PanOS interrogation script

PanOS interrogation script
0

This may be a silly question, but would this script tag all devices that has "api-key" set to "true" as panos devices? Or does it care about the response code of the url and ignores parsing unless it's a 200?


Image title


Source is available here:


https://bitbucket.org/indeni/indeni-knowledge/src/a13847eda0cefe385fee10fcda50c7d2774fa2c9/parsers/src/panw/panos/show-system-info-interrogation.ind?at=staging&fileviewer=file-view-default

So, this runs after generating an api-key for the Palo Alto networks device. If api-key is also used by other devices that have api-keys then yes I would assume it would run on non-PA devices as well.


At the point that it does the panos-keygen-interrogation.ind could it not just write that it is vendor paloaltonetworks and then put that in the requires section



panos-keygen-interrogation.ind

#! META
name: panos-keygen-interrogtion
description: get api-key with a keygen
type: interrogation



#! REMOTE::HTTP
url: /api/?type=keygen&user=${credentials.username}&password=${credentials.password}
protocol: HTTPS

#! PARSER::XML

_tags:
"api-key":
_text: "/response/result/key"
"vendor":
_constant: "paloaltonetworks"




panos-show-system-info-interrogation.ind

#! META
name: panos-show-system-info-interrogtion
description: Fetch system info for interrogation
type: interrogation
requires:
"api-key":
exists: true
vendor: paloaltonetworks


#! REMOTE::HTTP
url: /api?type=op&cmd=<show><system><info></info></system></show>&key=${api-key}
protocol: HTTPS

#! PARSER::XML

_tags:
"os.name":
_constant: "panos"
"os.version":
_text: "/response/result/system/sw-version"
"vendor":
_constant: "paloaltonetworks"
"model":
_text: "/response/result/system/model"

_temp:
"multipleVsys":
_count: "/response/result/system/multi-vsys[. = 'on']"
"model":
_text: "/response/result/system/model"
"systemModePanorama":
_count: "/response/result/system/system-mode[. = 'panorama' or . = 'log-collector' or . = 'legacy']"

_transform:
_tags:
vsx: |
{
if (temp("multipleVsys") > 0) {
print "true"
} else {
print "false"
}
}
product: |
{
if (temp("model") == "Panorama" || temp("systemModePanorama") > 0){
print "panorama"
} else {
print "firewall"
}
}



True, if and only if the response code is 200 (OK).