Prisma Cloud utility scripts, and a Python SDK for Prisma Cloud APIs.

Related tags

Third-party APIs Wrappersprisma-cloudprisma-cloud-compute-edition
Overview

pcs-toolbox

Prisma Cloud utility scripts, and a Python SDK for Prisma Cloud APIs.

Table of Contents

Support

These scripts have been developed by Prisma Cloud SEs, they are not Supported by Palo Alto Networks. Nevertheless, the maintainers will make a best-effort to address issues, and (of course) contributors are encouraged to submit issues and pull requests.

Setup

These scripts are written and tested in Python 3.x. If you need to install Python 3, you can get more information at Python's Home Page ... and you will also need PIP.

These scripts require the Python packages documented in requirements.txt. To check and install these packages, execute:

pip3 install -r requirements.txt

These scripts require the included pc_lib library directory to be in the same directory as the script itself.

Configuration

Configuration for these scripts can be specified each time on the command-line, or can be saved to a configuration file.

Use the pcs_configure.py script to save a configuration file. Configuration options include:

  • -u / --username (REQUIRED) Prisma Cloud Username, or Access Key generated by your Prisma Cloud User
  • -p / --password (REQUIRED) Password associated with your Prisma Cloud Username, or Secret Key associated with your Access Key
  • --api (OPTIONAL) Prisma Cloud API/UI Base URL used to access Prisma Cloud (app*.prismacloud.* ... or you can specify a direct api*.prismacloud.* URL).
  • --api_compute (OPTIONAL) Prisma Cloud Compute API Base URL used to access Prisma Cloud Compute (For SaaS, use Compute > Manage > System > Downloads: Path to Console).
  • --config_file (OPTIONAL) File containing your Prisma Cloud API configuration settings. Default: pc-settings.conf

An Access Key/Secret Key is preferable to using a Username/Password, and Access Keys must be created by a Prisma Cloud User with the permissions required by the script(s) being executed.

Configuration is saved as cleartext JSON, by default in the same directory as the scripts themselves, unless you specify --config_file.

CSPM vs CWP

The --api parameter is required for scripts (such as pcs_alerts_read.py) that use the Prisma Cloud CSPM API.

The --api_compute parameter is required for scripts (such as pcs_images_packages_read.py) that use the Prisma Cloud Compute (CWP) API.

For use with On-Premise/Self-Hosted Prisma Cloud Compute, --username is your Prisma Cloud Compute User, --password is your password or your active bearer token, and --api must not be specified.

References

https://prisma.pan.dev/api/cloud/

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-access-keys.html

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions.html

Examples:

python3 pcs_configure.py --username "Example Access Key" --password "Example Secret Key" --api "app.prismacloud.io"

python3 pcs_configure.py --username "Example Access Key" --password "Example Secret Key" --api "app.prismacloud.io" --config_file ~/example-pc-settings.conf

python3 pcs_configure.py --username "Example Username" --password "Example Password" --api_compute "onpremise.example.com"

Run pcs_configure.py specifying nothing (other than the optional --config_file) to output your current configuration file.

Script Usage

For detailed documentation of each script's parameters, specify -h or --help when executing the script.

CSPM Scripts

pcs_policy_set_status.py

Use this script to enable or disable Policies globally for an account (filtered by Policy Type or Compliance Standard). This is primarily used to set up a new environment with every Policy enabled, or to update an environment after a large number of new Policies have been released.

Example:

python3 pcs_policy_set_status.py --policy_type config enable

Use this script to enable Policies that are associated with a specific Compliance Standard (or Compliance Standards).

Example:

python3 pcs_policy_status.py --policy_type all disable

python3 pcs_policy_status.py --compliance_standard "GDPR" enable

pcs_user_import.py

Use this script to import a list of Users from a CSV file, assigning the imported Users to the specified Role. It will check for duplicates before importing.

Example:

python3 pcs_user_import.py "example-import-users.csv" "Example Prisma Cloud Role to assign to the imported Users"

pcs_policy_custom_export.py

Use this script to export custom Policies to a file, for backup ... or to import into another tenant.

Example:

python3 pcs_policy_custom_export.py "example-custom-policies.json"

pcs_policy_custom_import.py

Use this to script import custom Policies. By default, imported Policies will be disabled, to maintain the status of imported Policies, specify --maintain_status It will check for duplicates before importing.

Example:

python3 pcs_policy_custom_import.py "example-custom-policies.json"

pcs_compliance_export.py

Use this script to export an existing Compliance Standard (and its Requirements and Sections) to a file, for backup ... or to import into another tenant.

Example:

python3 pcs_compliance_export.py "GDPR" "example-compliance-standard.json"

pcs_compliance_import.py

Use this to script import an exported Compliance Standard (and its Requirements and Sections) into a new Compliance Standard. To import the associated Policy mappings, specify the --policy parameter. To associate custom Policies requires first running pcs_policy_custom_export.py to generate a mapping file (and pcs_policy_custom_import.py when importing into another tenant). It will check for duplicates before importing.

Example:

python3 pcs_compliance_import.py "example-compliance-standard.json" "GDPR Imported" --policy

CWP Scripts

pcs_images_packages_read.py

Use this script to inspect the packages in all of the container images (or one image, specified by --image_id) that have been scanned by Prisma Cloud Compute.

Example:

python3 pcs_images_packages_read.py

python3 pcs_images_packages_read.py --image_id "sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522"

An alternate usage is to specify a package via --package_id to search for containers with a specific package, and optionally a version.

Example:

python3 pcs_images_packages_read.py --package_type jar --package_id log4j

python3 pcs_images_packages_read.py --package_type jar --package_id log4j:2.14.1 --version_comparison lt --output_to_csv True

Other CSPM and CWP Scripts

pcs_cloud_account_import_azure.py (in progress)**

This is the framework for importing a CSV (template in the templates directory) with a list of Azure accounts into Prisma Cloud. Note: This is still a work in progress: the basic import framework is running, but validation of CSV and duplicate name checking has not been implemented yet.

Example:

python3 pcs_cloud_account_import_azure.py prisma_cloud_account_import_azure_template.csv

pcs_posture_endpoint_client.py

This is a generic tool for prototyping with the Cloud Security Posture API. It sends output to stdout (and optionally to file) and errors/info sent to STDERR, so that it works in a pipeline which makes it jq friendly. Please note this tool is not intended as a replacement for better well-formed scripts and functions.

Example 1: GET request

python3 pcs_posture_endpoint_client.py GET /v2/policy

Example 2: POST request

cat > body.json <

pcs_compute_endpoint_client.py

This is identical to pcs_posture_endpoint_client.py, except it uses the CSPM API rather than the CWP API.
Comments
  • Request documentation of CA bundle for self-signed cert.

    Request documentation of CA bundle for self-signed cert.

    Documentation link

    https://github.com/PaloAltoNetworks/pcs-toolbox

    Describe the problem

    When configuring as described, the resulting config file does not have a CA bundle. The connection attempt appears to start, but there is an error that the server cert was rejected.

    Suggested fix

    Maybe there is a way to not check the server cert, e.g., like curl -k.

    documentation 
    opened by QWERTY92009 6
  • pcs_configure.py : PrismaCloudUtility object has no attributes

    pcs_configure.py : PrismaCloudUtility object has no attributes "configure"

    Describe the bug

    Can't setup a settings file using pcs_configure due to a Python error : PrismaCloudUtility object has no attributes "configure"

    Your Environment

    • Version used : 4.0.6
    • Python version used : 3.10 (virtual env)
    bug 
    opened by syphax-b 5
  • Initial revision of automating account group assignment by tags

    Initial revision of automating account group assignment by tags

    Description

    Motivation and Context

    How Has This Been Tested?

    Screenshots (if appropriate)

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    • New feature (non-breaking change which adds functionality)
    • Breaking change (fix or feature that would cause existing functionality to change)

    Checklist

    • [ ] I have updated the documentation accordingly.
    • [ ] I have read the CONTRIBUTING document.
    • [ ] I have added tests to cover my changes if appropriate.
    • [ ] All new and existing tests passed.
    opened by lsmithpanw 5
  • [Community Health Assessment] Changes needed

    [Community Health Assessment] Changes needed

    | Health Check | Pass | Score | More Info | | ------------ | ---- | ----- | --------- | | Contains a meaningful README.md file | :white_check_mark: | 20 / 20 | More info | SUPPORT.md file exists | :white_check_mark: | 20 / 20 | More info | Repo has a description | :white_check_mark: | 15 / 15 | More info | Has a recognized open source license | :white_check_mark: | 15 / 15 | More info | Has a descriptive repo name | :white_check_mark: | 15 / 15 | More info | Required topics attached to repo | :white_check_mark: | 15 / 15 | More info | CONTRIBUTING.md file with contribution guidelines | :white_check_mark: | 5 / 5 | More info | Has custom issue and pull request templates | :x: | 0 / 5 | More info

    Current score: 105 Target threshold: 100 Total possible: 110

    opened by community-health-panw[bot] 5
  • AttributeError: 'PrismaCloudAPI' object has no attribute 'hosts_list_read'

    AttributeError: 'PrismaCloudAPI' object has no attribute 'hosts_list_read'

    Describe the bug

    pcs_hosts_vulnerabilities_read.py is returning the following error:

    Testing Compute API Access ... done.

Getting Hosts (please wait) ...Traceback (most recent call last):
  File "pcs_hosts_vulnerabilities_read.py", line 35, in <module>
    hosts = pc_api.hosts_list_read()
AttributeError: 'PrismaCloudAPI' object has no attribute 'hosts_list_read'. Did you mean: 'audits_list_read'?

    Expected behavior

    Being able to list hosts vulnerabilities from Compute

    Current behavior

    Looks like the API handler misses the related function

    bug 
    opened by AsioPanw 4
  • No host supplied error 5.0.3 Using Readme Example

    No host supplied error 5.0.3 Using Readme Example

    Describe the bug

    Using the exact sample on the Readme results in a requests package exception: "requests.exceptions.InvalidURL: Invalid URL 'https:///login': No host supplied"

    Expected behavior

    Returned details of the current user

    Current behavior

    requests.exceptions.InvalidURL: Invalid URL 'https:///login': No host supplied

    Possible solution

    Unknown

    Steps to reproduce

    1. python -m venv .
    2. source bin/activate
    3. pip3 install prismacloud-api
    4. python3 foo.py

    #code used `import os from prismacloud.api import pc_api

    Settings for Prisma Cloud Enterprise Edition

    settings = { "url": "https://api.prismacloud.io/", "identity": "access_key", "secret": "secret_key" }

    pc_api.configure(settings)

    print('Prisma Cloud API Current User:') print() print(pc_api.current_user()) print() print('Prisma Cloud Compute API Intelligence:') print() print(pc_api.statuses_intelligence()) print()`

    Context

    Basic utilization of the API Also attempted changing url with or without trailing '/' and use of api2.prismacloud.io

    Your Environment

    • Version used: 5.0.3
    • Environment name and version (e.g. Chrome 59, node.js 5.4, python 3.7.3): Python 3.10.6
    • Operating System and version (desktop or mobile): MacOS
    bug 
    opened by dwchowscalesec 3
  • Handle API responses without a content-type header

    Handle API responses without a content-type header

    This commit avoids a KeyError: 'content-type' error when API responses do not include a content-type: header.

    Description

    Use .get() method on api_response.headers to handle scenarios where the compute API response does not include the content-type header.

    Motivation and Context

    Avoids this stack trace:

    Traceback (most recent call last):
  File "/home/cfarquhar/projects/prismacloud-api-python/scripts/pcs_incident_archiver.py", line 36, in <module>
    pc_api.audits_ack_incident(incident, ack_status=True)
  File "/home/cfarquhar/projects/prismacloud-api-python/prismacloud/api/compute/_audits.py", line 18, in audits_ack_incident
    resp = self.execute_compute('PATCH', 'api/v1/audits/incidents/acknowledge/%s' % incident_id, body_params=body_params)
  File "/home/cfarquhar/projects/prismacloud-api-python/prismacloud/api/compute/compute.py", line 70, in execute_compute
    if api_response.headers['Content-Type'] == 'text/csv':
  File "/home/cfarquhar/.pyenv/versions/test20220928a/lib/python3.10/site-packages/requests/structures.py", line 52, in __getitem__
    return self._store[key.lower()][1]
KeyError: 'content-type'

    How Has This Been Tested?

    It used to stack trace when API responses did not include a content-type: header. Now it no longer stack traces.

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    opened by cfarquhar 3
  • Update __init__.py

    Update __init__.py

    Description

    Hello! I see the methods from "prismacloud-api-python/prismacloud/api/compute/_stats.py " are not being initiated, is there a techincal reason?

    Motivation and Context

    I see there is some value in the quick reference of the already developed methods

    How Has This Been Tested?

    Based on the commit, re-imported the library and the "stats" methods are now available for "pc_api"

    Types of changes

    • New feature (non-breaking change which adds functionality)

    Checklist

    • [ ] I have updated the documentation accordingly.
    • [x] I have read the CONTRIBUTING document.
    • [x] I have added tests to cover my changes if appropriate.
    • [ ] All new and existing tests passed.
    opened by VictorHdzF 3
  • Add CWP incident acknowledgement method and bulk archiver script

    Add CWP incident acknowledgement method and bulk archiver script

    Description

    This PR:

    • adds a method for acknowledging/archiving CWP runtime incidents
    • adds a script to bulk archive runtime incidents based on the contents of a CSV file
    • fixes some minor _tags.py syntax issues introduced in 53000c11f71e

    Motivation and Context

    The UI does not currently provide a mechanism for bulk archiving runtime incidents. As customers tune their runtime rules, they would like to remove incidents that would not have been generated under the tuned rule set.

    How Has This Been Tested?

    The new method and script were tested against a 22.06.197 SaaS environment.

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    • New feature (non-breaking change which adds functionality)

    Checklist

    • [x] I have updated the documentation accordingly.
    • [x] I have read the CONTRIBUTING document.
    • [x] I have added tests to cover my changes if appropriate.
    • [x] All new and existing tests passed.
    opened by cfarquhar 3
  • Added Preliminary Audit scripts

    Added Preliminary Audit scripts

    Description

    added two scripts for compute and CSPM to pull audit log data and remove all login entries which outputs a CSV with only Create, Update, Delete information

    Motivation and Context

    How Has This Been Tested?

    opened by jaw2ay 3
  • Add enterprise and anomaly settings into CSPM endpoint.

    Add enterprise and anomaly settings into CSPM endpoint.

    Description

    Add enterprise and anomaly settings into CSPM endpoint.

    Motivation and Context

    I would like to use those endpoint for the prisma cloud cli

    How Has This Been Tested?

    Pylint

    Screenshots (if appropriate)

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    • New feature (non-breaking change which adds functionality)
    • Breaking change (fix or feature that would cause existing functionality to change)

    Checklist

    • [ ] I have updated the documentation accordingly.
    • [ ] I have read the CONTRIBUTING document.
    • [ ] I have added tests to cover my changes if appropriate.
    • [ ] All new and existing tests passed.
    opened by SimOnPanw 3
Releases(5.0.12)
Owner
Palo Alto Networks
We ensure each day is safer and more secure than the one before.
Palo Alto Networks
GitHub Repository
A discord bot that send SMS spam!

bruh-bot send spam sms! send spam with email! it sends you spam via sms and Email using two tools, quack and impulse! if you have some problem contact

pai 32 Dec 25, 2022
An unofficial python wrapper for the comdirect API for private consumers.

An unofficial python wrapper for the comdirect API for private consumers.

Alexander Knittel 18 Nov 30, 2022
A Telegram mirror bot which can be deployed using Heroku.

Slam Mirror Bot This is a telegram bot writen in python for mirroring files on the internet to our beloved Google Drive. Getting Google OAuth API cred

Hafitz Setya 1.2k Jan 01, 2023
Using a Gameboy emulator and making it into a DIscord bot !

Gameboy-Discord Using a Gameboy emulator and making it into a Discord bot ! Im not the best at doing this, and i suck at coding so its completely unde

7 Oct 18, 2022
This is a tool to help people to make a bot for labelling images for machine learning projects.

labeller_images_python_telegramBOT This is a bot to help collect data for any machine learning project. It was developed using the python-telegram-bot

Diego Silveira 2 Nov 13, 2021
A simple and stupid Miinto API wrapper

miinto-api-wrapper Miinto API Wrapper is a simple python wrapper for Miinto API. Miinto is a fashion luxury marketplace. For more information see the

Giuseppe Checchia 3 Jan 09, 2022
A Next-Gen modular Python3 Telegram-Bot with Anime Theme to it.

Hsea Robot A modular Telegram Python bot running on python3 with a sqlalchemy database and an entirely themed persona to make Cutiepii suitable for An

Wahyusaputra 1 Dec 29, 2021
An NFTGenerator to generate NFTs and send them to nft.storage

NFTGenerator Table of Contents Overview Installation Introduction Features Reflection Issues & bug reports Show your support Credits Overview The NFTG

3 Mar 14, 2022
An analysis of the efficiency of the COVID-19 vaccine

VaccineEfficiency 💉 An analysis of the efficiency of the COVID-19 vaccine 3 Methods 1️⃣ Compare country's vaccination data to number of day- to-day c

Stephanie Younes 1 Dec 10, 2021
Probably Overengineered Unimore Booker

POUB Probably Overengineered Unimore Booker A python-powered, actor-based, telegram-facing, timetable-aware booker for unimore (if you know more adjec

Lorenzo Rossi 3 Feb 20, 2022
AWS Lambda Fast API starter application

AWS Lambda Fast API Fast API starter application compatible with API Gateway and Lambda Function. How to deploy it? Terraform AWS Lambda API is a reus

OBytes 6 Apr 20, 2022
Python 3 tools for interacting with Notion API

NotionDB Python 3 tools for interacting with Notion API: API client Relational database wrapper Installation pip install notiondb API client from noti

Viet Hoang 14 Nov 24, 2022
WhatsApp Web API client with multi-device support

Tauros WhatsApp Web client for multi-device in python Free software: MIT Documentation: https://tauros.readthedocs.io Features TODO Credits This packa

Manjit Pardeshi 0 Jan 20, 2022
A simple Discord Bot created for basic functionality and fun chat commands for use in a private server.

LoveAndChaos-Bot v0.1.0 LoveAndChaos-Bot is a Discord Bot specifically designed for a private server; this bot is merely a test and a method to expose

Morgan Rose 1 Dec 12, 2021
Prometheus exporter for CNMC API

CNMC Prometheus exporter It needs a Prometheus Pushgateway Install requirements via pip install -r requirements.txt Export the following environment v

GISCE-TI 1 Oct 20, 2021
A Telegram Repo For Devs To Controll The Bots Under Maintenance.This Bot Is For Developers, If Your Bot Is Down, Use This Repo To Give Your Dear Subscribers Some Support By Providing Them Response.

Maintenance Bot A Telegram Repo For Devs To Controll The Bots Under Maintenance About This Bot This Bot Is For Developers, If Your Bot Is Down, Use Th

Vɪᴠᴇᴋ 47 Dec 29, 2022
Send embeds using your discord personal account

Welcome to Embed Sender 👋 Send embeds using your discord personal account Install pip install -r requirements.txt Usage Put your discord token in ./

SkydenFly 11 Sep 07, 2022
discord.py bot written in Python.

bakerbot Bakerbot is a discord.py bot written in Python :) Originally made as a learning exercise, now used by friends as a somewhat useful bot and us

8 Dec 04, 2022
Fetch torrent links from nyaa, according to releases by smoke index.

Nyaa - Smoke's index torrent fetcher Description This script parses the local (or online) anime release index (csv format) made by Big Smoke. And uses

Dinank 21 Jun 08, 2022
Simple yet efficient tool used to check and sort tokens in terms of there validation.

Discord Token Checker Simple yet efficient tool used to check and sort tokens in terms of there validation.When the program is done,go to the "output"

Robotnik 15 Dec 27, 2022