Prisma Cloud utility scripts, and a Python SDK for Prisma Cloud APIs.

Related tags

Third-party APIs Wrappersprisma-cloudprisma-cloud-compute-edition
Overview

pcs-toolbox

Prisma Cloud utility scripts, and a Python SDK for Prisma Cloud APIs.

Table of Contents

Support

These scripts have been developed by Prisma Cloud SEs, they are not Supported by Palo Alto Networks. Nevertheless, the maintainers will make a best-effort to address issues, and (of course) contributors are encouraged to submit issues and pull requests.

Setup

These scripts are written and tested in Python 3.x. If you need to install Python 3, you can get more information at Python's Home Page ... and you will also need PIP.

These scripts require the Python packages documented in requirements.txt. To check and install these packages, execute:

pip3 install -r requirements.txt

These scripts require the included pc_lib library directory to be in the same directory as the script itself.

Configuration

Configuration for these scripts can be specified each time on the command-line, or can be saved to a configuration file.

Use the pcs_configure.py script to save a configuration file. Configuration options include:

  • -u / --username (REQUIRED) Prisma Cloud Username, or Access Key generated by your Prisma Cloud User
  • -p / --password (REQUIRED) Password associated with your Prisma Cloud Username, or Secret Key associated with your Access Key
  • --api (OPTIONAL) Prisma Cloud API/UI Base URL used to access Prisma Cloud (app*.prismacloud.* ... or you can specify a direct api*.prismacloud.* URL).
  • --api_compute (OPTIONAL) Prisma Cloud Compute API Base URL used to access Prisma Cloud Compute (For SaaS, use Compute > Manage > System > Downloads: Path to Console).
  • --config_file (OPTIONAL) File containing your Prisma Cloud API configuration settings. Default: pc-settings.conf

An Access Key/Secret Key is preferable to using a Username/Password, and Access Keys must be created by a Prisma Cloud User with the permissions required by the script(s) being executed.

Configuration is saved as cleartext JSON, by default in the same directory as the scripts themselves, unless you specify --config_file.

CSPM vs CWP

The --api parameter is required for scripts (such as pcs_alerts_read.py) that use the Prisma Cloud CSPM API.

The --api_compute parameter is required for scripts (such as pcs_images_packages_read.py) that use the Prisma Cloud Compute (CWP) API.

For use with On-Premise/Self-Hosted Prisma Cloud Compute, --username is your Prisma Cloud Compute User, --password is your password or your active bearer token, and --api must not be specified.

References

https://prisma.pan.dev/api/cloud/

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-access-keys.html

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions.html

Examples:

python3 pcs_configure.py --username "Example Access Key" --password "Example Secret Key" --api "app.prismacloud.io"

python3 pcs_configure.py --username "Example Access Key" --password "Example Secret Key" --api "app.prismacloud.io" --config_file ~/example-pc-settings.conf

python3 pcs_configure.py --username "Example Username" --password "Example Password" --api_compute "onpremise.example.com"

Run pcs_configure.py specifying nothing (other than the optional --config_file) to output your current configuration file.

Script Usage

For detailed documentation of each script's parameters, specify -h or --help when executing the script.

CSPM Scripts

pcs_policy_set_status.py

Use this script to enable or disable Policies globally for an account (filtered by Policy Type or Compliance Standard). This is primarily used to set up a new environment with every Policy enabled, or to update an environment after a large number of new Policies have been released.

Example:

python3 pcs_policy_set_status.py --policy_type config enable

Use this script to enable Policies that are associated with a specific Compliance Standard (or Compliance Standards).

Example:

python3 pcs_policy_status.py --policy_type all disable

python3 pcs_policy_status.py --compliance_standard "GDPR" enable

pcs_user_import.py

Use this script to import a list of Users from a CSV file, assigning the imported Users to the specified Role. It will check for duplicates before importing.

Example:

python3 pcs_user_import.py "example-import-users.csv" "Example Prisma Cloud Role to assign to the imported Users"

pcs_policy_custom_export.py

Use this script to export custom Policies to a file, for backup ... or to import into another tenant.

Example:

python3 pcs_policy_custom_export.py "example-custom-policies.json"

pcs_policy_custom_import.py

Use this to script import custom Policies. By default, imported Policies will be disabled, to maintain the status of imported Policies, specify --maintain_status It will check for duplicates before importing.

Example:

python3 pcs_policy_custom_import.py "example-custom-policies.json"

pcs_compliance_export.py

Use this script to export an existing Compliance Standard (and its Requirements and Sections) to a file, for backup ... or to import into another tenant.

Example:

python3 pcs_compliance_export.py "GDPR" "example-compliance-standard.json"

pcs_compliance_import.py

Use this to script import an exported Compliance Standard (and its Requirements and Sections) into a new Compliance Standard. To import the associated Policy mappings, specify the --policy parameter. To associate custom Policies requires first running pcs_policy_custom_export.py to generate a mapping file (and pcs_policy_custom_import.py when importing into another tenant). It will check for duplicates before importing.

Example:

python3 pcs_compliance_import.py "example-compliance-standard.json" "GDPR Imported" --policy

CWP Scripts

pcs_images_packages_read.py

Use this script to inspect the packages in all of the container images (or one image, specified by --image_id) that have been scanned by Prisma Cloud Compute.

Example:

python3 pcs_images_packages_read.py

python3 pcs_images_packages_read.py --image_id "sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522"

An alternate usage is to specify a package via --package_id to search for containers with a specific package, and optionally a version.

Example:

python3 pcs_images_packages_read.py --package_type jar --package_id log4j

python3 pcs_images_packages_read.py --package_type jar --package_id log4j:2.14.1 --version_comparison lt --output_to_csv True

Other CSPM and CWP Scripts

pcs_cloud_account_import_azure.py (in progress)**

This is the framework for importing a CSV (template in the templates directory) with a list of Azure accounts into Prisma Cloud. Note: This is still a work in progress: the basic import framework is running, but validation of CSV and duplicate name checking has not been implemented yet.

Example:

python3 pcs_cloud_account_import_azure.py prisma_cloud_account_import_azure_template.csv

pcs_posture_endpoint_client.py

This is a generic tool for prototyping with the Cloud Security Posture API. It sends output to stdout (and optionally to file) and errors/info sent to STDERR, so that it works in a pipeline which makes it jq friendly. Please note this tool is not intended as a replacement for better well-formed scripts and functions.

Example 1: GET request

python3 pcs_posture_endpoint_client.py GET /v2/policy

Example 2: POST request

cat > body.json <

pcs_compute_endpoint_client.py

This is identical to pcs_posture_endpoint_client.py, except it uses the CSPM API rather than the CWP API.
Comments
  • Request documentation of CA bundle for self-signed cert.

    Request documentation of CA bundle for self-signed cert.

    Documentation link

    https://github.com/PaloAltoNetworks/pcs-toolbox

    Describe the problem

    When configuring as described, the resulting config file does not have a CA bundle. The connection attempt appears to start, but there is an error that the server cert was rejected.

    Suggested fix

    Maybe there is a way to not check the server cert, e.g., like curl -k.

    documentation 
    opened by QWERTY92009 6
  • pcs_configure.py : PrismaCloudUtility object has no attributes

    pcs_configure.py : PrismaCloudUtility object has no attributes "configure"

    Describe the bug

    Can't setup a settings file using pcs_configure due to a Python error : PrismaCloudUtility object has no attributes "configure"

    Your Environment

    • Version used : 4.0.6
    • Python version used : 3.10 (virtual env)
    bug 
    opened by syphax-b 5
  • Initial revision of automating account group assignment by tags

    Initial revision of automating account group assignment by tags

    Description

    Motivation and Context

    How Has This Been Tested?

    Screenshots (if appropriate)

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    • New feature (non-breaking change which adds functionality)
    • Breaking change (fix or feature that would cause existing functionality to change)

    Checklist

    • [ ] I have updated the documentation accordingly.
    • [ ] I have read the CONTRIBUTING document.
    • [ ] I have added tests to cover my changes if appropriate.
    • [ ] All new and existing tests passed.
    opened by lsmithpanw 5
  • [Community Health Assessment] Changes needed

    [Community Health Assessment] Changes needed

    | Health Check | Pass | Score | More Info | | ------------ | ---- | ----- | --------- | | Contains a meaningful README.md file | :white_check_mark: | 20 / 20 | More info | SUPPORT.md file exists | :white_check_mark: | 20 / 20 | More info | Repo has a description | :white_check_mark: | 15 / 15 | More info | Has a recognized open source license | :white_check_mark: | 15 / 15 | More info | Has a descriptive repo name | :white_check_mark: | 15 / 15 | More info | Required topics attached to repo | :white_check_mark: | 15 / 15 | More info | CONTRIBUTING.md file with contribution guidelines | :white_check_mark: | 5 / 5 | More info | Has custom issue and pull request templates | :x: | 0 / 5 | More info

    Current score: 105 Target threshold: 100 Total possible: 110

    opened by community-health-panw[bot] 5
  • AttributeError: 'PrismaCloudAPI' object has no attribute 'hosts_list_read'

    AttributeError: 'PrismaCloudAPI' object has no attribute 'hosts_list_read'

    Describe the bug

    pcs_hosts_vulnerabilities_read.py is returning the following error:

    Testing Compute API Access ... done.

Getting Hosts (please wait) ...Traceback (most recent call last):
  File "pcs_hosts_vulnerabilities_read.py", line 35, in <module>
    hosts = pc_api.hosts_list_read()
AttributeError: 'PrismaCloudAPI' object has no attribute 'hosts_list_read'. Did you mean: 'audits_list_read'?

    Expected behavior

    Being able to list hosts vulnerabilities from Compute

    Current behavior

    Looks like the API handler misses the related function

    bug 
    opened by AsioPanw 4
  • No host supplied error 5.0.3 Using Readme Example

    No host supplied error 5.0.3 Using Readme Example

    Describe the bug

    Using the exact sample on the Readme results in a requests package exception: "requests.exceptions.InvalidURL: Invalid URL 'https:///login': No host supplied"

    Expected behavior

    Returned details of the current user

    Current behavior

    requests.exceptions.InvalidURL: Invalid URL 'https:///login': No host supplied

    Possible solution

    Unknown

    Steps to reproduce

    1. python -m venv .
    2. source bin/activate
    3. pip3 install prismacloud-api
    4. python3 foo.py

    #code used `import os from prismacloud.api import pc_api

    Settings for Prisma Cloud Enterprise Edition

    settings = { "url": "https://api.prismacloud.io/", "identity": "access_key", "secret": "secret_key" }

    pc_api.configure(settings)

    print('Prisma Cloud API Current User:') print() print(pc_api.current_user()) print() print('Prisma Cloud Compute API Intelligence:') print() print(pc_api.statuses_intelligence()) print()`

    Context

    Basic utilization of the API Also attempted changing url with or without trailing '/' and use of api2.prismacloud.io

    Your Environment

    • Version used: 5.0.3
    • Environment name and version (e.g. Chrome 59, node.js 5.4, python 3.7.3): Python 3.10.6
    • Operating System and version (desktop or mobile): MacOS
    bug 
    opened by dwchowscalesec 3
  • Handle API responses without a content-type header

    Handle API responses without a content-type header

    This commit avoids a KeyError: 'content-type' error when API responses do not include a content-type: header.

    Description

    Use .get() method on api_response.headers to handle scenarios where the compute API response does not include the content-type header.

    Motivation and Context

    Avoids this stack trace:

    Traceback (most recent call last):
  File "/home/cfarquhar/projects/prismacloud-api-python/scripts/pcs_incident_archiver.py", line 36, in <module>
    pc_api.audits_ack_incident(incident, ack_status=True)
  File "/home/cfarquhar/projects/prismacloud-api-python/prismacloud/api/compute/_audits.py", line 18, in audits_ack_incident
    resp = self.execute_compute('PATCH', 'api/v1/audits/incidents/acknowledge/%s' % incident_id, body_params=body_params)
  File "/home/cfarquhar/projects/prismacloud-api-python/prismacloud/api/compute/compute.py", line 70, in execute_compute
    if api_response.headers['Content-Type'] == 'text/csv':
  File "/home/cfarquhar/.pyenv/versions/test20220928a/lib/python3.10/site-packages/requests/structures.py", line 52, in __getitem__
    return self._store[key.lower()][1]
KeyError: 'content-type'

    How Has This Been Tested?

    It used to stack trace when API responses did not include a content-type: header. Now it no longer stack traces.

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    opened by cfarquhar 3
  • Update __init__.py

    Update __init__.py

    Description

    Hello! I see the methods from "prismacloud-api-python/prismacloud/api/compute/_stats.py " are not being initiated, is there a techincal reason?

    Motivation and Context

    I see there is some value in the quick reference of the already developed methods

    How Has This Been Tested?

    Based on the commit, re-imported the library and the "stats" methods are now available for "pc_api"

    Types of changes

    • New feature (non-breaking change which adds functionality)

    Checklist

    • [ ] I have updated the documentation accordingly.
    • [x] I have read the CONTRIBUTING document.
    • [x] I have added tests to cover my changes if appropriate.
    • [ ] All new and existing tests passed.
    opened by VictorHdzF 3
  • Add CWP incident acknowledgement method and bulk archiver script

    Add CWP incident acknowledgement method and bulk archiver script

    Description

    This PR:

    • adds a method for acknowledging/archiving CWP runtime incidents
    • adds a script to bulk archive runtime incidents based on the contents of a CSV file
    • fixes some minor _tags.py syntax issues introduced in 53000c11f71e

    Motivation and Context

    The UI does not currently provide a mechanism for bulk archiving runtime incidents. As customers tune their runtime rules, they would like to remove incidents that would not have been generated under the tuned rule set.

    How Has This Been Tested?

    The new method and script were tested against a 22.06.197 SaaS environment.

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    • New feature (non-breaking change which adds functionality)

    Checklist

    • [x] I have updated the documentation accordingly.
    • [x] I have read the CONTRIBUTING document.
    • [x] I have added tests to cover my changes if appropriate.
    • [x] All new and existing tests passed.
    opened by cfarquhar 3
  • Added Preliminary Audit scripts

    Added Preliminary Audit scripts

    Description

    added two scripts for compute and CSPM to pull audit log data and remove all login entries which outputs a CSV with only Create, Update, Delete information

    Motivation and Context

    How Has This Been Tested?

    opened by jaw2ay 3
  • Add enterprise and anomaly settings into CSPM endpoint.

    Add enterprise and anomaly settings into CSPM endpoint.

    Description

    Add enterprise and anomaly settings into CSPM endpoint.

    Motivation and Context

    I would like to use those endpoint for the prisma cloud cli

    How Has This Been Tested?

    Pylint

    Screenshots (if appropriate)

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    • New feature (non-breaking change which adds functionality)
    • Breaking change (fix or feature that would cause existing functionality to change)

    Checklist

    • [ ] I have updated the documentation accordingly.
    • [ ] I have read the CONTRIBUTING document.
    • [ ] I have added tests to cover my changes if appropriate.
    • [ ] All new and existing tests passed.
    opened by SimOnPanw 3
Releases(5.0.12)
Owner
Palo Alto Networks
We ensure each day is safer and more secure than the one before.
Palo Alto Networks
GitHub Repository
Authenticate your League of legends account on riot client in a few lines of code.

lol-authenticator v1.0.0 Content index Project Setup Dependencies Project Setup Dependencies Python v3.9.6 If you don't have Python installed on your

CΓ‘ssio Fontoura 5 Aug 28, 2022
A Telegram Bin Checker Bot made with python for check Bin valid or Invalid. πŸ’³

Bin Checker Bot A Telegram Bin Checker Bot made with python for check Bin valid or Invalid. πŸ“Œ Deploy On Heroku 🏷 Environment Variables API_ID - Your

Chamindu Denuwan 20 Dec 10, 2022
The system to host your files on the Discord application

Distorage The system to host your files on the Discord application Documentation Documentation Distorage How to use the package You can install it wit

6 Jun 27, 2022
A telegram user and chat info extractor with pyrogram python module

Made with Python3 (C) @FayasNoushad Copyright permission under MIT License License - https://github.com/FayasNoushad/Telegram-Info/blob/main/LICENSE

Fayas Noushad 8 Dec 22, 2021
✨ A Telegram mirror/leech bot By SparkXcloud Group ✨

SparkXcloud-Gdrive-MirrorBot SparkXcloud-Gdrive-MirrorBot is a multipurpose Telegram Bot writen in Python for mirroring files on the Internet to our b

119 Oct 23, 2022
A Telegram Bot to generate permanent Stream and Download links for any Telegram file

Telegram File To Stream Link This bot will give you permanent Stream and Download links for Telegram files Deploy the Bot Press the below button to de

Shadow 80 Dec 16, 2022
Mazda Connected Service API wrapper based on pymazda and Flask.

Mazda Connected Service Relay Mazda Connected Service API wrapper based on pymazda and Flask. Usage Make POST calls to https://mymazda.herokuapp.com/{

Alan Chen 10 Jan 05, 2023
A clean, easy to scale discord bot template

A clean, easy to scale discord bot template. Develope using nextcord library and can be use with any other discord.py forked library.

γ‚γŒγ­γ“ 3 Mar 03, 2022
Kyura-Userbot: a modular Telegram userbot that runs in Python3 with a sqlalchemy database

Kyura-Userbot Telegram Kyura-Userbot adalah userbot Telegram modular yang berjal

Kyura 17 Oct 29, 2022
Upvotes and karma for Discord: Heart πŸ’— or Crush πŸ’” a comment to give points to an user, or Star ⭐ it to add it to the Best Of!

πŸ€– Reto Reto is a community-oriented Discord bot, featuring a karma system, a way to reward the best comments, leaderboards, and so much more! React t

Erik Bianco Vera 3 May 07, 2022
Discord bot for calculating basic operations and formulas. (Early Development)

MathBot Discord bot for calculating basic operations and formulas. (Early Development) Commits Feel free to contribute to this bot by forking and pull

4 Jul 14, 2022
A Python implementation of a discord bot that acts as a server scanner similar to Copenheimer.

Bad Copenheimer A Python impelentation of a discord bot that acts as a server scanner. This is a discord bot that will scan ip adresses to see if they

pilot1782 69 Dec 16, 2022
A discord bot made by the community (uses python)

discord community bot context: this is a discord bot made by the community by community i mean people adding commands to the bot or changing the bot b

TR ASH 0 Oct 11, 2022
Simple Craigslist wrapper

python-craigslist A simple Craigslist wrapper. License: MIT-Zero. Disclaimer I don't work for or have any affiliation with Craigslist. This module was

Julio M. Alegria 370 Dec 22, 2022
Python implementation for PetitPotam

PetitPotam Coerce NTLM authentication from Windows hosts Installtion $ pip3 install impacket Usage usage: petitpotam.py [-h] [-debug] [-port [destinat

Oliver Lyak 137 Dec 28, 2022
Telegram bot to download almost all from Instagram

Instagram Manager Bot The most advanced Instagram Downloader Bot. Please fork this repository don't import code Made with Python3 (C) @subinps Copyrig

SUBIN 300 Dec 30, 2022
Available slots checker for Spanish Passport

Bot that checks for available slots to make an appointment to issue the Spanish passport at the Uruguayan consulate page

1 Nov 30, 2021
Fully automated YouTube Channel. Using Reddit and YouTube API.

Fully Automated YouTube Shorts Channel This code will show you how to setup and fully autmated YouTube Channel. Content is gathered from Reddit using

Jacob Lower 96 Dec 25, 2022
Autodrive is designed to make it as easy as possible to interact with the Google Drive and Sheets APIs via Python

Autodrive Autodrive is designed to make it as easy as possible to interact with the Google Drive and Sheets APIs via Python. It is especially designed

Chris Larabee 1 Oct 02, 2021
Anti Spam/NSFW Telegram Bot Written In Python With Pyrogram.

✨ SpamProtectionRobot ✨ Anti Spam/NSFW Telegram Bot Written In Python With Pyrogram. Requirements Python = 3.7 Install Locally Or On A VPS $ git clon

Akshay Rajput 46 Dec 13, 2022