PanOS interrogation script

IKL Development
#1

This may be a silly question, but would this script tag all devices that has "api-key" set to "true" as panos devices? Or does it care about the response code of the url and ignores parsing unless it's a 200?


Image title


Source is available here:


https://bitbucket.org/indeni/indeni-knowledge/src/a13847eda0cefe385fee10fcda50c7d2774fa2c9/parsers/src/panw/panos/show-system-info-interrogation.ind?at=staging&fileviewer=file-view-default

#2

So, this runs after generating an api-key for the Palo Alto networks device. If api-key is also used by other devices that have api-keys then yes I would assume it would run on non-PA devices as well.


At the point that it does the panos-keygen-interrogation.ind could it not just write that it is vendor paloaltonetworks and then put that in the requires section



panos-keygen-interrogation.ind
#! META
name: panos-keygen-interrogtion
description: get api-key with a keygen
type: interrogation



#! REMOTE::HTTP
url: /api/?type=keygen&user=${credentials.username}&password=${credentials.password}
protocol: HTTPS

#! PARSER::XML

_tags:
    "api-key":
        _text: "/response/result/key"
    "vendor":
        _constant: "paloaltonetworks"



panos-show-system-info-interrogation.ind
#! META
name: panos-show-system-info-interrogtion
description: Fetch system info for interrogation
type: interrogation
requires:
    "api-key":
        exists: true
    vendor: paloaltonetworks


#! REMOTE::HTTP
url: /api?type=op&cmd=<show><system><info></info></system></show>&key=${api-key}
protocol: HTTPS

#! PARSER::XML

_tags:
    "os.name":
        _constant: "panos"
    "os.version":
        _text: "/response/result/system/sw-version"
    "vendor":
        _constant: "paloaltonetworks"
    "model":
        _text: "/response/result/system/model"

_temp:
    "multipleVsys":
        _count: "/response/result/system/multi-vsys[. = 'on']"
    "model":
        _text: "/response/result/system/model"
    "systemModePanorama":
        _count: "/response/result/system/system-mode[. = 'panorama' or . = 'log-collector' or . = 'legacy']"

_transform:
    _tags:
        vsx: |
            {
                if (temp("multipleVsys") > 0) {
                    print "true"
                } else {
                    print "false"
                }
            }
        product: |
            {
                if (temp("model") == "Panorama" || temp("systemModePanorama") > 0){
                    print "panorama"
                } else {
                    print "firewall"
                }
            }




        


        

        

           
           
           
         


         

            
            
          


      

      

        

          

            
              

                
              

          

          

          


          
              
              
          #3
          
        

        

          
True, if and only if the response code is 200 (OK).