Monday, November 3, 2014

Accessing a PAN firewall through an api with python

I found out that someone (Kevin Steves) made a python module to access Palo Alto Networks API. You can clone the repository from github.

git clone https://github.com/kevinsteves/pan-python.git

The module is very thorough and the documentation is pretty good. It was simple to test out and I was able to get it working in a few hours.

From what I can tell the module makes a REST call and exports the results into XML. This makes automation a lot easier as the data structure can be easily parsed.

My first script looks like this:

import pan.xapi
from cred import get_pan_credentials
credentials = get_pan_credentials()

print credentials
xapi = pan.xapi.PanXapi()

xapi.op(cmd='show system info', cmd_xml=True)
print xapi.xml_result()

----------
It makes a call to my credentials file

$ more cred.py
def get_pan_credentials():
 cred =  {}
 cred['api_username'] = "admin"
 cred['api_password'] = "admin"
 cred['hostname'] = "192.168.1.1"
 return cred


------------
The script in action.

$ python test1.py 
{'api_key': 'LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09', 'hostname': '192.168.1.1', 'api_password': 'admin', 'api_username': 'admin'}

<system><hostname>PA-7050</hostname><ip-address>192.168.1.1</ip-address><netmask>255.255.255.0</netmask><default-gateway>192.168.1.254</default-gateway><ipv6-address>unknown</ipv6-address><ipv6-link-local-address>fe80::290:fbff:fe4d:175c/64</ipv6-link-local-address><ipv6-default-gateway /><mac-address>00:90:fb:4d:17:5c</mac-address><time>Mon Nov  3 23:28:08 2014</time>
<uptime>0 days, 11:39:35</uptime>
<devicename>PA-7050</devicename>
<family>7000</family><model>PA-7050</model><serial>015128030274</serial><sw-version>6.0.6</sw-version>
<global-protect-client-package-version>0.0.0</global-protect-client-package-version>
<app-version>466-2435</app-version>
<app-release-date>2014/10/28  20:28:09</app-release-date>
<av-version>1408-1880</av-version>
<av-release-date>2014/11/03  04:00:02</av-release-date>
<threat-version>466-2435</threat-version>
<threat-release-date>2014/10/28  20:28:09</threat-release-date>
<wildfire-version>0</wildfire-version>
<wildfire-release-date>unknown</wildfire-release-date>
<url-filtering-version>0000.00.00.000</url-filtering-version>
<global-protect-datafile-version>0</global-protect-datafile-version>
<global-protect-datafile-release-date>unknown</global-protect-datafile-release-date><logdb-version>6.0.6</logdb-version>
<platform-family>7000</platform-family>
<logger_mode>False</logger_mode>
<vpn-disable-mode>off</vpn-disable-mode>
<operational-mode>normal</operational-mode>
<multi-vsys>off</multi-vsys>

</system>

No comments:

Post a Comment