Prisma Cloud utility scripts, and a Python SDK for Prisma Cloud APIs.

Related tags

Third-party APIs Wrappersprisma-cloudprisma-cloud-compute-edition
Overview

pcs-toolbox

Prisma Cloud utility scripts, and a Python SDK for Prisma Cloud APIs.

Table of Contents

Support

These scripts have been developed by Prisma Cloud SEs, they are not Supported by Palo Alto Networks. Nevertheless, the maintainers will make a best-effort to address issues, and (of course) contributors are encouraged to submit issues and pull requests.

Setup

These scripts are written and tested in Python 3.x. If you need to install Python 3, you can get more information at Python's Home Page ... and you will also need PIP.

These scripts require the Python packages documented in requirements.txt. To check and install these packages, execute:

pip3 install -r requirements.txt

These scripts require the included pc_lib library directory to be in the same directory as the script itself.

Configuration

Configuration for these scripts can be specified each time on the command-line, or can be saved to a configuration file.

Use the pcs_configure.py script to save a configuration file. Configuration options include:

  • -u / --username (REQUIRED) Prisma Cloud Username, or Access Key generated by your Prisma Cloud User
  • -p / --password (REQUIRED) Password associated with your Prisma Cloud Username, or Secret Key associated with your Access Key
  • --api (OPTIONAL) Prisma Cloud API/UI Base URL used to access Prisma Cloud (app*.prismacloud.* ... or you can specify a direct api*.prismacloud.* URL).
  • --api_compute (OPTIONAL) Prisma Cloud Compute API Base URL used to access Prisma Cloud Compute (For SaaS, use Compute > Manage > System > Downloads: Path to Console).
  • --config_file (OPTIONAL) File containing your Prisma Cloud API configuration settings. Default: pc-settings.conf

An Access Key/Secret Key is preferable to using a Username/Password, and Access Keys must be created by a Prisma Cloud User with the permissions required by the script(s) being executed.

Configuration is saved as cleartext JSON, by default in the same directory as the scripts themselves, unless you specify --config_file.

CSPM vs CWP

The --api parameter is required for scripts (such as pcs_alerts_read.py) that use the Prisma Cloud CSPM API.

The --api_compute parameter is required for scripts (such as pcs_images_packages_read.py) that use the Prisma Cloud Compute (CWP) API.

For use with On-Premise/Self-Hosted Prisma Cloud Compute, --username is your Prisma Cloud Compute User, --password is your password or your active bearer token, and --api must not be specified.

References

https://prisma.pan.dev/api/cloud/

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-access-keys.html

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions.html

Examples:

python3 pcs_configure.py --username "Example Access Key" --password "Example Secret Key" --api "app.prismacloud.io"

python3 pcs_configure.py --username "Example Access Key" --password "Example Secret Key" --api "app.prismacloud.io" --config_file ~/example-pc-settings.conf

python3 pcs_configure.py --username "Example Username" --password "Example Password" --api_compute "onpremise.example.com"

Run pcs_configure.py specifying nothing (other than the optional --config_file) to output your current configuration file.

Script Usage

For detailed documentation of each script's parameters, specify -h or --help when executing the script.

CSPM Scripts

pcs_policy_set_status.py

Use this script to enable or disable Policies globally for an account (filtered by Policy Type or Compliance Standard). This is primarily used to set up a new environment with every Policy enabled, or to update an environment after a large number of new Policies have been released.

Example:

python3 pcs_policy_set_status.py --policy_type config enable

Use this script to enable Policies that are associated with a specific Compliance Standard (or Compliance Standards).

Example:

python3 pcs_policy_status.py --policy_type all disable

python3 pcs_policy_status.py --compliance_standard "GDPR" enable

pcs_user_import.py

Use this script to import a list of Users from a CSV file, assigning the imported Users to the specified Role. It will check for duplicates before importing.

Example:

python3 pcs_user_import.py "example-import-users.csv" "Example Prisma Cloud Role to assign to the imported Users"

pcs_policy_custom_export.py

Use this script to export custom Policies to a file, for backup ... or to import into another tenant.

Example:

python3 pcs_policy_custom_export.py "example-custom-policies.json"

pcs_policy_custom_import.py

Use this to script import custom Policies. By default, imported Policies will be disabled, to maintain the status of imported Policies, specify --maintain_status It will check for duplicates before importing.

Example:

python3 pcs_policy_custom_import.py "example-custom-policies.json"

pcs_compliance_export.py

Use this script to export an existing Compliance Standard (and its Requirements and Sections) to a file, for backup ... or to import into another tenant.

Example:

python3 pcs_compliance_export.py "GDPR" "example-compliance-standard.json"

pcs_compliance_import.py

Use this to script import an exported Compliance Standard (and its Requirements and Sections) into a new Compliance Standard. To import the associated Policy mappings, specify the --policy parameter. To associate custom Policies requires first running pcs_policy_custom_export.py to generate a mapping file (and pcs_policy_custom_import.py when importing into another tenant). It will check for duplicates before importing.

Example:

python3 pcs_compliance_import.py "example-compliance-standard.json" "GDPR Imported" --policy

CWP Scripts

pcs_images_packages_read.py

Use this script to inspect the packages in all of the container images (or one image, specified by --image_id) that have been scanned by Prisma Cloud Compute.

Example:

python3 pcs_images_packages_read.py

python3 pcs_images_packages_read.py --image_id "sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522"

An alternate usage is to specify a package via --package_id to search for containers with a specific package, and optionally a version.

Example:

python3 pcs_images_packages_read.py --package_type jar --package_id log4j

python3 pcs_images_packages_read.py --package_type jar --package_id log4j:2.14.1 --version_comparison lt --output_to_csv True

Other CSPM and CWP Scripts

pcs_cloud_account_import_azure.py (in progress)**

This is the framework for importing a CSV (template in the templates directory) with a list of Azure accounts into Prisma Cloud. Note: This is still a work in progress: the basic import framework is running, but validation of CSV and duplicate name checking has not been implemented yet.

Example:

python3 pcs_cloud_account_import_azure.py prisma_cloud_account_import_azure_template.csv

pcs_posture_endpoint_client.py

This is a generic tool for prototyping with the Cloud Security Posture API. It sends output to stdout (and optionally to file) and errors/info sent to STDERR, so that it works in a pipeline which makes it jq friendly. Please note this tool is not intended as a replacement for better well-formed scripts and functions.

Example 1: GET request

python3 pcs_posture_endpoint_client.py GET /v2/policy

Example 2: POST request

cat > body.json <

pcs_compute_endpoint_client.py

This is identical to pcs_posture_endpoint_client.py, except it uses the CSPM API rather than the CWP API.
Comments
  • Request documentation of CA bundle for self-signed cert.

    Request documentation of CA bundle for self-signed cert.

    Documentation link

    https://github.com/PaloAltoNetworks/pcs-toolbox

    Describe the problem

    When configuring as described, the resulting config file does not have a CA bundle. The connection attempt appears to start, but there is an error that the server cert was rejected.

    Suggested fix

    Maybe there is a way to not check the server cert, e.g., like curl -k.

    documentation 
    opened by QWERTY92009 6
  • pcs_configure.py : PrismaCloudUtility object has no attributes

    pcs_configure.py : PrismaCloudUtility object has no attributes "configure"

    Describe the bug

    Can't setup a settings file using pcs_configure due to a Python error : PrismaCloudUtility object has no attributes "configure"

    Your Environment

    • Version used : 4.0.6
    • Python version used : 3.10 (virtual env)
    bug 
    opened by syphax-b 5
  • Initial revision of automating account group assignment by tags

    Initial revision of automating account group assignment by tags

    Description

    Motivation and Context

    How Has This Been Tested?

    Screenshots (if appropriate)

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    • New feature (non-breaking change which adds functionality)
    • Breaking change (fix or feature that would cause existing functionality to change)

    Checklist

    • [ ] I have updated the documentation accordingly.
    • [ ] I have read the CONTRIBUTING document.
    • [ ] I have added tests to cover my changes if appropriate.
    • [ ] All new and existing tests passed.
    opened by lsmithpanw 5
  • [Community Health Assessment] Changes needed

    [Community Health Assessment] Changes needed

    | Health Check | Pass | Score | More Info | | ------------ | ---- | ----- | --------- | | Contains a meaningful README.md file | :white_check_mark: | 20 / 20 | More info | SUPPORT.md file exists | :white_check_mark: | 20 / 20 | More info | Repo has a description | :white_check_mark: | 15 / 15 | More info | Has a recognized open source license | :white_check_mark: | 15 / 15 | More info | Has a descriptive repo name | :white_check_mark: | 15 / 15 | More info | Required topics attached to repo | :white_check_mark: | 15 / 15 | More info | CONTRIBUTING.md file with contribution guidelines | :white_check_mark: | 5 / 5 | More info | Has custom issue and pull request templates | :x: | 0 / 5 | More info

    Current score: 105 Target threshold: 100 Total possible: 110

    opened by community-health-panw[bot] 5
  • AttributeError: 'PrismaCloudAPI' object has no attribute 'hosts_list_read'

    AttributeError: 'PrismaCloudAPI' object has no attribute 'hosts_list_read'

    Describe the bug

    pcs_hosts_vulnerabilities_read.py is returning the following error:

    Testing Compute API Access ... done.

Getting Hosts (please wait) ...Traceback (most recent call last):
  File "pcs_hosts_vulnerabilities_read.py", line 35, in <module>
    hosts = pc_api.hosts_list_read()
AttributeError: 'PrismaCloudAPI' object has no attribute 'hosts_list_read'. Did you mean: 'audits_list_read'?

    Expected behavior

    Being able to list hosts vulnerabilities from Compute

    Current behavior

    Looks like the API handler misses the related function

    bug 
    opened by AsioPanw 4
  • No host supplied error 5.0.3 Using Readme Example

    No host supplied error 5.0.3 Using Readme Example

    Describe the bug

    Using the exact sample on the Readme results in a requests package exception: "requests.exceptions.InvalidURL: Invalid URL 'https:///login': No host supplied"

    Expected behavior

    Returned details of the current user

    Current behavior

    requests.exceptions.InvalidURL: Invalid URL 'https:///login': No host supplied

    Possible solution

    Unknown

    Steps to reproduce

    1. python -m venv .
    2. source bin/activate
    3. pip3 install prismacloud-api
    4. python3 foo.py

    #code used `import os from prismacloud.api import pc_api

    Settings for Prisma Cloud Enterprise Edition

    settings = { "url": "https://api.prismacloud.io/", "identity": "access_key", "secret": "secret_key" }

    pc_api.configure(settings)

    print('Prisma Cloud API Current User:') print() print(pc_api.current_user()) print() print('Prisma Cloud Compute API Intelligence:') print() print(pc_api.statuses_intelligence()) print()`

    Context

    Basic utilization of the API Also attempted changing url with or without trailing '/' and use of api2.prismacloud.io

    Your Environment

    • Version used: 5.0.3
    • Environment name and version (e.g. Chrome 59, node.js 5.4, python 3.7.3): Python 3.10.6
    • Operating System and version (desktop or mobile): MacOS
    bug 
    opened by dwchowscalesec 3
  • Handle API responses without a content-type header

    Handle API responses without a content-type header

    This commit avoids a KeyError: 'content-type' error when API responses do not include a content-type: header.

    Description

    Use .get() method on api_response.headers to handle scenarios where the compute API response does not include the content-type header.

    Motivation and Context

    Avoids this stack trace:

    Traceback (most recent call last):
  File "/home/cfarquhar/projects/prismacloud-api-python/scripts/pcs_incident_archiver.py", line 36, in <module>
    pc_api.audits_ack_incident(incident, ack_status=True)
  File "/home/cfarquhar/projects/prismacloud-api-python/prismacloud/api/compute/_audits.py", line 18, in audits_ack_incident
    resp = self.execute_compute('PATCH', 'api/v1/audits/incidents/acknowledge/%s' % incident_id, body_params=body_params)
  File "/home/cfarquhar/projects/prismacloud-api-python/prismacloud/api/compute/compute.py", line 70, in execute_compute
    if api_response.headers['Content-Type'] == 'text/csv':
  File "/home/cfarquhar/.pyenv/versions/test20220928a/lib/python3.10/site-packages/requests/structures.py", line 52, in __getitem__
    return self._store[key.lower()][1]
KeyError: 'content-type'

    How Has This Been Tested?

    It used to stack trace when API responses did not include a content-type: header. Now it no longer stack traces.

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    opened by cfarquhar 3
  • Update __init__.py

    Update __init__.py

    Description

    Hello! I see the methods from "prismacloud-api-python/prismacloud/api/compute/_stats.py " are not being initiated, is there a techincal reason?

    Motivation and Context

    I see there is some value in the quick reference of the already developed methods

    How Has This Been Tested?

    Based on the commit, re-imported the library and the "stats" methods are now available for "pc_api"

    Types of changes

    • New feature (non-breaking change which adds functionality)

    Checklist

    • [ ] I have updated the documentation accordingly.
    • [x] I have read the CONTRIBUTING document.
    • [x] I have added tests to cover my changes if appropriate.
    • [ ] All new and existing tests passed.
    opened by VictorHdzF 3
  • Add CWP incident acknowledgement method and bulk archiver script

    Add CWP incident acknowledgement method and bulk archiver script

    Description

    This PR:

    • adds a method for acknowledging/archiving CWP runtime incidents
    • adds a script to bulk archive runtime incidents based on the contents of a CSV file
    • fixes some minor _tags.py syntax issues introduced in 53000c11f71e

    Motivation and Context

    The UI does not currently provide a mechanism for bulk archiving runtime incidents. As customers tune their runtime rules, they would like to remove incidents that would not have been generated under the tuned rule set.

    How Has This Been Tested?

    The new method and script were tested against a 22.06.197 SaaS environment.

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    • New feature (non-breaking change which adds functionality)

    Checklist

    • [x] I have updated the documentation accordingly.
    • [x] I have read the CONTRIBUTING document.
    • [x] I have added tests to cover my changes if appropriate.
    • [x] All new and existing tests passed.
    opened by cfarquhar 3
  • Added Preliminary Audit scripts

    Added Preliminary Audit scripts

    Description

    added two scripts for compute and CSPM to pull audit log data and remove all login entries which outputs a CSV with only Create, Update, Delete information

    Motivation and Context

    How Has This Been Tested?

    opened by jaw2ay 3
  • Add enterprise and anomaly settings into CSPM endpoint.

    Add enterprise and anomaly settings into CSPM endpoint.

    Description

    Add enterprise and anomaly settings into CSPM endpoint.

    Motivation and Context

    I would like to use those endpoint for the prisma cloud cli

    How Has This Been Tested?

    Pylint

    Screenshots (if appropriate)

    Types of changes

    • Bug fix (non-breaking change which fixes an issue)
    • New feature (non-breaking change which adds functionality)
    • Breaking change (fix or feature that would cause existing functionality to change)

    Checklist

    • [ ] I have updated the documentation accordingly.
    • [ ] I have read the CONTRIBUTING document.
    • [ ] I have added tests to cover my changes if appropriate.
    • [ ] All new and existing tests passed.
    opened by SimOnPanw 3
Releases(5.0.12)
Owner
Palo Alto Networks
We ensure each day is safer and more secure than the one before.
Palo Alto Networks
GitHub Repository
Biblioteca Python que extrai dados de mercado do Bacen (Séries Temporais)

Pybacen This library was developed for economic analysis in the Brazilian scenario (Investments, micro and macroeconomic indicators) Installation Inst

42 Jan 05, 2023
The unofficial Amazon search CLI & Python API

amzSear The unofficial Amazon Product CLI & API. Easily search the amazon product directory from the command line without the need for an Amazon API k

Asher Silvers 95 Nov 11, 2022
A telegram bot that can send you high-quality audio 🎧🎧🎧

Music downloader bot Still under development Please Report issues to improve this repo.I will try to fix bugs in next update Music downloader bot is a

Anish Gowda 36 Dec 06, 2022
A Python API For Questionnaire

Инструкция по разворачиванию приложения Окружение проекта: python 3.8 Django 2.2.10 djangorestframework Склонируйте репозиторий с помощью git: git clo

2 Feb 14, 2022
a Disqus alternative

Isso – a commenting server similar to Disqus Isso – Ich schrei sonst – is a lightweight commenting server written in Python and JavaScript. It aims to

Martin Zimmermann 4.7k Jan 02, 2023
Aio-binance-library - Async library for connecting to the Binance API on Python

aio-binance-library Async library for connecting to the Binance API on Python Th

GRinvest 10 Nov 21, 2022
A Discord bot written in Python to help with guild administration

forgotten-hydra A Discord bot written in Python to help with guild administration. External libraries Pycord-Development/pycord 1.7.3 djc/couchdb-pyth

1 May 14, 2022
Collect links to profiles by username through search engines

Marple Summary Collect links to profiles by username through search engines (currently Google and DuckDuckGo). Quick Start ./marple.py soxoj Results:

125 Dec 19, 2022
Free and Open Source Channel/Group Voice chat music player for telegram ❤️ with button support Heroku Commands

ZeusMusic Requirements 📝 FFmpeg NodeJS nodesource.com Python 3.7 or higher PyTgCalls MongoDB 2nd Telegram Account (needed for userbot) 🧪 Get SESSION

ZeusNetwork 4 Jan 03, 2022
The open source version of Tentro - A multipurpose Discord bot.

Welcome to Tentro 👋 A multipurpose Discord bot. 🏠 Homepage Install pip install -r requirements.txt Usage py Tentro.py Contributors 👤 Tentro Dev Tea

6 Jul 14, 2022
Random-backlog-tweet - Pick a page from a sitemap at random and prep a tweet button for it

Random-backlog-tweet - Pick a page from a sitemap at random and prep a tweet button for it

Paul O'Leary McCann 0 Dec 01, 2022
Binance leverage futures Hook

Simple binance futures Attention Just use leverage. The fee difference between futures and spot is not considered. For example, funding rate, etc. Onl

Adriance 26 Aug 27, 2022
Python API wrapper library for Convex Value API

convex-value-python Python API wrapper library for Convex Value API. Further Links: Convex Value homepage @ConvexValue on Twitter JB on Twitter Authen

Aaron DeVera 2 May 11, 2022
GG Dorking is a tool to generate GitHub and Google dorking for pentesters and bug bounty hunters.

GG-Dorking GG Dorking is a python tool to generate GitHub and Google dorking links for pentesters and bug bounty hunters. It will help you to find imp

Eslam Akl 80 Nov 24, 2022
Python: Asynchronous client for the Open-Meteo API.

Python: Asynchronous client for the Open-Meteo API. Asynchronous client for the Open-Meteo API. About Open-Meteo offers free weather forecast APIs for

Franck Nijhof 11 Dec 21, 2022
Fetch torrent links from nyaa, according to releases by smoke index.

Nyaa - Smoke's index torrent fetcher Description This script parses the local (or online) anime release index (csv format) made by Big Smoke. And uses

Dinank 21 Jun 08, 2022
Automation application was made by me using Google, Sheet and Slack APIs with Python.

README This application is used to transfer the data in the xlsx document we have to the Google Drive environment and calculate the "total budget" wit

3 Apr 12, 2022
An API that uses NLP and AI to let you predict possible diseases and symptoms based on a prompt of what you're feeling.

Disease detection API for MediSearch An API that uses NLP and AI to let you predict possible diseases and symptoms based on a prompt of what you're fe

Sebastian Ponce 1 Jan 15, 2022
Dicha herramienta esta creada con una api... esta api permite enviar un SMS cada 12 horas dependiendo del pais... Hay algunos paises y operadoras no están soportados.

SMSFree pkg install python3 pip install requests git clone https://github.com/Hidden-parker/SMSFree cd SMSFree python sms.py DISFRUTA... Dicha herrami

piter 2 Nov 14, 2021
Ever wanted a dashboard for making your antispam? This is it.

Ever wanted a dashboard for making your antispam? This is it.

Skelmis 1 Oct 27, 2021