url=google.com

Human Readable Output#

URL Filtering from host:#

URLCategory
google.comsearch-engines

panorama-get-url-filter#


Returns information for a URL filtering rule.

Base Command#

panorama-get-url-filter

Input#

Argument NameDescriptionRequired
nameURL Filter name.Required
device-groupThe device group for which to return addresses for the URL Filter (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.URLFilter.NamestringURL Filter name.
Panorama.URLFilter.Category.NamestringURL Filter category name.
Panorama.URLFilter.Category.ActionstringAction for the URL category.
Panorama.URLFilter.OverrideBlockListstringURL Filter override block list.
Panorama.URLFilter.OverrideAllowListstringURL Filter override allow list.
Panorama.URLFilter.DescriptionstringURL Filter description.
Panorama.URLFilter.DeviceGroupstringDevice group for the URL Filter (Panorama instances).

Command Example#

!panorama-get-url-filter name=demisto_default_url_filter

Human Readable Output#

URL Filter:#

NameCategoryOverrideAllowListDescription
demisto_default_url_filter{'Action': 'block', 'Name': u'abortion'},
{'Action': 'block', 'Name': u'abuse-drugs'}
888.com,
777.com
gres

panorama-create-url-filter#


Creates a URL filtering rule.

Base Command#

panorama-create-url-filter

Input#

Argument NameDescriptionRequired
nameName of the URL filter to create.Required
url_categoryURL categories.Required
actionAction for the URL categories. Can be "allow", "block", "alert", "continue", or "override".Required
override_allow_listCSV list of URLs to exclude from the allow list.Optional
override_block_listCSV list of URLs to exclude from the blocked list.Optional
descriptionURL Filter description.Optional
device-groupThe device group for which to return addresses for the URL Filter (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.URLFilter.NamestringURL Filter name.
Panorama.URLFilter.Category.NamestringURL Filter category name.
Panorama.URLFilter.Category.ActionstringAction for the URL category.
Panorama.URLFilter.OverrideBlockListstringURL Filter override allow list.
Panorama.URLFilter.OverrideBlockListstringURL Filter override blocked list.
Panorama.URLFilter.DescriptionstringURL Filter description.
Panorama.URLFilter.DeviceGroupstringDevice group for the URL Filter (Panorama instances).

Command Example#

!panorama-create-url-filter action=block name=gambling_url url_category=gambling

Context Example#

{
"Panorama": {
"URLFilter": {
"Category": [
{
"Action": "block",
"Name": "gambling"
}
],
"Name": "gambling_url"
}
}
}

Human Readable Output#

URL Filter was created successfully.

panorama-edit-url-filter#


Edit a URL filtering rule.

Base Command#

panorama-edit-url-filter

Input#

Argument NameDescriptionRequired
nameName of the URL filter to edit.Required
element_to_changeElement to change.Required
element_valueElement value. Limited to one value.Required
add_remove_elementAdd or remove an element from the Allow List or Block List fields. Default is to 'add' the element_value to the list.Optional

Context Output#

PathTypeDescription
Panorama.URLFilter.NamestringURL Filter name.
Panorama.URLFilter.DescriptionstringURL Filter description.
Panorama.URLFilter.Category.NamestringURL Filter category.
Panorama.URLFilter.ActionstringAction for the URL category.
Panorama.URLFilter.OverrideAllowListstringAllow Overrides for the URL category.
Panorama.URLFilter.OverrideBlockListstringBlock Overrides for the URL category.
Panorama.URLFilter.DeviceGroupstringDevice group for the URL Filter (Panorama instances).

Command Example#

!panorama-edit-url-filter name=demisto_default_url_filter element_to_change=override_allow_list element_value="poker.com" add_remove_element=add

Human Readable Output#

URL Filter was edited successfully

panorama-delete-url-filter#


Deletes a URL filtering rule.

Base Command#

panorama-delete-url-filter

Input#

Argument NameDescriptionRequired
nameName of the URL filter rule to delete.Required
device-groupThe device group for which to return addresses for the URL filter (Panorama instances)Optional

Context Output#

PathTypeDescription
Panorama.URLFilter.NamestringURL filter rule name.
Panorama.URLFilter.DeviceGroupstringDevice group for the URL Filter (Panorama instances).

Command Example#

!panorama-delete-url-filter name=gambling_url

Context Example#

{
"Panorama": {
"URLFilter": {
"Name": "gambling_url"
}
}
}

Human Readable Output#

URL Filter was deleted successfully.

panorama-list-edls#


Returns a list of external dynamic lists.

Base Command#

panorama-list-edls

Input#

Argument NameDescriptionRequired
device-groupThe device group for which to return addresses for the EDL (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.EDL.NamestringName of the EDL.
Panorama.EDL.TypestringThe type of EDL.
Panorama.EDL.URLstringURL in which the EDL is stored.
Panorama.EDL.DescriptionstringDescription of the EDL.
Panorama.EDL.CertificateProfilestringEDL certificate profile.
Panorama.EDL.RecurringstringTime interval that the EDL was pulled and updated.
Panorama.EDL.DeviceGroupstringDevice group for the EDL (Panorama instances).

Command Example#

!panorama-list-edls

Context Example#

{
"Panorama": {
"EDL": [
{
"Description": "6u4ju7",
"Name": "blabla3",
"Recurring": "hourly",
"Type": "url",
"URL": "lolo"
},
{
"Description": "ip",
"Name": "bad_ip_edl_demisot_web_server",
"Recurring": "five-minute",
"Type": "ip",
"URL": "http://192.168.1.15/files/very_bad_ip2.txt"
}
]
}
}

Human Readable Output#

External Dynamic Lists:#

NameTypeURLRecurringDescription
blabla3urllolohourly6u4ju7
bad_ip_edl_demisot_web_serveriphttp://192.168.1.15/files/very_bad_ip2.txtfive-minuteip

panorama-get-edl#


Returns information for an external dynamic list

Base Command#

panorama-get-edl

Input#

Argument NameDescriptionRequired
nameName of the EDL.Required
device-groupThe device group for which to return addresses for the EDL (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.EDL.NamestringName of the EDL.
Panorama.EDL.TypestringThe type of EDL.
Panorama.EDL.URLstringURL in which the EDL is stored.
Panorama.EDL.DescriptionstringDescription of the EDL.
Panorama.EDL.CertificateProfilestringEDL certificate profile.
Panorama.EDL.RecurringstringTime interval that the EDL was pulled and updated.
Panorama.EDL.DeviceGroupstringDevice group for the EDL (Panorama instances).

Command Example#

!panorama-get-edl name=test_pb_domain_edl_DONT_DEL

Context Example#

{
"Panorama": {
"EDL": {
"Description": "new description3",
"Name": "test_pb_domain_edl_DONT_DEL",
"Recurring": "hourly",
"Type": "url",
"URL": "https://test_pb_task.not.real"
}
}
}

Human Readable Output#

External Dynamic List:#

NameTypeURLRecurringDescription
test_pb_domain_edl_DONT_DELurlhttps://test_pb_task.not.realhourlynew description3

panorama-create-edl#


Creates an external dynamic list.

Base Command#

panorama-create-edl

Input#

Argument NameDescriptionRequired
nameName of the EDL.Required
urlURL from which to pull the EDL.Required
typeThe type of EDL.Required
recurringTime interval for pulling and updating the EDL.Required
certificate_profileCertificate Profile name for the URL that was previously uploaded. to PAN OS.Optional
descriptionDescription of the EDL.Optional
device-groupThe device group for which to return addresses for the EDL (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.EDL.NamestringName of theEDL.
Panorama.EDL.TypestringType of the EDL.
Panorama.EDL.URLstringURL in which the EDL is stored.
Panorama.EDL.DescriptionstringDescription of the EDL.
Panorama.EDL.CertificateProfilestringEDL certificate profile.
Panorama.EDL.RecurringstringTime interval that the EDL was pulled and updated.
Panorama.EDL.DeviceGroupstringDevice group for the EDL (Panorama instances).

Command Example#

!panorama-create-edl name=new_EDL recurring="five-minute" type=url url="gmail.com"

Context Example#

{
"Panorama": {
"EDL": {
"Name": "new_EDL",
"Recurring": "five-minute",
"Type": "url",
"URL": "gmail.com"
}
}
}

Human Readable Output#

External Dynamic List was created successfully.

panorama-edit-edl#


Modifies an element of an external dynamic list.

Base Command#

panorama-edit-edl

Input#

Argument NameDescriptionRequired
nameName of the external dynamic list to edit.Required
element_to_changeThe element to change (“url”, “recurring”, “certificate_profile”, “description”).Required
element_valueThe element value.Required

Context Output#

PathTypeDescription
Panorama.EDL.NamestringName of the EDL.
Panorama.EDL.URLstringURL where the EDL is stored.
Panorama.EDL.DescriptionstringDescription of the EDL.
Panorama.EDL.CertificateProfilestringEDL certificate profile.
Panorama.EDL.RecurringstringTime interval that the EDL was pulled and updated.
Panorama.EDL.DeviceGroupstringDevice group for the EDL (Panorama instances).

Command Example#

!panorama-edit-edl name=test_pb_domain_edl_DONT_DEL element_to_change=description element_value="new description3"

Context Example#

{
"Panorama": {
"EDL": {
"Description": "new description3",
"Name": "test_pb_domain_edl_DONT_DEL"
}
}
}

Human Readable Output#

External Dynamic List was edited successfully

panorama-delete-edl#


Deletes an external dynamic list.

Base Command#

panorama-delete-edl

Input#

Argument NameDescriptionRequired
nameName of the EDL to delete.Required
device-groupThe device group for which to return addresses for the EDL (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.EDL.NamestringName of the EDL that was deleted.
Panorama.EDL.DeviceGroupstringDevice group for the EDL (Panorama instances).

Command Example#

!panorama-delete-edl name=new_EDL

Context Example#

{
"Panorama": {
"EDL": {
"Name": "new_EDL"
}
}
}

Human Readable Output#

External Dynamic List was deleted successfully

panorama-refresh-edl#


Refreshes the specified external dynamic list.

Base Command#

panorama-refresh-edl

Input#

Argument NameDescriptionRequired
nameName of the EDLRequired
device-groupThe device group for which to return addresses for the EDL (Panorama instances).Optional
edl_typeThe type of the EDL. Required when refreshing an EDL object which is configured on Panorama.Optional
locationThe location of the EDL. Required when refreshing an EDL object which is configured on Panorama.Optional
vsysThe Vsys of the EDL. Required when refreshing an EDL object which is configured on Panorama.Optional

Context Output#

There is no context output for this command.

Command Example#

!panorama-refresh-edl name=test_pb_domain_edl_DONT_DEL

Human Readable Output#

Refreshed External Dynamic List successfully

panorama-create-rule#


Creates a policy rule.

Base Command#

panorama-create-rule

Input#

Argument NameDescriptionRequired
rulenameName of the rule to create.Optional
descriptionDescription of the rule to create.Optional
actionAction for the rule. Can be "allow", "deny", or "drop".Required
sourceA comma-separated list of address object names, address group object names, or EDL object names.Optional
destinationA comma-separated list of address object names, address group object names, or EDL object names.Optional
source_zoneA comma-separated list of source zones.Optional
destination_zoneA comma-separated list of destination zones.Optional
negate_sourceWhether to negate the source (address, address group). Can be "Yes" or "No".Optional
negate_destinationWhether to negate the destination (address, address group). Can be "Yes" or "No".Optional
serviceA comma-separated list of service object names for the rule.Optional
disableWhether to disable the rule. Can be "Yes" or "No" (default is "No").Optional
applicationA comma-separated list of application object names for the rule.Optional
source_userSource user for the rule to create.Optional
pre_postPre rule or Post rule (Panorama instances).Optional
targetSpecifies a target firewall for the rule (Panorama instances).Optional
log_forwardingLog forwarding profile.Optional
device-groupThe device group for which to return addresses for the rule (Panorama instances).Optional
tagsRule tags to create.Optional
categoryA comma-separated list of URL categories.Optional
profile_settingA profile setting group.Optional
whereWhere to move the rule. Can be "before", "after", "top", or "bottom". If you specify "top" or "bottom", you need to supply the "dst" argument.Optional
dstDestination rule relative to the rule that you are moving. This field is only relevant if you specify "top" or "bottom" in the "where" argument.Optional

Context Output#

PathTypeDescription
Panorama.SecurityRule.NamestringRule name.
Panorama.SecurityRule.DescriptionstringRule description.
Panorama.SecurityRule.ActionstringAction for the rule.
Panorama.SecurityRule.SourcestringSource address.
Panorama.SecurityRule.DestinationstringDestination address.
Panorama.SecurityRule.NegateSourcebooleanWhether the source is negated (address, address group).
Panorama.SecurityRule.NegateDestinationbooleanWhether the destination negated (address, address group).
Panorama.SecurityRule.ServicestringService for the rule.
Panorama.SecurityRule.DisabledstringWhether the rule is disabled.
Panorama.SecurityRule.ApplicationstringApplication for the rule.
Panorama.SecurityRule.TargetstringTarget firewall (Panorama instances).
Panorama.SecurityRule.LogForwardingstringLog forwarding profile (Panorama instances).
Panorama.SecurityRule.DeviceGroupstringDevice group for the rule (Panorama instances).
Panorama.SecurityRules.TagsStringRule tags.
Panorama.SecurityRules.ProfileSettingStringProfile setting group.

Command Example#

!panorama-create-rule rulename="block_bad_application" description="do not play at work" action="deny" application="fortnite"

Context Example#

{
"Panorama": {
"SecurityRule": {
"Action": "deny",
"Application": "fortnite",
"Description": "do not play at work",
"Disabled": "No",
"Name": "block_bad_application",
"SourceUser": "any"
}
}
}

Human Readable Output#

Rule configured successfully.

panorama-custom-block-rule#


Creates a custom block policy rule.

Base Command#

panorama-custom-block-rule

Input#

Argument NameDescriptionRequired
rulenameName of the custom block policy rule to create.Optional
object_typeObject type to block in the policy rule. Can be "ip", "address-group", "edl", or "custom-url-category".Required
object_valueA comma-separated list of object values for the object_type argument.Required
directionDirection to block. Can be "to", "from", or "both". Default is "both". This argument is not applicable to the "custom-url-category" object_type.Optional
pre_postPre rule or Post rule (Panorama instances).Optional
targetSpecifies a target firewall for the rule (Panorama instances).Optional
log_forwardingLog forwarding profile.Optional
device-groupThe device group for which to return addresses for the rule (Panorama instances).Optional
tagsTags for which to use for the custom block policy rule.Optional
whereWhere to move the rule. Can be "before", "after", "top", or "bottom". If you specify "top" or "bottom", you need to supply the "dst" argument.Optional
dstDestination rule relative to the rule that you are moving. This field is only relevant if you specify "top" or "bottom" in the "where" argument.Optional

Context Output#

PathTypeDescription
Panorama.SecurityRule.NamestringRule name.
Panorama.SecurityRule.ObjectstringBlocked object.
Panorama.SecurityRule.DirectionstringDirection blocked.
Panorama.SecurityRule.TargetstringTarget firewall (Panorama instances)
Panorama.SecurityRule.LogForwardingstringLog forwarding profile (Panorama instances).
Panorama.SecurityRule.DeviceGroupstringDevice group for the rule (Panorama instances).
Panorama.SecurityRule.TagsStringRule tags.

Command Example#

!panorama-custom-block-rule object_type=application object_value=fortnite

Context Example#

{
"Panorama": {
"SecurityRule": {
"Application": [
"fortnite"
],
"Direction": "both",
"Disabled": false,
"Name": "demisto-9c9ed15a"
}
}
}

Human Readable Output#

Object was blocked successfully.

panorama-move-rule#


Changes the location of a policy rule.

Base Command#

panorama-move-rule

Input#

Argument NameDescriptionRequired
rulenameName of the rule to move.Required
whereWhere to move the rule. Can be "before", "after", "top", or "bottom". If you specify "top" or "bottom", you need to supply the "dst" argument.Required
dstDestination rule relative to the rule that you are moving. This field is only relevant if you specify "top" or "bottom" in the "where" argument.Optional
pre_postRule location. Mandatory for Panorama instances.Optional
device-groupThe device group for which to return addresses for the rule (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.SecurityRule.NamestringRule name.
Panorama.SecurityRule.DeviceGroupstringDevice group for the rule (Panorama instances).

Command Example#

!panorama-move-rule rulename="test_rule3" where="bottom"

Human Readable Output#

Rule test_rule3 moved successfully

panorama-edit-rule#


Edits a policy rule.

Base Command#

panorama-edit-rule

Input#

Argument NameDescriptionRequired
rulenameName of the rule to edit.Required
element_to_changeParameter in the security rule to change. Can be 'source', 'destination', 'application', 'action', 'category', 'description', 'disabled', 'target', 'log-forwarding', 'tag' or 'profile-setting'.Required
element_valueThe new value for the parameter.Required
pre_postPre-rule or post-rule (Panorama instances).Optional
behaviourWhether to replace, add, or remove the element_value from the current rule object value.Optional

Context Output#

PathTypeDescription
Panorama.SecurityRule.NamestringRule name.
Panorama.SecurityRule.DescriptionstringRule description.
Panorama.SecurityRule.ActionstringAction for the rule.
Panorama.SecurityRule.SourcestringSource address.
Panorama.SecurityRule.DestinationstringDestination address.
Panorama.SecurityRule.NegateSourcebooleanWhether the source is negated (address, address group).
Panorama.SecurityRule.NegateDestinationbooleanWhether the destination is negated (address, address group).
Panorama.SecurityRule.ServicestringService for the rule.
Panorama.SecurityRule.DisabledstringWhether the rule is disabled.
Panorama.SecurityRule.ApplicationstringApplication for the rule.
Panorama.SecurityRule.TargetstringTarget firewall (Panorama instances).
Panorama.SecurityRule.DeviceGroupstringDevice group for the rule (Panorama instances).
Panorama.SecurityRule.TagsStringTags for the rule.
Panorama.SecurityRules.ProfileSettingStringProfile setting group.

Command Example#

!panorama-edit-rule rulename="block_bad_application" element_to_change=action element_value=drop

Context Example#

{
"Panorama": {
"SecurityRule": {
"Action": "drop",
"Name": "block_bad_application"
}
}
}

Human Readable Output#

Rule edited successfully.

panorama-delete-rule#


Deletes a policy rule.

Base Command#

panorama-delete-rule

Input#

Argument NameDescriptionRequired
rulenameName of the rule to delete.Required
pre_postPre rule or Post rule (Panorama instances).Optional
device-groupThe device group for which to return addresses for the rule (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.SecurityRule.NamestringRule name.
Panorama.SecurityRule.DeviceGroupstringDevice group for the rule (Panorama instances).

Command Example#

!panorama-delete-rule rulename=block_bad_application

Human Readable Output#

Rule deleted successfully.

panorama-list-applications#


Returns a list of applications.

Base Command#

panorama-list-applications

Input#

Argument NameDescriptionRequired
predefinedWhether to list predefined applications or not.Optional

Context Output#

PathTypeDescription
Panorama.Applications.NamestringApplication name.
Panorama.Applications.IdnumberApplication ID.
Panorama.Applications.CategorystringApplication category.
Panorama.Applications.SubCategorystringApplication sub-category.
Panorama.Applications.TechnologystringApplication technology.
Panorama.Applications.RisknumberApplication risk (1 to 5).
Panorama.Applications.DescriptionstringApplication description.

Command Example#

!panorama-list-applications

Context Example#

{
"Panorama": {
"Applications": {
"Description": "lala",
"Id": null,
"Name": "demisto_fw_app3",
"Risk": "1",
"SubCategory": "ip-protocol",
"Technology": "peer-to-peer"
}
}
}

Human Readable Output#

Applications#

IdNameRiskCategorySubCategoryTechnologyDescription
demisto_fw_app31ip-protocolpeer-to-peerlala

panorama-commit-status#


Returns commit status for a configuration.

Base Command#

panorama-commit-status

Input#

Argument NameDescriptionRequired
job_idJob ID to check.Required

Context Output#

PathTypeDescription
Panorama.Commit.JobIDnumberJob ID of the configuration to be committed.
Panorama.Commit.StatusstringCommit status.
Panorama.Commit.DetailsstringJob ID details.
Panorama.Commit.WarningsStringJob ID warnings

Command Example#

!panorama-commit-status job_id=948

Human Readable Output#

Commit Status:#

JobIDStatus
948Pending

panorama-push-status#


Returns the push status for a configuration.

Base Command#

panorama-push-status

Input#

Argument NameDescriptionRequired
job_idJob ID to check.Required

Context Output#

PathTypeDescription
Panorama.Push.DeviceGroupstringDevice group to which the policies were pushed.
Panorama.Push.JobIDnumberJob ID of the configuration to be pushed.
Panorama.Push.StatusstringPush status.
Panorama.Push.DetailsstringJob ID details.
Panorama.Push.WarningsStringJob ID warnings

Command Example#

!panorama-push-status job_id=951

Human Readable Output#

Push to Device Group Status:#

JobIDStatusDetails
951Completedcommit succeeded with warnings

panorama-get-pcap#


Returns information for a Panorama PCAP file. The recommended maximum file size is 5 MB. If the limit is exceeded, you might need to SSH the firewall and run the scp export command to export the PCAP file. For more information, see the Palo Alto Networks documentation.

Base Command#

panorama-get-pcap

Input#

Argument NameDescriptionRequired
pcapTypeType of Packet Capture.Required
serialNumberThe serial number of the firewall to download the PCAP from.Optional
fromThe file name for the PCAP type ('dlp-pcap', 'filters-pcap', or 'application-pcap').Optional
localNameThe new name for the PCAP file after downloading. If this argument is not specified, the file name is the PCAP file name set in the firewall.Optional
serialNoSerial number for the request. For further information, see the Panorama XML API Documentation.Optional
searchTimeThe Search time for the request. For example: "2019/12/26 00:00:00", "2020/01/10". For more information, see the Panorama XML API documentation.Optional
pcapIDThe ID of the PCAP for the request. For further information, see the Panorama XML API Documentation.Optional
passwordPassword for Panorama, needed for the 'dlp-pcap' PCAP type only.Optional
deviceNameThe Device Name on which the PCAP is stored. For further information, see the Panorama XML API Documentation.Optional
sessionIDThe Session ID of the PCAP. For further information, see the Panorama XML API Documentation.Optional

Context Output#

PathTypeDescription
File.SizenumberFile size.
File.NamestringFile name.
File.TypestringFile type.
File.InfostringFile info.
File.ExtensionstringFile extension.
File.EntryIDstringFIle entryID.
File.MD5stringMD5 hash of the file.
File.SHA1stringSHA1 hash of the file.
File.SHA256stringSHA256 hash of the file.
File.SHA512stringSHA512 hash of the file.
File.SSDeepstringSSDeep hash of the file.

Command Example#

!panorama-get-pcap pcapType="filter-pcap" from=pcap_test

panorama-list-pcaps#


Returns a list of all PCAP files by PCAP type. Not available for threat PCAPs.

Base Command#

panorama-list-pcaps

Input#

Argument NameDescriptionRequired
pcapTypeType of Packet Capture.Required
serialNumberThe serial number of the firewall to download the PCAP from.Optional
passwordPassword for Panorama. Relevant for the 'dlp-pcap' PCAP type.Optional

Context Output#

There is no context output for this command.

Command Example#

!panorama-list-pcaps pcapType=“filter-pcap”

Human Readable Output#

List of Pcaps:#

Pcap name
pcam_name

panorama-register-ip-tag#


Registers IP addresses to a tag.

Base Command#

panorama-register-ip-tag

Input#

Argument NameDescriptionRequired
tagTag for which to register IP addresses.Required
IPsIP addresses to register.Required
persistentWhether the IP addresses remain registered to the tag after the device reboots ('true':persistent, 'false':non-persistent). Default is 'true'.Optional

Context Output#

PathTypeDescription
Panorama.DynamicTags.TagstringName of the tag.
Panorama.DynamicTags.IPsstringRegistered IP addresses.

Command Example#

!panorama-register-ip-tag tag=tag02 IPs=[“10.0.0.13”,“10.0.0.14”]

Human Readable Output#

Registered ip-tag successfully

panorama-unregister-ip-tag#


Unregisters IP addresses from a tag.

Base Command#

panorama-unregister-ip-tag

Input#

Argument NameDescriptionRequired
tagTag for which to unregister IP addresses.Required
IPsIP addresses to unregister.Required

Context Output#

There is no context output for this command.

Command Example#

!panorama-unregister-ip-tag tag=tag02 IPs=["10.0.0.13","10.0.0.14"]

Human Readable Output#

Unregistered ip-tag successfully

panorama-register-user-tag#


Registers users to a tag. This command is only available for PAN-OS version 9.x and above.

Base Command#

panorama-register-user-tag

Input#

Argument NameDescriptionRequired
tagTag for which to register users.Required
UsersA comma-separated list of users to register.Required

Context Output#

PathTypeDescription
Panorama.DynamicTags.TagstringName of the tag.
Panorama.DynamicTags.UsersstringList of registered users.

Command Example#

!panorama-register-user-tag tag-tag02 Users=Username

Human Readable Output#

Registered user-tag successfully

panorama-unregister-user-tag#


Unregisters users from a tag. This command is only available for PAN-OS version 9.x and above.

Base Command#

panorama-unregister-user-tag

Input#

Argument NameDescriptionRequired
tagTag from which to unregister Users.Required
UsersA comma-separated list of users to unregister.Required

Context Output#

There is no context output for this command.

Command Example#

!panorama-unregister-user-tag tag-tag02 Users=Username

Human Readable Output#

Unregistered user-tag successfully

panorama-query-traffic-logs#


Deprecated. Queries traffic logs.

Base Command#

panorama-query-traffic-logs

Input#

Argument NameDescriptionRequired
querySpecifies the match criteria for the logs. This is similar to the query provided in the web interface under the Monitor tab when viewing the logs.Optional
number_of_logsThe number of logs to retrieve. Default is 100. Maximum is 5,000.Optional
directionWhether logs are shown oldest first (forward) or newest first (backward). Default is backward.Optional
sourceSource address for the query.Optional
destinationDestination address for the query.Optional
receive_timeDate and time after which logs were received, in the format: YYYY/MM/DD HH:MM:SS.Optional
applicationApplication for the query.Optional
to_portDestination port for the query.Optional
actionAction for the query.Optional

Context Output#

PathTypeDescription
Panorama.TrafficLogs.JobIDnumberJob ID of the traffic logs query.
Panorama.TrafficLogs.StatusstringStatus of the traffic logs query.

Command Example#

!panorama-query-traffic-logs query="" number_of_logs="100" direction="backward" source="" destination="" receive_time="" application="" to_port="" action="allow"

Human Readable Output#

Query Traffic Logs:#

JobIDStatus
1858Pending

panorama-check-traffic-logs-status#


Deprecated. Checks the query status of traffic logs.

Base Command#

panorama-check-traffic-logs-status

Input#

Argument NameDescriptionRequired
job_idJob ID of the query.Required

Context Output#

PathTypeDescription
Panorama.TrafficLogs.JobIDnumberJob ID of the traffic logs query.
Panorama.TrafficLogs.StatusstringStatus of the traffic logs query.

Command Example#

!panorama-check-traffic-logs-status job_id="1865"

Human Readable Output#

Query Traffic Logs status:#

JobIDStatus
1858Pending

panorama-get-traffic-logs#


Deprecated. Retrieves traffic log query data by job id.

Base Command#

panorama-get-traffic-logs

Input#

Argument NameDescriptionRequired
job_idJob ID of the query.Required

Context Output#

PathTypeDescription
Panorama.TrafficLogs.JobIDnumberJob ID of the traffic logs query.
Panorama.TrafficLogs.StatusstringStatus of the traffic logs query.
Panorama.TrafficLogs.Logs.ActionstringAction of the traffic log.
Panorama.TrafficLogs.Logs.ActionSourcestringAction source of the traffic log.
Panorama.TrafficLogs.Logs.ApplicationstringApplication of the traffic log.
Panorama.TrafficLogs.Logs.CategorystringCategory of the traffic log.
Panorama.TrafficLogs.Logs.DeviceNamestringDevice name of the traffic log.
Panorama.TrafficLogs.Logs.DestinationstringDestination of the traffic log.
Panorama.TrafficLogs.Logs.DestinationPortstringDestination port of the traffic log.
Panorama.TrafficLogs.Logs.FromZonestringFrom zone of the traffic log.
Panorama.TrafficLogs.Logs.ProtocolstringProtocol of the traffic log.
Panorama.TrafficLogs.Logs.ReceiveTimestringReceive time of the traffic log.
Panorama.TrafficLogs.Logs.RulestringRule of the traffic log.
Panorama.TrafficLogs.Logs.SessionEndReasonstringSession end reason of the traffic log.
Panorama.TrafficLogs.Logs.SourcestringSource of the traffic log.
Panorama.TrafficLogs.Logs.SourcePortstringSource port of the traffic log.
Panorama.TrafficLogs.Logs.StartTimestringStart time of the traffic log.
Panorama.TrafficLogs.Logs.ToZonestringTo zone of the traffic log.

Command Example#

!panorama-get-traffic-logs job_id="1865"

panorama-list-rules#


Returns a list of predefined Security Rules.

Base Command#

panorama-list-rules

Input#

Argument NameDescriptionRequired
pre_postRules location. Can be 'pre-rulebase' or 'post-rulebase'. Mandatory for Panorama instances.Optional
device-groupThe device group for which to return addresses (Panorama instances).Optional
tagTag for which to filter the rules.Optional

Context Output#

PathTypeDescription
Panorama.SecurityRule.NameStringRule name.
Panorama.SecurityRule.ActionStringAction for the rule.
Panorama.SecurityRule.LocationStringRule location.
Panorama.SecurityRule.CategoryStringRule category.
Panorama.SecurityRule.ApplicationStringApplication for the rule.
Panorama.SecurityRule.DestinationStringDestination address.
Panorama.SecurityRule.FromStringRule from.
Panorama.SecurityRule.ServiceStringService for the rule.
Panorama.SecurityRule.ToStringRule to.
Panorama.SecurityRule.SourceStringSource address.
Panorama.SecurityRule.DeviceGroupstringDevice group for the rule (Panorama instances).
Panorama.SecurityRules.TagsStringRule tags.

Command Example#

!panorama-list-rules

Context Example#

{
"Panorama": {
"SecurityRule": [
{
"Action": "drop",
"Application": "fortnite",
"Destination": "any",
"From": "any",
"Name": "demisto-7b6dc6e6",
"Service": "any",
"Source": "any",
"To": "any"
},
{
"Action": "drop",
"Application": "fortnite",
"Destination": "any",
"From": "any",
"Name": "demisto-125e5985",
"Service": "any",
"Source": "any",
"To": "any"
},
{
"Action": {
"#text": "drop",
"@admin": "api",
"@dirtyId": "2986",
"@time": "2020/10/13 05:00:06"
},
"Application": {
"#text": "fortnite",
"@admin": "api",
"@dirtyId": "2986",
"@time": "2020/10/13 05:00:06"
},
"Destination": {
"#text": "any",
"@admin": "api",
"@dirtyId": "2986",
"@time": "2020/10/13 05:00:06"
},
"From": {
"#text": "any",
"@admin": "api",
"@dirtyId": "2986",
"@time": "2020/10/13 05:00:06"
},
"Name": "demisto-9c9ed15a",
"Service": {
"#text": "any",
"@admin": "api",
"@dirtyId": "2986",
"@time": "2020/10/13 05:00:06"
},
"Source": {
"#text": "any",
"@admin": "api",
"@dirtyId": "2986",
"@time": "2020/10/13 05:00:06"
},
"To": {
"#text": "any",
"@admin": "api",
"@dirtyId": "2986",
"@time": "2020/10/13 05:00:06"
}
}
]
}
}

Human Readable Output#

Security Rules:#

NameActionFromToService
demisto-7b6dc6e6dropanyanyany
demisto-125e5985dropanyanyany
demisto-9c9ed15a@admin: api
@dirtyId: 2986
@time: 2020/10/13 05:00:06
#text: drop
@admin: api
@dirtyId: 2986
@time: 2020/10/13 05:00:06
#text: any
@admin: api
@dirtyId: 2986
@time: 2020/10/13 05:00:06
#text: any
@admin: api
@dirtyId: 2986
@time: 2020/10/13 05:00:06
#text: any

panorama-query-logs#


Query logs in Panorama.

Base Command#

panorama-query-logs

Input#

Argument NameDescriptionRequired
log-typeThe log type. Can be "threat", "traffic", "wildfire", "url", or "data".Required
queryThe query string by which to match criteria for the logs. This is similar to the query provided in the web interface under the Monitor tab when viewing the logs.Optional
time-generatedThe time that the log was generated from the timestamp and prior to it.
e.g "2019/08/11 01:10:44".
Optional
addr-srcSource address.Optional
addr-dstDestination address.Optional
ipSource or destination IP address.Optional
zone-srcSource zone.Optional
zone-dstDestination Source.Optional
actionRule action.Optional
port-dstDestination port.Optional
ruleRule name, e.g "Allow all outbound".Optional
urlURL, e.g "safebrowsing.googleapis.com".Optional
filedigestFile hash (for WildFire logs only).Optional
number_of_logsMaximum number of logs to retrieve. If empty, the default is 100. The maximum is 5,000.Optional

Context Output#

PathTypeDescription
Panorama.Monitor.JobIDStringJob ID of the logs query.
Panorama.Monitor.StatusStringStatus of the logs query.
Panorama.Monitor.MessageStringMessage of the logs query.

Command Example#

!panorama-query-logs log-type=data query="( addr.src in 192.168.1.12 )"

Human Readable Output#

Query Logs:#

JobIDStatus
678Pending

panorama-check-logs-status#


Checks the status of a logs query.

Base Command#

panorama-check-logs-status

Input#

Argument NameDescriptionRequired
job_idJob ID of the query.Required

Context Output#

PathTypeDescription
Panorama.Monitor.JobIDStringJob ID of the logs query.
Panorama.Monitor.StatusStringStatus of the logs query.

Command Example#

!panorama-check-logs-status job_id=657

Human Readable Output#

Query Logs Status:#

JobIDStatus
657Completed

panorama-get-logs#


Retrieves the data of a logs query.

Base Command#

panorama-get-logs

Input#

Argument NameDescriptionRequired
job_idJob ID of the query.Required
ignore_auto_extractWhether to auto-enrich the War Room entry. If "true", entry is not auto-enriched. If "false", entry is auto-extracted. Default is "true".Optional

Context Output#

PathTypeDescription
Panorama.Monitor.Logs.ActionStringAction taken for the session. Can be "alert", "allow", "deny", "drop", "drop-all-packets", "reset-client", "reset-server", "reset-both", or "block-url".
Panorama.Monitor.Logs.ApplicationStringApplication associated with the session.
Panorama.Monitor.Logs.CategoryStringThe URL category of the URL subtype. For WildFire subtype, it is the verdict on the file, and can be either "malicious", "phishing", "grayware"’, or "benign". For other subtypes, the value is "any".
Panorama.Monitor.Logs.DeviceNameStringThe hostname of the firewall on which the session was logged.
Panorama.Monitor.Logs.DestinationAddressStringOriginal session destination IP address.
Panorama.Monitor.Logs.DestinationUserStringUsername of the user to which the session was destined.
Panorama.Monitor.Logs.DestinationCountryStringDestination country or internal region for private addresses. Maximum length is 32 bytes.
Panorama.Monitor.Logs.DestinationPortStringDestination port utilized by the session.
Panorama.Monitor.Logs.FileDigestStringOnly for the WildFire subtype, all other types do not use this field. The filedigest string shows the binary hash of the file sent to be analyzed by the WildFire service.
Panorama.Monitor.Logs.FileNameStringFile name or file type when the subtype is file.

File name when the subtype is virus. File name when the subtype is wildfire-virus. File name when the subtype is wildfire. | | Panorama.Monitor.Logs.FileType | String | Only for the WildFire subtype, all other types do not use this field. Specifies the type of file that the firewall forwarded for WildFire analysis. | | Panorama.Monitor.Logs.FromZone | String | The zone from which the session was sourced. | | Panorama.Monitor.Logs.URLOrFilename | String | The actual URL when the subtype is url. File name or file type when the subtype is file. File name when the subtype is virus. File name when the subtype is wildfire-virus. File name when the subtype is wildfire. URL or file name when the subtype is vulnerability (if applicable). | | Panorama.Monitor.Logs.NATDestinationIP | String | If destination NAT performed, the post-NAT destination IP address. | | Panorama.Monitor.Logs.NATDestinationPort | String | Post-NAT destination port. | | Panorama.Monitor.Logs.NATSourceIP | String | If source NAT performed, the post-NAT source IP address. | | Panorama.Monitor.Logs.NATSourcePort | String | Post-NAT source port. | | Panorama.Monitor.Logs.PCAPid | String | The packet capture (pcap) ID is a 64 bit unsigned integral denoting an ID to correlate threat pcap files with extended pcaps taken as a part of that flow. All threat logs will contain either a pcap_id of 0 (no associated pcap), or an ID referencing the extended pcap file. | | Panorama.Monitor.Logs.IPProtocol | String | IP protocol associated with the session. | | Panorama.Monitor.Logs.Recipient | String | Only for the WildFire subtype, all other types do not use this field. Specifies the name of the receiver of an email that WildFire determined to be malicious when analyzing an email link forwarded by the firewall. | | Panorama.Monitor.Logs.Rule | String | Name of the rule that the session matched. | | Panorama.Monitor.Logs.RuleID | String | ID of the rule that the session matched. | | Panorama.Monitor.Logs.ReceiveTime | String | Time the log was received at the management plane. | | Panorama.Monitor.Logs.Sender | String | Only for the WildFire subtype; all other types do not use this field. Specifies the name of the sender of an email that WildFire determined to be malicious when analyzing an email link forwarded by the firewall. | | Panorama.Monitor.Logs.SessionID | String | An internal numerical identifier applied to each session. | | Panorama.Monitor.Logs.DeviceSN | String | The serial number of the firewall on which the session was logged. | | Panorama.Monitor.Logs.Severity | String | Severity associated with the threat. Can be "informational", "low", "medium", "high", or "critical". | | Panorama.Monitor.Logs.SourceAddress | String | Original session source IP address. | | Panorama.Monitor.Logs.SourceCountry | String | Source country or internal region for private addresses. Maximum length is 32 bytes. | | Panorama.Monitor.Logs.SourceUser | String | Username of the user who initiated the session. | | Panorama.Monitor.Logs.SourcePort | String | Source port utilized by the session. | | Panorama.Monitor.Logs.ThreatCategory | String | Describes threat categories used to classify different types of threat signatures. | | Panorama.Monitor.Logs.Name | String | Palo Alto Networks identifier for the threat. It is a description string followed by a 64-bit numerical identifier | | Panorama.Monitor.Logs.ID | String | Palo Alto Networks ID for the threat. | | Panorama.Monitor.Logs.ToZone | String | The zone to which the session was destined. | | Panorama.Monitor.Logs.TimeGenerated | String | Time that the log was generated on the dataplane. | | Panorama.Monitor.Logs.URLCategoryList | String | A list of the URL filtering categories that the firewall used to enforce the policy. | | Panorama.Monitor.Logs.Bytes | String | Total log bytes. | | Panorama.Monitor.Logs.BytesReceived | String | Log bytes received. | | Panorama.Monitor.Logs.BytesSent | String | Log bytes sent. | | Panorama.Monitor.Logs.Vsys | String | Vsys on the firewall that generated the log. |

Command Example#

!panorama-get-logs job_id=678

Human Readable Output#

Query data Logs:#

TimeGeneratedSourceAddressDestinationAddressApplicationActionRule
2019/07/24 08:50:241.1.1.12.3.4.5web-browsingdenyany - any accept

panorama-security-policy-match#


Checks whether a session matches a specified security policy. This command is only available on Firewall instances.

Base Command#

panorama-security-policy-match

Input#

Argument NameDescriptionRequired
applicationThe application name.Optional
categoryThe category name.Optional
destinationThe destination IP address.Required
destination-portThe destination port.Optional
fromThe from zone.Optional
toThe to zone.Optional
protocolThe IP protocol value.Required
sourceThe source IP address.Required
source-userThe source user.Optional
targetTarget number of the firewall. Use only on a Panorama instance.Optional

Context Output#

PathTypeDescription
Panorama.SecurityPolicyMatch.QueryStringQuery for the session to test.
Panorama.SecurityPolicyMatch.Rules.NameStringThe matching rule name.
Panorama.SecurityPolicyMatch.Rules.ActionStringThe matching rule action.
Panorama.SecurityPolicyMatch.Rules.CategoryStringThe matching rule category.
Panorama.SecurityPolicyMatch.Rules.DestinationStringThe matching rule destination.
Panorama.SecurityPolicyMatch.Rules.FromStringThe matching rule from zone.
Panorama.SecurityPolicyMatch.Rules.SourceStringThe matching rule source.
Panorama.SecurityPolicyMatch.Rules.ToStringThe matching rule to zone.
Panorama.SecurityPolicyMatch.QueryFields.ApplicationStringThe application name.
Panorama.SecurityPolicyMatch.QueryFields.CategoryStringThe category name.
Panorama.SecurityPolicyMatch.QueryFields.DestinationStringThe destination IP address.
Panorama.SecurityPolicyMatch.QueryFields.DestinationPortNumberThe destination port.
Panorama.SecurityPolicyMatch.QueryFields.FromStringThe from zone.
Panorama.SecurityPolicyMatch.QueryFields.ToStringThe to zone.
Panorama.SecurityPolicyMatch.QueryFields.ProtocolStringThe IP protocol value.
Panorama.SecurityPolicyMatch.QueryFields.SourceStringThe destination IP address.
Panorama.SecurityPolicyMatch.QueryFields.SourceUserStringThe source user.

Command Example#

!panorama-security-policy-match destination=1.2.3.4 protocol=1 source=2.3.4.5

Context Example#

{
"Panorama": {
"SecurityPolicyMatch": {
"Query": "<test><security-policy-match><source>2.3.4.5</source><destination>1.2.3.4</destination><protocol>1</protocol></security-policy-match></test>",
"QueryFields": {
"Destination": "1.2.3.4",
"Protocol": "1",
"Source": "2.3.4.5"
},
"Rules": {
"Action": "allow",
"Category": "any",
"Destination": "any",
"From": "any",
"Name": "any - any accept",
"Source": "any",
"To": "any"
}
}
}
}

Human Readable Output#

Matching Security Policies:#

NameActionFromToSourceDestination
any - any acceptallowanyanyanyany

panorama-list-static-routes#


Lists the static routes of a virtual router.

Base Command#

panorama-list-static-routes

Input#

Argument NameDescriptionRequired
virtual_routerThe name of the virtual router for which to list static routes.Required
templateThe template to use to run the command. Overrides the template parameter (Panorama instances).Optional
show_uncommittedWhether to show an uncommitted configuration. Default is "false"Optional

Context Output#

PathTypeDescription
Panorama.StaticRoutes.NameStringThe name of the static route.
Panorama.StaticRoutes.BFDProfileStringThe BFD profile of the static route.
Panorama.StaticRoutes.DestinationStringThe destination of the static route.
Panorama.StaticRoutes.MetricNumberThe metric (port) of the static route.
Panorama.StaticRoutes.NextHopStringThe next hop of the static route. Can be an IP address, FQDN, or a virtual router.
Panorama.StaticRoutes.RouteTableStringThe route table of a static route.
Panorama.StaticRoutes.VirtualRouterStringThe virtual router to which the static router belongs.
Panorama.StaticRoutes.TemplateStringThe template in which the static route is defined (Panorama instances only).
Panorama.StaticRoutes.UncommittedBooleanWhether the static route is committed.

Command Example#

!panorama-list-static-routes virtual_router=virtual_router_test_DONT_DELETE

Context Example#

{
"Panorama": {
"StaticRoutes": [
{
"BFDprofile": "None",
"Destination": "2.3.4.5/32",
"Metric": 14,
"Name": "static_route_ip",
"NextHop": "3.3.3.3",
"RouteTable": "Unicast",
"VirtualRouter": "virtual_router_test_DONT_DELETE"
},
{
"Destination": "1.1.1.1/32",
"Metric": 1012,
"Name": "test_maya",
"NextHop": "3.3.3.3",
"VirtualRouter": "virtual_router_test_DONT_DELETE"
}
]
}
}

Human Readable Output#

Displaying all Static Routes for the Virtual Router: virtual_router_test_DONT_DELETE#

NameDestinationNextHopRouteTableMetricBFDprofile
static_route_ip2.3.4.5/323.3.3.3Unicast14None
test_maya1.1.1.1/323.3.3.31012

panorama-get-static-route#


Returns the specified static route of a virtual router.

Base Command#

panorama-get-static-route

Input#

Argument NameDescriptionRequired
virtual_routerName of the virtual router for which to display the static route.Required
static_routeName of the static route to display.Required
templateThe template for which to run the command. Overrides the template parameter (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.StaticRoutes.NameStringThe name of the static route.
Panorama.StaticRoutes.BFDProfileStringThe BFD profile of the static route.
Panorama.StaticRoutes.DestinationStringThe destination of the static route.
Panorama.StaticRoutes.MetricNumberThe metric (port) of the static route.
Panorama.StaticRoutes.NextHopStringThe next hop of the static route. Can be an IP address, FQDN, or a virtual router.
Panorama.StaticRoutes.RouteTableStringThe route table of the static route.
Panorama.StaticRoutes.VirtualRouterStringThe virtual router to which the static router belongs.
Panorama.StaticRoutes.TemplateStringThe template in which the static route is defined (Panorama instances only).

Command Example#

!panorama-get-static-route static_route=static_route_ip virtual_router=virtual_router_test_DONT_DELETE

Context Example#

{
"Panorama": {
"StaticRoutes": {
"BFDprofile": "None",
"Destination": "2.3.4.5/32",
"Metric": 14,
"Name": "static_route_ip",
"NextHop": "3.3.3.3",
"RouteTable": "Unicast",
"VirtualRouter": "virtual_router_test_DONT_DELETE"
}
}
}

Human Readable Output#

Static route: static_route_ip#

BFDprofileDestinationMetricNameNextHopRouteTableVirtualRouter
None2.3.4.5/3214static_route_ip3.3.3.3Unicastvirtual_router_test_DONT_DELETE

panorama-add-static-route#


Adds a static route.

Base Command#

panorama-add-static-route

Input#

Argument NameDescriptionRequired
virtual_routerVirtual Router to which the routes will be added.Required
static_routeThe name of the static route to add. The argument is limited to a maximum of 31 characters, is case-sensitive, and supports letters, numbers, spaces, hyphens, and underscores.Required
destinationThe IP address and network mask in Classless Inter-domain Routing (CIDR) notation: ip_address/mask. For example, 192.168.0.1/24 for IPv4 or 2001:db8::/32 for IPv6).Required
nexthop_typeThe type for the nexthop. Can be: "ip-address", "next-vr", "fqdn" or "discard".Required
nexthop_valueThe next hop value.Required
metricThe metric port for the static route (1-65535).Optional
interfaceThe interface name in which to add the static route.Optional
templateThe template to use to run the command. Overrides the template parameter (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.StaticRoutes.NameStringThe name of the static route.
Panorama.StaticRoutes.BFDProfileStringThe BFD profile of the static route.
Panorama.StaticRoutes.DestinationStringThe destination of the static route.
Panorama.StaticRoutes.MetricNumberThe metric (port) of the static route.
Panorama.StaticRoutes.NextHopStringThe next hop of the static route. Can be an IP address, FQDN, or a virtual router.
Panorama.StaticRoutes.RouteTableStringThe route table of the static route.
Panorama.StaticRoutes.VirtualRouterStringThe virtual router to which the static router belongs.
Panorama.StaticRoutes.TemplateStringThe template in which the static route is defined (Panorama instances only).

Command Example#

!panorama-add-static-route destination=2.3.4.5/32 nexthop_type="ip-address" nexthop_value=3.3.3.3 static_route=my_temp_route virtual_router=virtual_router_test_DONT_DELETE

Context Example#

{
"Panorama": {
"StaticRoutes": {
"@code": "20",
"@status": "success",
"msg": "command succeeded"
}
}
}

Human Readable Output#

New uncommitted static route my_temp_route configuration added.

panorama-delete-static-route#


Deletes a static route.

Base Command#

panorama-delete-static-route

Input#

Argument NameDescriptionRequired
route_nameThe name of the static route to delete.Required
virtual_routerThe virtual router from which the routes will be deleted.Required
templateThe template for to use to run the command. Overrides the template parameter (Panorama instances).Optional

Context Output#

PathTypeDescription
Panorama.StaticRoutes.NameStringThe name of the static route.
Panorama.StaticRoutes.BFDProfileStringThe BFD profile of the static route.
Panorama.StaticRoutes.DestinationStringThe destination of the static route.
Panorama.StaticRoutes.MetricNumberThe metric (port) of the static route.
Panorama.StaticRoutes.NextHopStringThe next hop of the static route. Can be an IP address, FQDN, or a virtual router.
Panorama.StaticRoutes.RouteTableStringThe route table of the static route.
Panorama.StaticRoutes.VirtualRouterStringThe virtual router to which the static router belongs.
Panorama.StaticRoutes.TemplateStringThe template in which the static route is defined (Panorama instances only).
Panorama.StaticRoutes.DeletedBooleanWhether the static route was deleted.

Command Example#

!panorama-delete-static-route route_name=my_temp_route virtual_router=virtual_router_test_DONT_DELETE

Context Example#

{
"Panorama": {
"StaticRoutes": {
"Deleted": true,
"Name": "my_temp_route"
}
}
}

Human Readable Output#

The static route: my_temp_route was deleted. Changes are not committed.

panorama-show-device-version#


Show firewall device software version.

Base Command#

panorama-show-device-version

Input#

Argument NameDescriptionRequired
targetSerial number of the target device.Optional

Context Output#

PathTypeDescription
Panorama.Device.Info.DevicenameStringDevicename of the PAN-OS.
Panorama.Device.Info.ModelStringModel of the PAN-OS.
Panorama.Device.Info.SerialStringSerial number of the PAN-OS.
Panorama.Device.Info.VersionStringVersion of the PAN-OS.

Command Example#

!panorama-show-device-version

Context Example#

{
"Panorama": {
"Device": {
"Info": {
"Devicename": "PA-VM",
"Model": "PA-VM",
"Serial": "000000000000000",
"Version": "8.1.7"
}
}
}
}

Human Readable Output#

Device Version:#

DevicenameModelSerialVersion
PA-VMPA-VM0000000000000008.1.7

panorama-download-latest-content-update#


Downloads the latest content update.

Base Command#

panorama-download-latest-content-update

Input#

Argument NameDescriptionRequired
targetThe device to which to download the content update.Optional

Context Output#

PathTypeDescription
Panorama.Content.Download.JobIDStringJob ID of the content download.
Panorama.Content.Download.StatusStringContent download status.

Command Example#

!panorama-download-latest-content-update

Human Readable Output#

Content download:#

JobIDStatus
657Pending

panorama-content-update-download-status#


Checks the download status of a content update.

Base Command#

panorama-content-update-download-status

Input#

Argument NameDescriptionRequired
targetThe device to which the content update is downloading.Optional
job_idJob ID to check.Required

Context Output#

PathTypeDescription
Panorama.Content.Download.JobIDStringJob ID to monitor.
Panorama.Content.Download.StatusStringDownload status.
Panorama.Content.Download.DetailsStringJob ID details.

Command Example#

!panorama-content-update-download-status job_id=678

Human Readable Output#

Content download status:#

JobIDStatusDetails
678Completeddownload succeeded with warnings

panorama-install-latest-content-update#


Installs the latest content update.

Base Command#

panorama-install-latest-content-update

Input#

Argument NameDescriptionRequired
targetThe device on which to install the content update.Optional

Context Output#

PathTypeDescription
Panorama.Content.Install.JobIDStringJob ID of the installation.
Content.Install.StatusStringInstallation status.

Command Example#

!panorama-install-latest-content-update

Human Readable Output#

Result:#

JobIDStatus
878Pending

panorama-content-update-install-status#


Gets the installation status of the content update.

Base Command#

panorama-content-update-install-status

Input#

Argument NameDescriptionRequired
targetThe device on which to check the installation status of the content update.Optional
job_idJob ID of the content installation.Required

Context Output#

PathTypeDescription
Panorama.Content.Install.JobIDStringJob ID of the content installation.
Panorama.Content.Install.StatusStringContent installation status.
Panorama.Content.Install.DetailsStringContent installation status details.

Command Example#

!panorama-content-update-install-status job_id=878

Human Readable Output#

Content install status:#

JobIDStatusDetails
878Completedinstallation succeeded with warnings

panorama-check-latest-panos-software#


Checks the PAN-OS software version from the repository.

Base Command#

panorama-check-latest-panos-software

Input#

Argument NameDescriptionRequired
targetThe target device from which to get the PAN-OS software version.Optional

Context Output#

There is no context output for this command.

Command Example#

!panorama-check-latest-panos-software

panorama-download-panos-version#


Downloads the target PAN-OS software version to install on the target device.

Base Command#

panorama-download-panos-version

Input#

Argument NameDescriptionRequired
targetThe target device from which to download the PAN-OS software version.Optional
target_versionThe target version number to install.Required

Context Output#

PathTypeDescription
Panorama.PANOS.Download.JobIDnumberJob ID of the PAN-OS download.
Panorama.PANOS.Download.StatusStringStatus of the PAN-OS download.

Command Example#

!panorama-download-panos-version target_version=1

Human Readable Output#

Result:#

JobIDStatus
111Pending

panorama-download-panos-status#


Gets the download status of the target PAN-OS software.

Base Command#

panorama-download-panos-status

Input#

Argument NameDescriptionRequired
targetThe target device from which to get the download status.Optional
job_idJob ID to check.Required

Context Output#

PathTypeDescription
Panorama.PANOS.Download.JobIDstringJob ID of the PAN-OS download.
Panorama.PANOS.Download.StatusStringPAN-OS download status.
Panorama.PANOS.Download.DetailsStringPAN-OS download details.

Command Example#

!panorama-download-panos-status job_id=999

Human Readable Output#

PAN-OS download status:#

JobIDStatusDetails
999Completeddownload succeeded with warnings

panorama-install-panos-version#


Installs the target PAN-OS version on the specified target device.

Base Command#

panorama-install-panos-version

Input#

Argument NameDescriptionRequired
targetThe target device on which to install the target PAN-OS software version.Optional
target_versionTarget PAN-OS version to install.Required

Context Output#

PathTypeDescription
Panorama.PANOS.Install.JobIDstringJob ID from the PAN-OS installation.
Panorama.PANOS.Install.StatusStringStatus of the PAN-OS installation.

Command Example#

!panorama-install-panos-version target_version=1

Human Readable Output#

PAN-OS Installation:#

JobIDStatus
111Pending

panorama-install-panos-status#


Gets the installation status of the PAN-OS software.

Base Command#

panorama-install-panos-status

Input#

Argument NameDescriptionRequired
targetThe target device from which to get the installation status.Optional
job_idJob ID to check.Required

Context Output#

PathTypeDescription
Panorama.PANOS.Install.JobIDnumberJob ID of the PAN-OS installation.
Panorama.PANOS.Install.StatusStringStatus of the PAN-OS installation.
Panorama.PANOS.Install.DetailsStringPAN-OS installation details.

Command Example#

!panorama-install-panos-status job_id=878

Human Readable Output#

PAN-OS installation status:#

JobIDStatusDetails
878Completedinstallation succeeded with warnings

panorama-device-reboot#


Reboots the Firewall device.

Base Command#

panorama-device-reboot

Input#

Argument NameDescriptionRequired
targetThe target device for which to reboot the firewall.Optional

Context Output#

There is no context output for this command.

Command Example#

!panorama-device-reboot

panorama-show-location-ip#


Gets location information for an IP address.

Base Command#

panorama-show-location-ip

Input#

Argument NameDescriptionRequired
ip_addressThe IP address from which to return information.Required

Context Output#

PathTypeDescription
Panorama.Location.IP.country_codeStringThe IP address location country code.
Panorama.Location.IP.country_nameStringThe IP addres location country name.
Panorama.Location.IP.ip_addressStringThe IP address.
Panorama.Location.IP.StatusStringWhether the IP address was found.

Command Example#

!panorama-show-location-ip ip_address=8.8.8.8

Context Example#

{
"Panorama": {
"Location": {
"IP": {
"country_code": "US",
"country_name": "United States",
"ip_address": "8.8.8.8",
"status": "Found"
}
}
}
}

Human Readable Output#

IP 8.8.8.8 location:#

ip_addresscountry_namecountry_code
8.8.8.8United StatesUS

panorama-get-licenses#


Gets information about available PAN-OS licenses and their statuses.

Base Command#

panorama-get-licenses

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
Panorama.License.AuthcodeStringThe authentication code of the license.
Panorama.License.Base-license-nameStringThe base license name.
Panorama.License.DescriptionStringThe description of the license.
Panorama.License.ExpiredStringWhether the license has expired.
Panorama.License.ExpiresStringWhen the license will expire.
Panorama.License.FeatureStringThe feature of the license.
Panorama.License.IssuedStringWhen the license was issued.
Panorama.License.SerialStringThe serial number of the license.

Command Example#

!panorama-get-licences

Human Readable Output#

AuthcodeDescriptionFeatureSerialExpiredExpiresIssued
I9805928NFR SupportNFR Support007DEMISTO1tnoNeverNovember 25, 2019

panorama-get-security-profiles#


Gets information for the specified security profile.

Base Command#

panorama-get-security-profiles

Input#

Argument NameDescriptionRequired
security_profileThe security profile for which to get information. Can be "data-filtering", "file-blocking", "spyware", "url-filtering", "virus", "vulnerability", or "wildfire-analysis".Optional

Context Output#

PathTypeDescription
Panorama.Spyware.NameStringThe profile name.
Panorama.Spyware.Rules.ActionStringThe rule action.
Panorama.Spyware.Rules.CateogryStringThe category for which to apply the rule.
Panorama.Spyware.Rules.NameStringThe rule name.
Panorama.Spyware.Rules.Packet-captureStringWhether packet capture is enabled.
Panorama.Spyware.Rules.SeverityStringThe rule severity.
Panorama.Spyware.Rules.Threat-nameStringThe threat name for which to apply the rule.
Panorama.URLFilter.NameStringThe profile name.
Panorama.URLFilter.Rules.Category.ActionStringThe rule action to apply to the category.
Panorama.URLFilter.Rules.Category.NameStringThe category name.
Panorama.WildFire.NameStringThe WildFire profile name.
Panorama.WildFire.Rules.AnalysisStringThe rule analysis.
Panorama.WildFire.Rules.ApplicationStringThe application for which to apply the rule.
Panorama.WildFire.Rules.File-typeStringThe file type for which to apply the rule.
Panorama.WildFire.Rules.NameStringThe rule name.
Panorama.Vulnerability.NameStringThe vulnerability profile name.
Panorama.Vulnerability.Rules.Vendor-idStringThe vendor ID for which to apply the rule.
Panorama.Vulnerability.Rules.Packet-captureStringWhether packet capture is enabled.
Panorama.Vulnerability.Rules.HostStringThe rule host.
Panorama.Vulnerability.Rules.NameStringThe rule name.
Panorama.Vulnerability.Rules.CategoryStringThe category for which to apply the rule.
Panorama.Vulnerability.Rules.CVEStringThe CVE for which to apply the rule.
Panorama.Vulnerability.Rules.ActionStringThe rule action.
Panorama.Vulnerability.Rules.SeverityStringThe rule severity.
Panorama.Vulnerability.Rules.Threat-nameStringThe threat for which to apply the rule.
Panorama.Antivirus.NameStringThe Antivirus profile name.
Panorama.Antivirus.Rules.ActionStringThe rule action.
Panorama.Antivirus.Rules.NameStringThe rule name.
Panorama.Antivirus.Rules.WildFire-actionStringThe WildFire action.
Panorama.FileBlocking.NameStringThe file blocking profile name.
Panorama.FileBlocking.Rules.ActionStringThe rule action.
Panorama.FileBlocking.Rules.ApplicationStringThe application for which to apply the rule.
Panorama.FileBlocking.Rules.File-typeStringThe file type to apply the rule.
Panorama.FileBlocking.Rules.NameStringThe rule name.
Panorama.DataFiltering.NameStringThe data filtering profile name.
Panorama.DataFiltering.Rules.Alert-thresholdStringThe alert threshold.
Panorama.DataFiltering.Rules.ApplicationStringThe application to apply the rule.
Panorama.DataFiltering.Rules.Block-thresholdStringThe block threshold.
Panorama.DataFiltering.Rules.Data-objectStringThe data object.
Panorama.DataFiltering.Rules.DirectionStringThe rule direction.
Panorama.DataFiltering.Rules.File-typeStringThe file type for which to apply the rule.
Panorama.DataFiltering.Rules.Log-severityStringThe log severity.
Panorama.DataFiltering.Rules.NameStringThe rule name.

Command Example#

!panorama-get-security-profiles security_profile=spyware

Human Readable Output#

NameRules
best-practice{'Name': 'simple-critical', 'Action': {'reset-both': None}, 'Category': 'any', 'Severity': 'critical', 'Threat-name': 'any', 'Packet-capture': 'disable'},
{'Name': 'simple-high', 'Action': {'reset-both': None}, 'Category': 'any', 'Severity': 'high', 'Threat-name': 'any', 'Packet-capture': 'disable'},
{'Name': 'simple-medium', 'Action': {'reset-both': None}, 'Category': 'any', 'Severity': 'medium', 'Threat-name': 'any', 'Packet-capture': 'disable'},
{'Name': 'simple-informational', 'Action': {'default': None}, 'Category': 'any', 'Severity': 'informational', 'Threat-name': 'any', 'Packet-capture': 'disable'},
{'Name': 'simple-low', 'Action': {'default': None}, 'Category': 'any', 'Severity': 'low', 'Threat-name': 'any', 'Packet-capture': 'disable'}

panorama-apply-security-profile#


Apply a security profile to specific rules or rules with a specific tag.

Base Command#

panorama-apply-security-profile

Input#

Argument NameDescriptionRequired
profile_typeSecurity profile type. Can be 'data-filtering', 'file-blocking', 'spyware', 'url-filtering', 'virus, 'vulnerability', or wildfire-analysis.'Required
rule_nameThe rule name to apply.Required
profile_nameThe profile name to apply to the rule.Required
pre_postThe location of the rules. Can be 'pre-rulebase' or 'post-rulebase'. Mandatory for Panorama instances.Optional

Context Output#

There is no context output for this command.

Command Example#

!panorama-apply-security-profile profile_name=test profile_type=spyware rule_name=rule1 pre_post="pre-rulebase"

Human Readable Output#

The profile test has been applied to the rule rule1

panorama-get-ssl-decryption-rules#


Get SSL decryption rules.

Base Command#

panorama-get-ssl-decryption-rules

Input#

Argument NameDescriptionRequired
pre_postThe location of the rules. Can be 'pre-rulebase' or 'post-rulebase'. Mandatory for Panorama instances.Optional

Context Output#

PathTypeDescription
Panorama.SSLRule.FromStringThe SSL rule from the source.
Panorama.SSLRule.NameStringThe name of the SSL rule.
Panorama.SSLRule.DestinationStringThe destination of the SSL rule.
Panorama.SSLRule.TargetStringThe target of the SSL rule.
Panorama.SSLRule.ServiceStringThe SSL rule service.
Panorama.SSLRule.ActionStringThe SSL rule action.
Panorama.SSLRule.TypeStringThe SSL rule type.
Panorama.SSLRule.SourceStringThe source of the SSL rule.
Panorama.SSLRule.ToStringThe SSL rule to destination.
Panorama.SSLRule.UUIDStringThe SSL rule UUID.
Panorama.SSLRule.DescriptionStringThe SSL rule description.
Panorama.SSLRule.Source-userStringThe SSL rule source user.
Panorama.SSLRule.CategoryStringThe SSL rule category.

Command Example#

!panorama-get-ssl-decryption-rules pre_post="pre-rulebase"

Human Readable Output#

NameUUIDTargetServiceCategoryTypeFromToSourceDestenationActionSource-user
testsome_uuidnegate: noanymember: anyssl-forward-proxy: nullanyanyanyanyno-decryptany

panorama-get-wildfire-configuration#


Retrieves the Wildfire configuration.

Base Command#

panorama-get-wildfire-configuration

Input#

Argument NameDescriptionRequired
templateThe template name.Required

Context Output#

PathTypeDescription
Panorama.WildFire.NameStringThe file type.
Panorama.WildFire.Size-limitStringThe file size limit.
Panorama.WildFire.recurringStringThe schedule that is recurring.

Command Example#

!panorama-get-wildfire-configuration template=WildFire

WildFire Configuration#

Report Grayware File: yes |Name|Size-limit| |---|---| | pe | 10 | | apk | 30 |

The updated schedule for Wildfire#

recurring
every-min: {"action": "download-and-install"}

panorama-url-filtering-block-default-categories#


Set default categories to block in the URL filtering profile.

Base Command#

panorama-url-filtering-block-default-categories

Input#

Argument NameDescriptionRequired
profile_nameThe url-filtering profile name. Get the name by running the get-security-profiles command.Required

Context Output#

There is no context output for this command.

Command Example#

!panorama-url-filtering-block-default-categories profile_name=test

Human Readable Output#

The default categories to block has been set successfully to test

panorama-get-anti-spyware-best-practice#


Get anti-spyware best practices.

Base Command#

panorama-get-anti-spyware-best-practice

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
Panorama.Spyware.BotentDomain.NameStringThe botnet domain name.
Panorama.Spyware.BotentDomain.ActionStringThe botnet domain action.
Panorama.Spyware.BotentDomain.Packet-captureStringWhether packet capture is enabled.
Panorama.Spyware.BotentDomain.Sinkhole.ipv4-addressStringThe botnet domain IPv4 address.
Panorama.Spyware.BotentDomain.Sinkhole.ipv6-addressStringThe Botnet domain IPv6 address.
Panorama.Spyware.Rule.CategoryStringThe rule category.
Panorama.Spyware.Rule.ActionStringThe rule action.
Panorama.Spyware.Rule.NameStringThe rule name.
Panorama.Spyware.Rule.SeverityStringThe rule severity.
Panorama.Spyware.Rule.Threat-nameStringThe rule threat name.
Panorama.Spyware.BotentDomain.Max_versionStringThe botnet domain max version.

Command Example#

!panorama-get-anti-spyware-best-practice

Human Readable Output#

Anti Spyware Botnet-Domains Best Practice#

NameActionPacket-captureipv4-addressipv6-address
default-paloalto-dnssinkhole: nulldisable
default-paloalto-cloudallow: nulldisable
pan-sinkhole-default-ip::1

Anti Spyware Best Practice Rules#

NameSeverityActionCategoryThreat-name
simple-criticalcriticalreset-both: nullanyany
simple-highhighreset-both: nullanyany

panorama-get-file-blocking-best-practice#


Get file-blocking best practices.

Base Command#

panorama-get-file-blocking-best-practice

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
Panorama.FileBlocking.Rule.ActionStringThe rule action.
Panorama.FileBlocking.Rule.ApplicationStringThe rule application.
Panorama.FileBlocking.Rule.File-typeStringThe rule file type.
Panorama.FileBlocking.Rule.NameStringThe rule name.

Command Example#

!panorama-get-file-blocking-best-practice

Human Readable Output#

File Blocking Profile Best Practice#

NameActionFile-typeAplication
Block all risky file typesblock7z,
bat,
cab,
chm,
class,
cpl
any
Block encrypted filesblockencrypted-rar,
encrypted-zip
any

panorama-get-antivirus-best-practice#


Get anti-virus best practices.

Base Command#

panorama-get-antivirus-best-practice

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
Panorama.Antivirus.Decoder.ActionStringThe rule action.
Panorama.Antivirus.Decoder.NameStringThe rule name.
Panorama.Antivirus.Decoder.WildFire-actionStringThe WildFire action.

Command Example#

!panorama-get-antivirus-best-practice

Human Readable Output#

Antivirus Best Practice Profile#

NameActionWildFire-action
httpdefaultdefault
smtp defaultdefault

panorama-get-vulnerability-protection-best-practice#


Get vulnerability-protection best practices.

Base Command#

panorama-get-vulnerability-protection-best-practice

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
Panorama.Vulnerability.Rule.ActionStringThe rule action.
Panorama.Vulnerability.Rule.CVEStringThe rule CVE.
Panorama.Vulnerability.Rule.CategoryStringThe rule category.
Panorama.Vulnerability.Rule.HostStringThe rule host.
Panorama.Vulnerability.Rule.NameStringThe rule name.
Panorama.Vulnerability.Rule.SeverityStringThe rule severity.
Panorama.Vulnerability.Rule.Threat-nameStringThe threat name.
Panorama.Vulnerability.Rule.Vendor-idStringThe vendor ID.

Command Example#

!panorama-get-vulnerability-protection-best-practice

Human Readable Output#

vulnerability Protection Best Practice Profile#

NameActionHostSeverityCategoryThreat-nameCVEVendor-id
simple-client-criticalreset-both: nullclientcriticalanyanyanyany
simple-client-highreset-both: nullclienthighanyanyanyany

panorama-get-wildfire-best-practice#


View WildFire best practices.

Base Command#

panorama-get-wildfire-best-practice

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
Panorama.WildFire.AnalysisStringThe WildFire analysis.
Panorama.WildFire.ApplicationStringThe WildFire application.
Panorama.WildFire.File.File-sizeStringThe recommended file size.
Panorama.WildFire.File.NameStringThe file name.
Panorama.WildFire.File-typeStringThe WildFire profile file type.
Panorama.WildFire.NameStringThe WildFire profile name.
Panorama.WildFire.SSLDecryptStringThe SSL decrypt content.
Panorama.WildFire.Schedule.ActionStringThe WildFire schedule action.
Panorama.WildFire.Schedule.RecurringStringThe WildFire schedule recurring.

Command Example#

!panorama-get-wildfire-best-practice

Human Readable Output#

WildFire Best Practice Profile#

NameAnalysisAplicationFile-type
defaultpublic-cloudanyany

Wildfire Best Practice Schedule#

ActionRecurring
download-and-installevery-minute

Wildfire SSL Decrypt Settings#

allow-forward-decrypted-content
yes

Wildfire System Settings#

report-grayware-file: yes |Name|File-size| |---|---| | pe | 10 | | apk | 30 |

panorama-get-url-filtering-best-practice#


View URL Filtering best practices.

Base Command#

panorama-get-url-filtering-best-practice

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
Panorama.URLFilter.Category.ActionStringThe action to perform on the category.
Panorama.URLFilter.Category.NameStringThe category name.
Panorama.URLFilter.DeviceGroupStringThe device group name.
Panorama.URLFilter.NameStringThe Profile name.
Panorama.URLFilter.Header.log-container-page-onlyStringThe log container page only.
Panorama.URLFilter.Header.log-http-hdr-refererStringThe log HTTP header referer.
Panorama.URLFilter.Header.log-http-hdr-userStringThe log HTTP header user.
Panorama.URLFilter.Header.log-http-hdr-xffStringThe log HTTP header xff.

Command Example#

!panorama-get-url-filtering-best-practice

Human Readable Output#

URL Filtering Best Practice Profile Categories#

CategoryDeviceGroupName
{'Name': 'abortion', 'Action': 'alert'},
{'Name': 'abused-drugs', 'Action': 'alert'}
Demisto sales labbest-practice

Best Practice Headers#

log-container-page-onlylog-http-hdr-refererlog-http-hdr-userlog-http-hdr-xff
yesyesyesyes

panorama-enforce-wildfire-best-practice#


Enforces wildfire best practices to upload files to the maximum size, forwards all file types, and updates the schedule.

Base Command#

panorama-enforce-wildfire-best-practice

Input#

Argument NameDescriptionRequired
templateThe template name.Required

Context Output#

There is no context output for this command.

Command Example#

!panorama-enforce-wildfire-best-practice template=WildFire

Human Readable Output#

The schedule was updated according to the best practice. Recurring every minute with the action of "download and install" The file upload for all file types is set to the maximum size.

panorama-create-antivirus-best-practice-profile#


Creates an antivirus best practice profile.

Base Command#

panorama-create-antivirus-best-practice-profile

Input#

Argument NameDescriptionRequired
profile_nameThe name of the profile to create.Required

Context Output#

There is no context output for this command.

Command Example#

!panorama-create-antivirus-best-practice-profile profile_name=test

Human Readable Output#

The profile test was created successfully.

panorama-create-anti-spyware-best-practice-profile#


Creates an Anti-Spyware best practice profile.

Base Command#

panorama-create-anti-spyware-best-practice-profile

Input#

Argument NameDescriptionRequired
profile_nameThe profile name to create.Required

Context Output#

There is no context output for this command.

Command Example#

!panorama-create-anti-spyware-best-practice-profile profile_name=test

Human Readable Output#

The profile test was created successfully.

panorama-create-vulnerability-best-practice-profile#


Creates a vulnerability protection best practice profile.

Base Command#

panorama-create-vulnerability-best-practice-profile

Input#

Argument NameDescriptionRequired
profile_nameThe profile name.Required

Context Output#

There is no context output for this command.

Command Example#

!panorama-create-vulnerability-best-practice-profile profile_name=test

Human Readable Output#

The profile test was created successfully.

panorama-create-url-filtering-best-practice-profile#


Creates a URL filtering best practice profile.

Base Command#

panorama-create-url-filtering-best-practice-profile

Input#

Argument NameDescriptionRequired
profile_nameThe profile name.Required

Context Output#

There is no context output for this command.

Command Example#

!panorama-create-url-filtering-best-practice-profile profile_name=test

Human Readable Output#

The profile test was created successfully.

panorama-create-file-blocking-best-practice-profile#


Creates a file blocking best practice profile.

Base Command#

panorama-create-file-blocking-best-practice-profile

Input#

Argument NameDescriptionRequired
profile_nameThe name of the profile.Required

Context Output#

There is no context output for this command.

Command Example#

!panorama-create-file-blocking-best-practice-profile profile_name=test

Human Readable Output#

The profile test was created successfully.

panorama-create-wildfire-best-practice-profile#


Creates a WildFire analysis best practice profile.

Base Command#

panorama-create-wildfire-best-practice-profile

Input#

Argument NameDescriptionRequired
profile_nameThe name of the profile.Required

Context Output#

There is no context output for this command.

Command Example#

!panorama-create-wildfire-best-practice-profile profile_name=test

Human Readable Output#

The profile test was created successfully.

panorama-show-user-id-interfaces-config#


Shows the user ID interface configuration.

Base Command#

panorama-show-user-id-interfaces-config

Input#

Argument NameDescriptionRequired
templateThe template to use when running the command. Overrides the template parameter (Panorama instances). If not given, will use the integration parameter.Optional
template_stackThe template stack to use when running the command.Optional
vsysThe name of the virtual system to be configured. Will use the configured VSYS parameter if exists. If given a value, will override the VSYS parameter. If neither the VSYS parameter and this argument are entered, will default to 'vsys1'. .Optional

Context Output#

PathTypeDescription
Panorama.UserInterfaces.NameStringThe name of the user interface.
Panorama.UserInterfaces.ZoneStringThe zone to which the interface is connected
Panorama.UserInterfaces.EnableUserIdentificationStringWhether user identification is enabled.

Command Example#

!panorama-show-user-id-interfaces-config

Context Example#

{
"Panorama": {
"UserInterfaces": {
"EnableUserIdentification": "no",
"Name": "ethernet1/1",
"Zone": "test_zone"
}
}
}

Human Readable Output#

User Interface Configuration:#

NameZoneEnableUserIdentification
ethernet1/1test_zoneno

panorama-show-zones-config#


Shows the zones configuration.

Base Command#

panorama-show-zones-config

Input#

Argument NameDescriptionRequired
templateThe template to use when running the command. Overrides the template parameter (Panorama instances). If not given, will use the integration parameter.Optional
template_stackThe template stack to use when running the command.Optional
vsysThe name of the virtual system to be configured. Will use the configured VSYS parameter if exists. If given a value, will override the VSYS parameter. If neither the VSYS parameter and this argument are entered, will default to 'vsys1'. .Optional

Context Output#

PathTypeDescription
Panorama.Zone.NameStringThe name of the zone.
Panorama.Zone.NetworkStringThe network to which the zone connected
Panorama.Zone.EnableUserIdentificationStringWhether user identification is enabled.
Panorama.Zone.ZoneProtectionProfileStringThe zone protection profile.
Panorama.Zone.LogSettingStringThe log setting for the zone

Command Example#

!panorama-show-zones-config

Context Example#

{
"Panorama": {
"Zone": {
"EnableUserIdentification": "no",
"LogSetting": null,
"Name": "test_zone",
"Network": {
"tap": {
"member": "ethernet1/1"
}
},
"ZoneProtectionProfile": null
}
}
}

Human Readable Output#

Zone Configuration:#

NameNetworkEnableUserIdentification
test_zonetap: {"member": "ethernet1/1"}no

panorama-list-configured-user-id-agents#


Retrieves list of user-ID agents configured in the system.

Base Command#

panorama-list-configured-user-id-agents

Input#

Argument NameDescriptionRequired
templateThe template to use when running the command. Overrides the template parameter (Panorama instances). If not given, will use the integration parameter.Optional
template_stackThe template stack to use when running the command.Optional
vsysThe name of the virtual system to be configured. Will use the configured VSYS parameter if exists. If given a value, will override the VSYS parameter. If neither the VSYS parameter and this argument are entered, will default to 'vsys1'. .Optional

Context Output#

PathTypeDescription
Panorama.UserIDAgents.NameStringThe user-ID Agent name.
Panorama.UserIDAgents.HostStringThe user-ID Agent host.
Panorama.UserIDAgents.PortNumberThe user-ID Agent port.
Panorama.UserIDAgents.LdapProxyStringWhether LDAP proxy is used in the user-ID agent.
Panorama.UserIDAgents.NtlmAuthStringWhether NLTM authentication is used in the user-ID agent.
Panorama.UserIDAgents.EnableHipCollectionStringWhether HIP collection is enabled in the user-ID agent.
Panorama.UserIDAgents.IpUserMappingStringWhether IP user mapping is enabled in the user-ID agent.
Panorama.UserIDAgents.SerialNumberUnknownThe serial number associated with the user-ID agent.
Panorama.UserIDAgents.CollectorNameStringThe user-ID agent collector name.
Panorama.UserIDAgents.SecretStringThe user-ID agent secret.
Panorama.UserIDAgents.DisabledStringWhether the user-ID agent is disbaled.

Command Example#

!panorama-list-configured-user-id-agents

Context Example#

{
"Panorama": {
"UserIDAgents": [
{
"CollectorName": "demisto",
"Disabled": "yes",
"EnableHipCollection": null,
"Host": "mine",
"IpUserMapping": null,
"LdapProxy": "yes",
"Name": "testing",
"NtlmAuth": "yes",
"Port": "12",
"Secret": "secret",
"SerialNumber": null
},
{
"CollectorName": null,
"Disabled": null,
"EnableHipCollection": null,
"Host": null,
"IpUserMapping": null,
"LdapProxy": null,
"Name": "withSerial",
"NtlmAuth": null,
"Port": null,
"Secret": null,
"SerialNumber": "panorama"
}
]
}
}

Human Readable Output#

User ID Agents:#

NameSerialNumberHostPortCollectorNameLdapProxyNtlmAuth
testingmine12demistoyesyes
withSerialpanorama

panorama-upload-content-update-file#


Uploads a content file to Panorama.

Base Command#

panorama-upload-content-update-file

Input#

Argument NameDescriptionRequired
entryIDEntry ID of the file to upload.Required
categoryThe category of the content. Possible values are: wildfire, anti-virus, content.Required

Context Output#

PathTypeDescription
Panorama.Content.Upload.StatusstringContent upload status.
Panorama.Content.Upload.MessagestringContent upload message.

Command Example#

panorama-upload-content-update-file entryID="32@14183" category="content"

Human Readable Output#

Results#

StatusMessage
Successline: <file_name> saved

panorama-install-file-content-update#


Installs specific content update file.

Base Command#

panorama-install-file-content-update

Input#

Argument NameDescriptionRequired
version_nameUpdate file name to be installed on PAN-OS.Required
categoryThe category of the content. Possible values are: wildfire, anti-virus, content.Required
skip_validity_checkSkips file validity check with PAN-OS update server. Use this option for air-gapped networks and only if you trust the content file. Possible values are: yes, no. Default is no.Required

Context Output#

PathTypeDescription
Panorama.Content.Install.JobIDstringJobID of the installation.
Panorama.Content.Install.StatusstringInstallation status.

Command Example#

panorama-install-file-content-update version_name="panupv2-all-contents-8322-6317" category="content" skip_validity_check="yes"

Human Readable Output#

Results#

JobIDStatus
30Pending