Inaccuracy/Missing Config: Unable to set Log Session in Log Settings
Description:
In rule base settings, similar to PanOS you have the ability to specify if you want to log:
Session Start
Session End
Both Session Start and Session End
Most default behavior is to only want to log the "Session End", but there are circumstances where you want both or also to log the session start. The API call to create or edit a Security Rule does not allow you the ability to make those changes or pass those values. At least in the documents and when I pull the rules from my configurations. Example:
My adjusted JSON response pulling a list of rules:
This is formatted directly from the list (the above is how I reformat to help navigate through the rules (it would be much more helpful if there was a numerical value of where the rule is located so a new rule can be inserted or moved around in this case I can only use the UUID of the rule as the placement as even though your list is done in order there is no way I can reference the listed order to insert or move rules around via the API; at least from the docs or what I can tell).
Either way does not show you the Session Action nor allows you to enter the session action. This also leads to a question as to why can we not adjust or override the default behavior of the
Suggested fix
Add field to be able to make this adjustment that is required when a log setting is set. Or specify that if it is not sent then the default is Session End log.
Documentation link
https://pan.dev/access/api/prisma-access-config/post-sse-config-v-1-security-rules/
Describe the problem
Inaccuracy/Missing Config: Unable to set Log Session in Log Settings
Description:
In rule base settings, similar to PanOS you have the ability to specify if you want to log:
Most default behavior is to only want to log the "Session End", but there are circumstances where you want both or also to log the session start. The API call to create or edit a Security Rule does not allow you the ability to make those changes or pass those values. At least in the documents and when I pull the rules from my configurations. Example:
My adjusted JSON response pulling a list of rules:
This is formatted directly from the list (the above is how I reformat to help navigate through the rules (it would be much more helpful if there was a numerical value of where the rule is located so a new rule can be inserted or moved around in this case I can only use the UUID of the rule as the placement as even though your list is done in order there is no way I can reference the listed order to insert or move rules around via the API; at least from the docs or what I can tell).
Either way does not show you the Session Action nor allows you to enter the session action. This also leads to a question as to why can we not adjust or override the default behavior of the
Suggested fix
Add field to be able to make this adjustment that is required when a log setting is set. Or specify that if it is not sent then the default is Session End log.