Prisma Cloud utility scripts, and a Python SDK for Prisma Cloud APIs.

Related tags

Third-party APIs Wrappersprisma-cloudprisma-cloud-compute-edition
Overview

pcs-toolbox

Prisma Cloud utility scripts, and a Python SDK for Prisma Cloud APIs.

Table of Contents

Support

These scripts have been developed by Prisma Cloud SEs, they are not Supported by Palo Alto Networks. Nevertheless, the maintainers will make a best-effort to address issues, and (of course) contributors are encouraged to submit issues and pull requests.

Setup

These scripts are written and tested in Python 3.x. If you need to install Python 3, you can get more information at Python's Home Page ... and you will also need PIP.

These scripts require the Python packages documented in requirements.txt. To check and install these packages, execute:

pip3 install -r requirements.txt

These scripts require the included pc_lib library directory to be in the same directory as the script itself.

Configuration

Configuration for these scripts can be specified each time on the command-line, or can be saved to a configuration file.

Use the pcs_configure.py script to save a configuration file. Configuration options include:

  • -u / --username (REQUIRED) Prisma Cloud Username, or Access Key generated by your Prisma Cloud User
  • -p / --password (REQUIRED) Password associated with your Prisma Cloud Username, or Secret Key associated with your Access Key
  • --api (OPTIONAL) Prisma Cloud API/UI Base URL used to access Prisma Cloud (app*.prismacloud.* ... or you can specify a direct api*.prismacloud.* URL).
  • --api_compute (OPTIONAL) Prisma Cloud Compute API Base URL used to access Prisma Cloud Compute (For SaaS, use Compute > Manage > System > Downloads: Path to Console).
  • --config_file (OPTIONAL) File containing your Prisma Cloud API configuration settings. Default: pc-settings.conf

An Access Key/Secret Key is preferable to using a Username/Password, and Access Keys must be created by a Prisma Cloud User with the permissions required by the script(s) being executed.

Configuration is saved as cleartext JSON, by default in the same directory as the scripts themselves, unless you specify --config_file.

CSPM vs CWP

The --api parameter is required for scripts (such as pcs_alerts_read.py) that use the Prisma Cloud CSPM API.

The --api_compute parameter is required for scripts (such as pcs_images_packages_read.py) that use the Prisma Cloud Compute (CWP) API.

For use with On-Premise/Self-Hosted Prisma Cloud Compute, --username is your Prisma Cloud Compute User, --password is your password or your active bearer token, and --api must not be specified.

References

https://prisma.pan.dev/api/cloud/

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-access-keys.html

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions.html

Examples:

python3 pcs_configure.py --username "Example Access Key" --password "Example Secret Key" --api "app.prismacloud.io"

python3 pcs_configure.py --username "Example Access Key" --password "Example Secret Key" --api "app.prismacloud.io" --config_file ~/example-pc-settings.conf

python3 pcs_configure.py --username "Example Username" --password "Example Password" --api_compute "onpremise.example.com"

Run pcs_configure.py specifying nothing (other than the optional --config_file) to output your current configuration file.

Script Usage

For detailed documentation of each script's parameters, specify -h or --help when executing the script.

CSPM Scripts

pcs_policy_set_status.py

Use this script to enable or disable Policies globally for an account (filtered by Policy Type or Compliance Standard). This is primarily used to set up a new environment with every Policy enabled, or to update an environment after a large number of new Policies have been released.

Example:

python3 pcs_policy_set_status.py --policy_type config enable

Use this script to enable Policies that are associated with a specific Compliance Standard (or Compliance Standards).

Example:

python3 pcs_policy_status.py --policy_type all disable

python3 pcs_policy_status.py --compliance_standard "GDPR" enable

pcs_user_import.py

Use this script to import a list of Users from a CSV file, assigning the imported Users to the specified Role. It will check for duplicates before importing.

Example:

python3 pcs_user_import.py "example-import-users.csv" "Example Prisma Cloud Role to assign to the imported Users"

pcs_policy_custom_export.py

Use this script to export custom Policies to a file, for backup ... or to import into another tenant.

Example:

python3 pcs_policy_custom_export.py "example-custom-policies.json"

pcs_policy_custom_import.py

Use this to script import custom Policies. By default, imported Policies will be disabled, to maintain the status of imported Policies, specify --maintain_status It will check for duplicates before importing.

Example:

python3 pcs_policy_custom_import.py "example-custom-policies.json"

pcs_compliance_export.py

Use this script to export an existing Compliance Standard (and its Requirements and Sections) to a file, for backup ... or to import into another tenant.

Example:

python3 pcs_compliance_export.py "GDPR" "example-compliance-standard.json"

pcs_compliance_import.py

Use this to script import an exported Compliance Standard (and its Requirements and Sections) into a new Compliance Standard. To import the associated Policy mappings, specify the --policy parameter. To associate custom Policies requires first running pcs_policy_custom_export.py to generate a mapping file (and pcs_policy_custom_import.py when importing into another tenant). It will check for duplicates before importing.

Example:

python3 pcs_compliance_import.py "example-compliance-standard.json" "GDPR Imported" --policy

CWP Scripts

pcs_images_packages_read.py

Use this script to inspect the packages in all of the container images (or one image, specified by --image_id) that have been scanned by Prisma Cloud Compute.

Example:

python3 pcs_images_packages_read.py

python3 pcs_images_packages_read.py --image_id "sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522"

An alternate usage is to specify a package via --package_id to search for containers with a specific package, and optionally a version.

Example:

python3 pcs_images_packages_read.py --package_type jar --package_id log4j

python3 pcs_images_packages_read.py --package_type jar --package_id log4j:2.14.1 --version_comparison lt --output_to_csv True

Other CSPM and CWP Scripts

pcs_cloud_account_import_azure.py (in progress)**

This is the framework for importing a CSV (template in the templates directory) with a list of Azure accounts into Prisma Cloud. Note: This is still a work in progress: the basic import framework is running, but validation of CSV and duplicate name checking has not been implemented yet.

Example:

python3 pcs_cloud_account_import_azure.py prisma_cloud_account_import_azure_template.csv

pcs_posture_endpoint_client.py

This is a generic tool for prototyping with the Cloud Security Posture API. It sends output to stdout (and optionally to file) and errors/info sent to STDERR, so that it works in a pipeline which makes it jq friendly. Please note this tool is not intended as a replacement for better well-formed scripts and functions.

Example 1: GET request

python3 pcs_posture_endpoint_client.py GET /v2/policy

Example 2: POST request

cat > body.json <

pcs_compute_endpoint_client.py

This is identical to pcs_posture_endpoint_client.py, except it uses the CSPM API rather than the CWP API.
Comments
  • Request documentation of CA bundle for self-signed cert.

    Request documentation of CA bundle for self-signed cert.

    Documentation link

    https://github.com/PaloAltoNetworks/pcs-toolbox

    Describe the problem

    When configuring as described, the resulting config file does not have a CA bundle. The connection attempt appears to start, but there is an error that the server cert was rejected.

    Suggested fix

    Maybe there is a way to not check the server cert, e.g., like curl -k.

    documentation 
    opened by QWERTY92009 6
  • pcs_configure.py : PrismaCloudUtility object has no attributes

    pcs_configure.py : PrismaCloudUtility object has no attributes "configure"

    Describe the bug

    Can't setup a settings file using pcs_configure due to a Python error : PrismaCloudUtility object has no attributes "configure"

    Your Environment

    • Version used : 4.0.6
    • Python version used : 3.10 (virtual env)
    bug 
    opened by syphax-b 5
  • Initial revision of automating account group assignment by tags

    Initial revision of automating account group assignment by tags

    Description

    Motivation and Context

    How Has This Been Tested?

    Screenshots (if appropriate)

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    • New feature (non-breaking change which adds functionality)
    • Breaking change (fix or feature that would cause existing functionality to change)

    Checklist

    • [ ] I have updated the documentation accordingly.
    • [ ] I have read the CONTRIBUTING document.
    • [ ] I have added tests to cover my changes if appropriate.
    • [ ] All new and existing tests passed.
    opened by lsmithpanw 5
  • [Community Health Assessment] Changes needed

    [Community Health Assessment] Changes needed

    | Health Check | Pass | Score | More Info | | ------------ | ---- | ----- | --------- | | Contains a meaningful README.md file | :white_check_mark: | 20 / 20 | More info | SUPPORT.md file exists | :white_check_mark: | 20 / 20 | More info | Repo has a description | :white_check_mark: | 15 / 15 | More info | Has a recognized open source license | :white_check_mark: | 15 / 15 | More info | Has a descriptive repo name | :white_check_mark: | 15 / 15 | More info | Required topics attached to repo | :white_check_mark: | 15 / 15 | More info | CONTRIBUTING.md file with contribution guidelines | :white_check_mark: | 5 / 5 | More info | Has custom issue and pull request templates | :x: | 0 / 5 | More info

    Current score: 105 Target threshold: 100 Total possible: 110

    opened by community-health-panw[bot] 5
  • AttributeError: 'PrismaCloudAPI' object has no attribute 'hosts_list_read'

    AttributeError: 'PrismaCloudAPI' object has no attribute 'hosts_list_read'

    Describe the bug

    pcs_hosts_vulnerabilities_read.py is returning the following error:

    Testing Compute API Access ... done.

Getting Hosts (please wait) ...Traceback (most recent call last):
  File "pcs_hosts_vulnerabilities_read.py", line 35, in <module>
    hosts = pc_api.hosts_list_read()
AttributeError: 'PrismaCloudAPI' object has no attribute 'hosts_list_read'. Did you mean: 'audits_list_read'?

    Expected behavior

    Being able to list hosts vulnerabilities from Compute

    Current behavior

    Looks like the API handler misses the related function

    bug 
    opened by AsioPanw 4
  • No host supplied error 5.0.3 Using Readme Example

    No host supplied error 5.0.3 Using Readme Example

    Describe the bug

    Using the exact sample on the Readme results in a requests package exception: "requests.exceptions.InvalidURL: Invalid URL 'https:///login': No host supplied"

    Expected behavior

    Returned details of the current user

    Current behavior

    requests.exceptions.InvalidURL: Invalid URL 'https:///login': No host supplied

    Possible solution

    Unknown

    Steps to reproduce

    1. python -m venv .
    2. source bin/activate
    3. pip3 install prismacloud-api
    4. python3 foo.py

    #code used `import os from prismacloud.api import pc_api

    Settings for Prisma Cloud Enterprise Edition

    settings = { "url": "https://api.prismacloud.io/", "identity": "access_key", "secret": "secret_key" }

    pc_api.configure(settings)

    print('Prisma Cloud API Current User:') print() print(pc_api.current_user()) print() print('Prisma Cloud Compute API Intelligence:') print() print(pc_api.statuses_intelligence()) print()`

    Context

    Basic utilization of the API Also attempted changing url with or without trailing '/' and use of api2.prismacloud.io

    Your Environment

    • Version used: 5.0.3
    • Environment name and version (e.g. Chrome 59, node.js 5.4, python 3.7.3): Python 3.10.6
    • Operating System and version (desktop or mobile): MacOS
    bug 
    opened by dwchowscalesec 3
  • Handle API responses without a content-type header

    Handle API responses without a content-type header

    This commit avoids a KeyError: 'content-type' error when API responses do not include a content-type: header.

    Description

    Use .get() method on api_response.headers to handle scenarios where the compute API response does not include the content-type header.

    Motivation and Context

    Avoids this stack trace:

    Traceback (most recent call last):
  File "/home/cfarquhar/projects/prismacloud-api-python/scripts/pcs_incident_archiver.py", line 36, in <module>
    pc_api.audits_ack_incident(incident, ack_status=True)
  File "/home/cfarquhar/projects/prismacloud-api-python/prismacloud/api/compute/_audits.py", line 18, in audits_ack_incident
    resp = self.execute_compute('PATCH', 'api/v1/audits/incidents/acknowledge/%s' % incident_id, body_params=body_params)
  File "/home/cfarquhar/projects/prismacloud-api-python/prismacloud/api/compute/compute.py", line 70, in execute_compute
    if api_response.headers['Content-Type'] == 'text/csv':
  File "/home/cfarquhar/.pyenv/versions/test20220928a/lib/python3.10/site-packages/requests/structures.py", line 52, in __getitem__
    return self._store[key.lower()][1]
KeyError: 'content-type'

    How Has This Been Tested?

    It used to stack trace when API responses did not include a content-type: header. Now it no longer stack traces.

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    opened by cfarquhar 3
  • Update __init__.py

    Update __init__.py

    Description

    Hello! I see the methods from "prismacloud-api-python/prismacloud/api/compute/_stats.py " are not being initiated, is there a techincal reason?

    Motivation and Context

    I see there is some value in the quick reference of the already developed methods

    How Has This Been Tested?

    Based on the commit, re-imported the library and the "stats" methods are now available for "pc_api"

    Types of changes

    • New feature (non-breaking change which adds functionality)

    Checklist

    • [ ] I have updated the documentation accordingly.
    • [x] I have read the CONTRIBUTING document.
    • [x] I have added tests to cover my changes if appropriate.
    • [ ] All new and existing tests passed.
    opened by VictorHdzF 3
  • Add CWP incident acknowledgement method and bulk archiver script

    Add CWP incident acknowledgement method and bulk archiver script

    Description

    This PR:

    • adds a method for acknowledging/archiving CWP runtime incidents
    • adds a script to bulk archive runtime incidents based on the contents of a CSV file
    • fixes some minor _tags.py syntax issues introduced in 53000c11f71e

    Motivation and Context

    The UI does not currently provide a mechanism for bulk archiving runtime incidents. As customers tune their runtime rules, they would like to remove incidents that would not have been generated under the tuned rule set.

    How Has This Been Tested?

    The new method and script were tested against a 22.06.197 SaaS environment.

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    • New feature (non-breaking change which adds functionality)

    Checklist

    • [x] I have updated the documentation accordingly.
    • [x] I have read the CONTRIBUTING document.
    • [x] I have added tests to cover my changes if appropriate.
    • [x] All new and existing tests passed.
    opened by cfarquhar 3
  • Added Preliminary Audit scripts

    Added Preliminary Audit scripts

    Description

    added two scripts for compute and CSPM to pull audit log data and remove all login entries which outputs a CSV with only Create, Update, Delete information

    Motivation and Context

    How Has This Been Tested?

    opened by jaw2ay 3
  • Add enterprise and anomaly settings into CSPM endpoint.

    Add enterprise and anomaly settings into CSPM endpoint.

    Description

    Add enterprise and anomaly settings into CSPM endpoint.

    Motivation and Context

    I would like to use those endpoint for the prisma cloud cli

    How Has This Been Tested?

    Pylint

    Screenshots (if appropriate)

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    • New feature (non-breaking change which adds functionality)
    • Breaking change (fix or feature that would cause existing functionality to change)

    Checklist

    • [ ] I have updated the documentation accordingly.
    • [ ] I have read the CONTRIBUTING document.
    • [ ] I have added tests to cover my changes if appropriate.
    • [ ] All new and existing tests passed.
    opened by SimOnPanw 3
Releases(5.0.12)
Owner
Palo Alto Networks
We ensure each day is safer and more secure than the one before.
Palo Alto Networks
GitHub Repository
API Wrapper for seedr.cc

Seedr Python Client Seedr API built with 💛 by Souvik Pratiher Hit that Star button if you like this kind of SDKs and wants more of similar SDKs for o

Souvik Pratiher 2 Oct 24, 2021
The best (and now open source) Discord selfbot.

React Selfbot Yes, for real Why am I making this open source? Because can't stop calling my product a rat, tokenlogger and what else not. But there is

30 Nov 13, 2022
NekoRobot-2 - Neko is An Anime themed advance Telegram group management bot.

NekoRobot A modular telegram Python bot running on python3 with an sqlalchemy, mongodb database. ╒═══「 Status 」 Maintained Support Group Included Free

Lovely Boy 19 Nov 12, 2022
Assassination API for getting random quotes from Assassination Classroom.

Assassination API Take advantage of what you have, while you have it. Quotes from Assassination Classroom Assassination classroom is one of best anime

Swanand Mulay 3 Jul 15, 2022
Py hec token mgr - Create HEC tokens in Cribl Stream through the API

Add HEC tokens via API calls This script is intended as an example of how to aut

Jon Rust 3 Mar 04, 2022
TwitchAccountMaker - Twitch Account Maker with python

Twitch Account Creator A Twitch Account Creator, Requires Capmonster.cloud Verif

vanis / 1800 0 Jan 20, 2022
短信发送 Python 程序(包含1000+有效接口)

短信轰炸 Python 程序(包含1000+有效接口) 前言 这是一个爬取网络上在线轰炸的接口,后通过 Python 异步 请求接口以达到 手机短信轰炸 的目的。 此为开源项目,仅供娱乐学习使用,使用者所带来的一切后果与作者无关,使用请遵守相关的法律法规,合理使用,请勿滥用。 食用方法 1. 爬取接

蓝鲸落 10.2k Jan 02, 2023
Stackoverflow Telegram Bot With Python

Template for Telegram Bot Template to create a telegram bot in python. How to Run Set your telegram bot token as environment variable TELEGRAM_BOT_TOK

PyTopia 10 Mar 07, 2022
A Python library for the Discourse API

pydiscourse A Python library for working with Discourse. This is a fork of the original Tindie version. It was forked to include fixes, additional fun

Ben Lopatin 72 Oct 14, 2022
Mazda Connected Service API wrapper based on pymazda and Flask.

Mazda Connected Service Relay Mazda Connected Service API wrapper based on pymazda and Flask. Usage Make POST calls to https://mymazda.herokuapp.com/{

Alan Chen 10 Jan 05, 2023
A simple Python API wrapper for Cloudflare Stream's API.

python-cloudflare-stream A basic Python API wrapper for working with Cloudflare Stream. Arbington.com started off using Cloudflare Stream. We used the

Arbington 3 Sep 08, 2022
Aws-lambda-requests-wrapper - Request/Response wrapper for AWS Lambda with API Gateway

AWS Lambda Requests Wrapper Request/Response wrapper for AWS Lambda with API Gat

1 May 20, 2022
This library is for simplified work with the sms-man.com API

SMSMAN Public API Python This is a lightweight library that works as a connector to Sms-Man public API Installation pip install smsman Documentation h

13 Nov 19, 2022
Telegram Bot to save Posts or Files that can be Accessed via Special Links

OKAERI-FILE Bot Telegram untuk menyimpan Posting atau File yang dapat Diakses melalui Link Khusus. Jika Anda memerlukan tambahan module lagi dalam rep

Wahyusaputra 5 Aug 04, 2022
Tubee is a web application, which runs actions when your subscribed channel upload new videos

Tubee is a web application, which runs actions when your subscribed channel upload new videos, think of it as a better IFTTT but built specifically for YouTube with many enhancements.

Tomy Hsieh 11 Jan 01, 2023
Python bindings for swm-core client REST API

Python bindings for swm-core client REST API Description Sky Port is an universal bus between user software and compute resources. It can also be cons

Sky Workflows 1 Jan 01, 2022
Quadrirrotor UFABC - ROS/Gazebo

QuadROS_UFABC - Repositório utilizado durante minha dissertação de mestrado para simular sistemas de controle e estimação para navegação de um quadrirrotor utilizando visão computacional.

Mateus Ribeiro 1 Dec 13, 2022
Student-Management-System-in-Python - Student Management System in Python

Student-Management-System-in-Python Student Management System in Python

G.Niruthian 3 Jan 01, 2022
Python-random-quote - A file-based quote bot written in Python

Let's Write a Python Quote Bot! This repository will get you started with building a quote bot in Python. It's meant to be used along with the Learnin

amir mohammad fateh 1 Jan 02, 2022
UNLIMITED CALL AND SMS BOMBING PYTHON SCRIPT

cc_sim_crack v.1 An open-source SMS/call bomber for Linux And Termux. Note: Due misusing of cc_sim_crack, several API's died. Don't be afraid if you d

CYBER CRACKER OFFICIAL 3 Jul 05, 2021