Prisma Cloud utility scripts, and a Python SDK for Prisma Cloud APIs.

Related tags

Third-party APIs Wrappersprisma-cloudprisma-cloud-compute-edition
Overview

pcs-toolbox

Prisma Cloud utility scripts, and a Python SDK for Prisma Cloud APIs.

Table of Contents

Support

These scripts have been developed by Prisma Cloud SEs, they are not Supported by Palo Alto Networks. Nevertheless, the maintainers will make a best-effort to address issues, and (of course) contributors are encouraged to submit issues and pull requests.

Setup

These scripts are written and tested in Python 3.x. If you need to install Python 3, you can get more information at Python's Home Page ... and you will also need PIP.

These scripts require the Python packages documented in requirements.txt. To check and install these packages, execute:

pip3 install -r requirements.txt

These scripts require the included pc_lib library directory to be in the same directory as the script itself.

Configuration

Configuration for these scripts can be specified each time on the command-line, or can be saved to a configuration file.

Use the pcs_configure.py script to save a configuration file. Configuration options include:

  • -u / --username (REQUIRED) Prisma Cloud Username, or Access Key generated by your Prisma Cloud User
  • -p / --password (REQUIRED) Password associated with your Prisma Cloud Username, or Secret Key associated with your Access Key
  • --api (OPTIONAL) Prisma Cloud API/UI Base URL used to access Prisma Cloud (app*.prismacloud.* ... or you can specify a direct api*.prismacloud.* URL).
  • --api_compute (OPTIONAL) Prisma Cloud Compute API Base URL used to access Prisma Cloud Compute (For SaaS, use Compute > Manage > System > Downloads: Path to Console).
  • --config_file (OPTIONAL) File containing your Prisma Cloud API configuration settings. Default: pc-settings.conf

An Access Key/Secret Key is preferable to using a Username/Password, and Access Keys must be created by a Prisma Cloud User with the permissions required by the script(s) being executed.

Configuration is saved as cleartext JSON, by default in the same directory as the scripts themselves, unless you specify --config_file.

CSPM vs CWP

The --api parameter is required for scripts (such as pcs_alerts_read.py) that use the Prisma Cloud CSPM API.

The --api_compute parameter is required for scripts (such as pcs_images_packages_read.py) that use the Prisma Cloud Compute (CWP) API.

For use with On-Premise/Self-Hosted Prisma Cloud Compute, --username is your Prisma Cloud Compute User, --password is your password or your active bearer token, and --api must not be specified.

References

https://prisma.pan.dev/api/cloud/

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-access-keys.html

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions.html

Examples:

python3 pcs_configure.py --username "Example Access Key" --password "Example Secret Key" --api "app.prismacloud.io"

python3 pcs_configure.py --username "Example Access Key" --password "Example Secret Key" --api "app.prismacloud.io" --config_file ~/example-pc-settings.conf

python3 pcs_configure.py --username "Example Username" --password "Example Password" --api_compute "onpremise.example.com"

Run pcs_configure.py specifying nothing (other than the optional --config_file) to output your current configuration file.

Script Usage

For detailed documentation of each script's parameters, specify -h or --help when executing the script.

CSPM Scripts

pcs_policy_set_status.py

Use this script to enable or disable Policies globally for an account (filtered by Policy Type or Compliance Standard). This is primarily used to set up a new environment with every Policy enabled, or to update an environment after a large number of new Policies have been released.

Example:

python3 pcs_policy_set_status.py --policy_type config enable

Use this script to enable Policies that are associated with a specific Compliance Standard (or Compliance Standards).

Example:

python3 pcs_policy_status.py --policy_type all disable

python3 pcs_policy_status.py --compliance_standard "GDPR" enable

pcs_user_import.py

Use this script to import a list of Users from a CSV file, assigning the imported Users to the specified Role. It will check for duplicates before importing.

Example:

python3 pcs_user_import.py "example-import-users.csv" "Example Prisma Cloud Role to assign to the imported Users"

pcs_policy_custom_export.py

Use this script to export custom Policies to a file, for backup ... or to import into another tenant.

Example:

python3 pcs_policy_custom_export.py "example-custom-policies.json"

pcs_policy_custom_import.py

Use this to script import custom Policies. By default, imported Policies will be disabled, to maintain the status of imported Policies, specify --maintain_status It will check for duplicates before importing.

Example:

python3 pcs_policy_custom_import.py "example-custom-policies.json"

pcs_compliance_export.py

Use this script to export an existing Compliance Standard (and its Requirements and Sections) to a file, for backup ... or to import into another tenant.

Example:

python3 pcs_compliance_export.py "GDPR" "example-compliance-standard.json"

pcs_compliance_import.py

Use this to script import an exported Compliance Standard (and its Requirements and Sections) into a new Compliance Standard. To import the associated Policy mappings, specify the --policy parameter. To associate custom Policies requires first running pcs_policy_custom_export.py to generate a mapping file (and pcs_policy_custom_import.py when importing into another tenant). It will check for duplicates before importing.

Example:

python3 pcs_compliance_import.py "example-compliance-standard.json" "GDPR Imported" --policy

CWP Scripts

pcs_images_packages_read.py

Use this script to inspect the packages in all of the container images (or one image, specified by --image_id) that have been scanned by Prisma Cloud Compute.

Example:

python3 pcs_images_packages_read.py

python3 pcs_images_packages_read.py --image_id "sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522"

An alternate usage is to specify a package via --package_id to search for containers with a specific package, and optionally a version.

Example:

python3 pcs_images_packages_read.py --package_type jar --package_id log4j

python3 pcs_images_packages_read.py --package_type jar --package_id log4j:2.14.1 --version_comparison lt --output_to_csv True

Other CSPM and CWP Scripts

pcs_cloud_account_import_azure.py (in progress)**

This is the framework for importing a CSV (template in the templates directory) with a list of Azure accounts into Prisma Cloud. Note: This is still a work in progress: the basic import framework is running, but validation of CSV and duplicate name checking has not been implemented yet.

Example:

python3 pcs_cloud_account_import_azure.py prisma_cloud_account_import_azure_template.csv

pcs_posture_endpoint_client.py

This is a generic tool for prototyping with the Cloud Security Posture API. It sends output to stdout (and optionally to file) and errors/info sent to STDERR, so that it works in a pipeline which makes it jq friendly. Please note this tool is not intended as a replacement for better well-formed scripts and functions.

Example 1: GET request

python3 pcs_posture_endpoint_client.py GET /v2/policy

Example 2: POST request

cat > body.json <

pcs_compute_endpoint_client.py

This is identical to pcs_posture_endpoint_client.py, except it uses the CSPM API rather than the CWP API.
Comments
  • Request documentation of CA bundle for self-signed cert.

    Request documentation of CA bundle for self-signed cert.

    Documentation link

    https://github.com/PaloAltoNetworks/pcs-toolbox

    Describe the problem

    When configuring as described, the resulting config file does not have a CA bundle. The connection attempt appears to start, but there is an error that the server cert was rejected.

    Suggested fix

    Maybe there is a way to not check the server cert, e.g., like curl -k.

    documentation 
    opened by QWERTY92009 6
  • pcs_configure.py : PrismaCloudUtility object has no attributes

    pcs_configure.py : PrismaCloudUtility object has no attributes "configure"

    Describe the bug

    Can't setup a settings file using pcs_configure due to a Python error : PrismaCloudUtility object has no attributes "configure"

    Your Environment

    • Version used : 4.0.6
    • Python version used : 3.10 (virtual env)
    bug 
    opened by syphax-b 5
  • Initial revision of automating account group assignment by tags

    Initial revision of automating account group assignment by tags

    Description

    Motivation and Context

    How Has This Been Tested?

    Screenshots (if appropriate)

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    • New feature (non-breaking change which adds functionality)
    • Breaking change (fix or feature that would cause existing functionality to change)

    Checklist

    • [ ] I have updated the documentation accordingly.
    • [ ] I have read the CONTRIBUTING document.
    • [ ] I have added tests to cover my changes if appropriate.
    • [ ] All new and existing tests passed.
    opened by lsmithpanw 5
  • [Community Health Assessment] Changes needed

    [Community Health Assessment] Changes needed

    | Health Check | Pass | Score | More Info | | ------------ | ---- | ----- | --------- | | Contains a meaningful README.md file | :white_check_mark: | 20 / 20 | More info | SUPPORT.md file exists | :white_check_mark: | 20 / 20 | More info | Repo has a description | :white_check_mark: | 15 / 15 | More info | Has a recognized open source license | :white_check_mark: | 15 / 15 | More info | Has a descriptive repo name | :white_check_mark: | 15 / 15 | More info | Required topics attached to repo | :white_check_mark: | 15 / 15 | More info | CONTRIBUTING.md file with contribution guidelines | :white_check_mark: | 5 / 5 | More info | Has custom issue and pull request templates | :x: | 0 / 5 | More info

    Current score: 105 Target threshold: 100 Total possible: 110

    opened by community-health-panw[bot] 5
  • AttributeError: 'PrismaCloudAPI' object has no attribute 'hosts_list_read'

    AttributeError: 'PrismaCloudAPI' object has no attribute 'hosts_list_read'

    Describe the bug

    pcs_hosts_vulnerabilities_read.py is returning the following error:

    Testing Compute API Access ... done.

Getting Hosts (please wait) ...Traceback (most recent call last):
  File "pcs_hosts_vulnerabilities_read.py", line 35, in <module>
    hosts = pc_api.hosts_list_read()
AttributeError: 'PrismaCloudAPI' object has no attribute 'hosts_list_read'. Did you mean: 'audits_list_read'?

    Expected behavior

    Being able to list hosts vulnerabilities from Compute

    Current behavior

    Looks like the API handler misses the related function

    bug 
    opened by AsioPanw 4
  • No host supplied error 5.0.3 Using Readme Example

    No host supplied error 5.0.3 Using Readme Example

    Describe the bug

    Using the exact sample on the Readme results in a requests package exception: "requests.exceptions.InvalidURL: Invalid URL 'https:///login': No host supplied"

    Expected behavior

    Returned details of the current user

    Current behavior

    requests.exceptions.InvalidURL: Invalid URL 'https:///login': No host supplied

    Possible solution

    Unknown

    Steps to reproduce

    1. python -m venv .
    2. source bin/activate
    3. pip3 install prismacloud-api
    4. python3 foo.py

    #code used `import os from prismacloud.api import pc_api

    Settings for Prisma Cloud Enterprise Edition

    settings = { "url": "https://api.prismacloud.io/", "identity": "access_key", "secret": "secret_key" }

    pc_api.configure(settings)

    print('Prisma Cloud API Current User:') print() print(pc_api.current_user()) print() print('Prisma Cloud Compute API Intelligence:') print() print(pc_api.statuses_intelligence()) print()`

    Context

    Basic utilization of the API Also attempted changing url with or without trailing '/' and use of api2.prismacloud.io

    Your Environment

    • Version used: 5.0.3
    • Environment name and version (e.g. Chrome 59, node.js 5.4, python 3.7.3): Python 3.10.6
    • Operating System and version (desktop or mobile): MacOS
    bug 
    opened by dwchowscalesec 3
  • Handle API responses without a content-type header

    Handle API responses without a content-type header

    This commit avoids a KeyError: 'content-type' error when API responses do not include a content-type: header.

    Description

    Use .get() method on api_response.headers to handle scenarios where the compute API response does not include the content-type header.

    Motivation and Context

    Avoids this stack trace:

    Traceback (most recent call last):
  File "/home/cfarquhar/projects/prismacloud-api-python/scripts/pcs_incident_archiver.py", line 36, in <module>
    pc_api.audits_ack_incident(incident, ack_status=True)
  File "/home/cfarquhar/projects/prismacloud-api-python/prismacloud/api/compute/_audits.py", line 18, in audits_ack_incident
    resp = self.execute_compute('PATCH', 'api/v1/audits/incidents/acknowledge/%s' % incident_id, body_params=body_params)
  File "/home/cfarquhar/projects/prismacloud-api-python/prismacloud/api/compute/compute.py", line 70, in execute_compute
    if api_response.headers['Content-Type'] == 'text/csv':
  File "/home/cfarquhar/.pyenv/versions/test20220928a/lib/python3.10/site-packages/requests/structures.py", line 52, in __getitem__
    return self._store[key.lower()][1]
KeyError: 'content-type'

    How Has This Been Tested?

    It used to stack trace when API responses did not include a content-type: header. Now it no longer stack traces.

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    opened by cfarquhar 3
  • Update __init__.py

    Update __init__.py

    Description

    Hello! I see the methods from "prismacloud-api-python/prismacloud/api/compute/_stats.py " are not being initiated, is there a techincal reason?

    Motivation and Context

    I see there is some value in the quick reference of the already developed methods

    How Has This Been Tested?

    Based on the commit, re-imported the library and the "stats" methods are now available for "pc_api"

    Types of changes

    • New feature (non-breaking change which adds functionality)

    Checklist

    • [ ] I have updated the documentation accordingly.
    • [x] I have read the CONTRIBUTING document.
    • [x] I have added tests to cover my changes if appropriate.
    • [ ] All new and existing tests passed.
    opened by VictorHdzF 3
  • Add CWP incident acknowledgement method and bulk archiver script

    Add CWP incident acknowledgement method and bulk archiver script

    Description

    This PR:

    • adds a method for acknowledging/archiving CWP runtime incidents
    • adds a script to bulk archive runtime incidents based on the contents of a CSV file
    • fixes some minor _tags.py syntax issues introduced in 53000c11f71e

    Motivation and Context

    The UI does not currently provide a mechanism for bulk archiving runtime incidents. As customers tune their runtime rules, they would like to remove incidents that would not have been generated under the tuned rule set.

    How Has This Been Tested?

    The new method and script were tested against a 22.06.197 SaaS environment.

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    • New feature (non-breaking change which adds functionality)

    Checklist

    • [x] I have updated the documentation accordingly.
    • [x] I have read the CONTRIBUTING document.
    • [x] I have added tests to cover my changes if appropriate.
    • [x] All new and existing tests passed.
    opened by cfarquhar 3
  • Added Preliminary Audit scripts

    Added Preliminary Audit scripts

    Description

    added two scripts for compute and CSPM to pull audit log data and remove all login entries which outputs a CSV with only Create, Update, Delete information

    Motivation and Context

    How Has This Been Tested?

    opened by jaw2ay 3
  • Add enterprise and anomaly settings into CSPM endpoint.

    Add enterprise and anomaly settings into CSPM endpoint.

    Description

    Add enterprise and anomaly settings into CSPM endpoint.

    Motivation and Context

    I would like to use those endpoint for the prisma cloud cli

    How Has This Been Tested?

    Pylint

    Screenshots (if appropriate)

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    • New feature (non-breaking change which adds functionality)
    • Breaking change (fix or feature that would cause existing functionality to change)

    Checklist

    • [ ] I have updated the documentation accordingly.
    • [ ] I have read the CONTRIBUTING document.
    • [ ] I have added tests to cover my changes if appropriate.
    • [ ] All new and existing tests passed.
    opened by SimOnPanw 3
Releases(5.0.12)
Owner
Palo Alto Networks
We ensure each day is safer and more secure than the one before.
Palo Alto Networks
GitHub Repository
A basic Ubisoft API wrapper created in python.

UbisoftAPI A basic Ubisoft API wrapper created in python. I will be updating this with more endpoints as time goes on. Please note that this is my fir

Ethan 2 Oct 31, 2021
Telegram Group Management Bot based on phython !!!

How to setup/deploy. For easiest way to deploy this Bot click on the below button Mᴀᴅᴇ Bʏ Sᴜᴘᴘᴏʀᴛ Sᴏᴜʀᴄᴇ Find This Bot on Telegram A modular Telegram

Mukesh Solanki 5 Nov 17, 2021
Telegram bot implementing Lex Arcana using python-telegram-bot library.

Lex Arcana Telegram Bot 🤖 Telegram bot implementing Lex Arcana using python-telegram-bot library. This bot was evaluated for the course "Computer Eng

Nicolò Sonnino 6 Jun 22, 2022
Telegram bot to download almost all from Instagram

Instagram Manager Bot The most advanced Instagram Downloader Bot. Please fork this repository don't import code Made with Python3 (C) @subinps Copyrig

SUBIN 300 Dec 30, 2022
It's My Bot, For my group in telegram :)

Get Start USage This robot is written in Python language for devdood Group in Telegram ... You can easily edit and use this source Edit and Run You ne

Mohsen farzadmanesh 7 Sep 24, 2022
A simple bot discord in PY with moderation controls

Voila un bot discord en py avec les commandes simples de modération tout simplement faut changer les lignes 70 vous mettez votre token de votre bot 53

Ethan 1 Nov 20, 2021
Embed the Duktape JS interpreter in Python

Introduction Pyduktape is a python wrapper around Duktape, an embeddable Javascript interpreter. On top of the interpreter wrapper, pyduktape offers e

Stefano 78 Dec 15, 2022
Official implementation of DeepSportLab (a fork of OpenPifPaf)

DeepSportLab DeepSportLab: a Unified Framework for BallDetection, Player Instance Segmentationand Pose Estimation in Team Sports Scenes This paper pre

ISPGroupUCL 8 Sep 27, 2022
Criando Lambda Functions para Ingerir Dados de APIs com AWS CDK

LIVE001 - AWS Lambda para Ingerir Dados de APIs Fazer o deploy de uma função lambda com infraestrutura como código Lambda vai numa API externa e extra

Andre Sionek 12 Nov 20, 2022
Stack Overflow Error Parser

A python tool that executes python files and opens respective Stack Overflow threads in browser for errors encountered.

Raghavendra Khare 3 Jul 24, 2022
Skautský discord bot

Jáchym 🤖 Open-source skautský discord bot postavený na discord.py O čem? • Funkce • TODO • Poděkování ❓ O čem? Jáchym vznikl jako projekt do odborky

10 May 12, 2022
Rotates Amazon Personalize filters on a schedule based on dynamic templates

Amazon Personalize Filter Rotation This project contains the source code and supporting files for deploying a serverless application that provides aut

James Jory 2 Nov 12, 2021
qualysclient - a python SDK for interacting with the Qualys API

qualysclient - a python SDK for interacting with the Qualys API

5 Oct 28, 2022
“ Hey there 👋 I'm Sophia „ TG Group management bot with Some Extra features..

❤️ Sophia ❤️ Avaiilable on Telegram as SophiaBot 🏃‍♂️ Easy Deploy Mandatory Vars [+] Make Sure You Add All These Mandatory Vars. [-] APP_ID: You ca

THEEKSHANA 5 Dec 09, 2021
📖 GitHub action schedular (cron) that posts a Hadith every hour on Twitter & Facebook.

Hadith Every Hour 📖 A bot that posts a Hadith every hour on Twitter & Facebook (Every 3 hours for now to avoid spamming) Follow on Twitter @HadithEve

Ananto 13 Dec 14, 2022
PyHoroscope - Observational Indian lunisolar calendar, horoscope and matching using the Swiss ephemeris

PyHoroscope Observational Indian lunisolar calendar, horoscope and matching usin

4 Jun 05, 2022
Pancakeswap Sniper Bot GUI Uniswap Matic 2022 (WINDOWS LINUX MAC) AUTO BUY TOKEN ON LAUNCH AFTER ADD LIQUIDITY

Pancakeswap Sniper Bot GUI Uniswap Matic 2022 (WINDOWS LINUX MAC) ⭐️ AUTO BUY TOKEN ON LAUNCH AFTER ADD LIQUIDITY ⭐️ ⭐️ First GUI SNIPER BOT for WINDO

Crypto Trader 1 Jan 05, 2022
Ig-Crackv2 - Crack Instagram Version 2.9

★★ Information ★★ ★★Menu Special Crack Melalui Pengikut Crack Melalui Mengikuti

Risky [ Zero Tow ] 11 Aug 30, 2022
Tools for Twitter

Tools for Twitter Data This is a start of a collection of tools to use for collecting data via the Twitter API. If you do not have a Twitter Developer

DiscoverText 36 Oct 13, 2022
Python app to notify via slack channel the status_code change from an URL

Python app to notify, via slack channel you choose to be notified, for the status_code change from the URL list you setup to be checked every yy seconds

Pedro Nunes 1 Oct 25, 2021