search

swaschkut / pan-os-php

Framework and utilities to easily manage and edit Palo Alto Network PANOS devices
ISC License
16 stars 1 forks source link

HitCount and ApplicationSeen parameters don't work when used together #24

Closed bethatasitmay closed 2 months ago

bethatasitmay commented 2 months ago

Describe the bug

When I use the parameters HitCount and ApplicationSeen with either exportToExcel or display, it doesn't work.

When I use the parameter HitCount or ApplicationSeen alone with either exportToExcel or display, the output appears as expected.

Expected behavior

My expectation is that using both parameters will include them in the results.

Current behavior

I receive the following errors (with or without the single quotes surrounding the action):

exportToExcel

> php -r "require_once 'C:/tools/pan/pan-os-php/utils/pan-os-php.php';" type=rule in=api://panorama.domain.com location=any ruletype=security 'actions=exportToExcel:Expired-over-90d-all.xls,HitCount,ApplicationSeen' 'filter=(schedule.expire.in.days < -90)'

***********************************************
*********** pan-os-php.php type=rule UTILITY **************

 - PAN-OS-PHP version: 2.1.25 [WIN] [8.3.10]
 - Downloading config from API...
 - Detected platform type is 'panorama'
 - No 'template' provided so using default ='any'

**ERROR** error while processing argument 'exportToExcel' : too many arguments provided

USAGE: php C:\tools\pan\pan-os-php\utils\pan-os-php.php type=rule in=inputfile.xml out=outputfile.xml location=any|shared|sub actions=action1:arg1 ['filter=(type is.group) or (name contains datacenter-)']
php C:\tools\pan\pan-os-php\utils\pan-os-php.php type=rule listactions   : list supported actions
php C:\tools\pan\pan-os-php\utils\pan-os-php.php type=rule listfilters   : list supported filter
php C:\tools\pan\pan-os-php\utils\pan-os-php.php type=rule help          : more help messages
Examples:
 - php C:\tools\pan\pan-os-php\utils\pan-os-php.php type=rule in=api://192.169.50.10 location=DMZ-Firewall-Group actions=displayReferences 'filter=(name eq Mail-Host1)' - php C:\tools\pan\pan-os-php\utils\pan-os-php.php type=rule in=config.xml out=output.xml location=any actions=delete

PAN-OS API connections for version < 9.0 now need additional argument: 'shadow-apikeynohidden'

* ** WARNING ** * error while processing argument 'exportToExcel' : too many arguments provided

display

> php -r "require_once 'C:/tools/pan/pan-os-php/utils/pan-os-php.php';" type=rule in=api://panorama.domain.com location=any ruletype=security 'actions=display:HitCount,ApplicationSeen' 'filter=(schedule.expire.in.days < -90)'

***********************************************
*********** pan-os-php.php type=rule UTILITY **************

 - PAN-OS-PHP version: 2.1.25 [WIN] [8.3.10]
 - Downloading config from API...
 - Detected platform type is 'panorama'
 - No 'template' provided so using default ='any'

**ERROR** error while processing argument 'display' : too many arguments provided

USAGE: php C:\tools\pan\pan-os-php\utils\pan-os-php.php type=rule in=inputfile.xml out=outputfile.xml location=any|shared|sub actions=action1:arg1 ['filter=(type is.group) or (name contains datacenter-)']
php C:\tools\pan\pan-os-php\utils\pan-os-php.php type=rule listactions   : list supported actions
php C:\tools\pan\pan-os-php\utils\pan-os-php.php type=rule listfilters   : list supported filter
php C:\tools\pan\pan-os-php\utils\pan-os-php.php type=rule help          : more help messages
Examples:
 - php C:\tools\pan\pan-os-php\utils\pan-os-php.php type=rule in=api://192.169.50.10 location=DMZ-Firewall-Group actions=displayReferences 'filter=(name eq Mail-Host1)' - php C:\tools\pan\pan-os-php\utils\pan-os-php.php type=rule in=config.xml out=output.xml location=any actions=delete

PAN-OS API connections for version < 9.0 now need additional argument: 'shadow-apikeynohidden'

* ** WARNING ** * error while processing argument 'display' : too many arguments provided

Steps to reproduce

See commands above

Context

This is a nice to have - I can simply run them separately.

Your Environment

bethatasitmay commented 2 months ago

Never mind - I made a mistake. I thought I tested a pipe separated list with action surrounded in single quotes but apparently I did not. I just tried that and it worked.

swaschkut commented 2 months ago

to answer for other people who are running into the same: The answer can be found by running this help:

pan-os-php type=rule help exporttoexcel

the additional arguments are pipeSeparatedList

-- additionalFields :
 OPTIONAL
 type=pipeSeparatedList
     choices: ResolveAddressSummary, ResolveServiceSummary, ResolveServiceAppDefaultSummary, ResolveApplicationSummary, ResolveScheduleSummary, ApplicationSeen, HitCount

 pipe(|) separated list of additional field to include in the report. The following is available:
   - ResolveAddressSummary : fields with address objects will be resolved to IP addressed and summarized in a new column
   - ResolveServiceSummary : fields with service objects will be resolved to their value and summarized in a new column
   - ResolveServiceAppDefaultSummary : fields with application objects will be resolved to their service default value and summarized in a new column
   - ResolveApplicationSummary : fields with application objects will be resolved to their category and risk
   - ResolveScheduleSummary : fields with schedule objects will be resolved to their expire time
   - ApplicationSeen : all App-ID seen on the Device SecurityRule will be listed
   - HitCount : Rule - 'first-hit' - 'last-hit' - 'hit-count' - 'rule-creation will be listed

The correct command is:

pan-os-php type=rule in=api://panorama.domain.com location=any ruletype=security 'actions=display:HitCount|ApplicationSeen' shadow-json 'filter=(schedule.expire.in.days < -90)'

And as the standard CLI output for type=rule 'actions=display' is already packed, this additional information is only available with the additional argument shadow-json, where the output is in JSON format.

bethatasitmay commented 2 months ago

Thanks!