HIP Object Configuration Object

Overview

The HIPObject class provides functionality to manage Host Information Profile (HIP) objects in Palo Alto Networks' Strata Cloud Manager. This class inherits from BaseObject and provides methods for creating, retrieving, updating, and deleting HIP objects that define security posture requirements for endpoints.

Core Methods

Method	Description	Parameters	Return Type
`create()`	Creates a new HIP object	`data: Dict[str, Any]`	`HIPObjectResponseModel`
`get()`	Retrieves a HIP object by ID	`object_id: str`	`HIPObjectResponseModel`
`update()`	Updates an existing HIP object	`hip_object: HIPObjectUpdateModel`	`HIPObjectResponseModel`
`delete()`	Deletes a HIP object	`object_id: str`	`None`
`list()`	Lists HIP objects with filtering	`folder: str`, `**filters`	`List[HIPObjectResponseModel]`
`fetch()`	Gets HIP object by name	`name: str`, `folder: str`	`HIPObjectResponseModel`

HIP Object Model Attributes

Attribute	Type	Required	Description
`name`	str	Yes	Name of HIP object (max 31 chars)
`id`	UUID	Yes*	Unique identifier (*response only)
`description`	str	No	Object description (max 255 chars)
`host_info`	HostInfoModel	No	Host information criteria
`network_info`	NetworkInfoModel	No	Network information criteria
`patch_management`	PatchManagementModel	No	Patch management criteria
`disk_encryption`	DiskEncryptionModel	No	Disk encryption criteria
`mobile_device`	MobileDeviceModel	No	Mobile device criteria
`certificate`	CertificateModel	No	Certificate criteria
`folder`	str	Yes**	Folder location (**one container required)
`snippet`	str	Yes**	Snippet location (**one container required)
`device`	str	Yes**	Device location (**one container required)

Exceptions

Exception	HTTP Code	Description
`InvalidObjectError`	400	Invalid HIP object data or format
`MissingQueryParameterError`	400	Missing required parameters
`NameNotUniqueError`	409	HIP object name already exists
`ObjectNotPresentError`	404	HIP object not found
`ReferenceNotZeroError`	409	HIP object still referenced
`AuthenticationError`	401	Authentication failed
`ServerError`	500	Internal server error

Basic Configuration

from scm.client import Scm
from scm.config.objects import HIPObject
# Initialize clientclient = Scm(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id"
)
# Initialize HIPObject with custom max_limithip_objects = HIPObject(client, max_limit=5000)

Usage Examples

Creating HIP Objects

# Host info based HIP objecthost_info_config = {
"name": "windows-workstation",
"folder": "Shared",
"description": "Windows workstation requirements",
"host_info": {
"criteria": {
"os": {
"contains": {
"Microsoft": "All"
}
},
"managed": True
}
}
}
# Create host info HIP objecthost_info_hip = hip_objects.create(host_info_config)
# Disk encryption based HIP objectdisk_encryption_config = {
"name": "encrypted-endpoints",
"folder": "Shared",
"description": "Disk encryption requirements",
"disk_encryption": {
"criteria": {
"is_installed": True,
"encrypted_locations": [
{
"name": "C:",
"encryption_state": {"is": "encrypted"}
}
]
}
}
}
# Create disk encryption HIP objectdisk_encryption_hip = hip_objects.create(disk_encryption_config)

Retrieving HIP Objects

# Fetch by name and folderhip_object = hip_objects.fetch(name="windows-workstation", folder="Shared")
print(f"Found HIP object: {hip_object.name}")
# Get by IDhip_by_id = hip_objects.get(hip_object.id)
print(f"Retrieved HIP object: {hip_by_id.name}")

Updating HIP Objects

# Fetch existing HIP objectexisting_hip = hip_objects.fetch(name="encrypted-endpoints", folder="Shared")
# Add additional encryption locationif existing_hip.disk_encryption and existing_hip.disk_encryption.criteria:
existing_hip.disk_encryption.criteria.encrypted_locations.append({
"name": "D:",
"encryption_state": {"is": "encrypted"}
})
# Update descriptionexisting_hip.description = "Updated disk encryption requirements"
# Perform updateupdated_hip = hip_objects.update(existing_hip)

Listing HIP Objects

# List with direct filter parametersfiltered_hips = hip_objects.list(
folder='Shared',
criteria_types=['host_info', 'disk_encryption'],
exact_match=True
)
# Process resultsfor hip in filtered_hips:
print(f"Name: {hip.name}")
if hip.host_info:
print("Type: Host Info")
elif hip.disk_encryption:
print("Type: Disk Encryption")
# Define filter parameters as dictionarylist_params = {
"folder": "Shared",
"criteria_types": ["mobile_device"],
"exclude_folders": ["Test", "Development"]
}
# List with filters as kwargsfiltered_hips = hip_objects.list(**list_params)

Deleting HIP Objects

# Delete by IDhip_id = "123e4567-e89b-12d3-a456-426655440000"
hip_objects.delete(hip_id)

Managing Configuration Changes

Performing Commits

# Prepare commit parameterscommit_params = {
"folders": ["Shared"],
"description": "Updated HIP objects",
"sync": True,
"timeout": 300 # 5 minute timeout
}
# Commit the changesresult = hip_objects.commit(**commit_params)

print(f"Commit job ID: {result.job_id}")

Monitoring Jobs

# Get status of specific jobjob_status = hip_objects.get_job_status(result.job_id)
print(f"Job status: {job_status.data[0].status_str}")
# List recent jobsrecent_jobs = hip_objects.list_jobs(limit=10)
for job in recent_jobs.data:
print(f"Job {job.id}: {job.type_str} - {job.status_str}")

Error Handling

from scm.exceptions import (
InvalidObjectError,
MissingQueryParameterError,
NameNotUniqueError,
ObjectNotPresentError,
ReferenceNotZeroError
)

try:
# Create HIP object configuration
hip_config = {
"name": "test-hip",
"folder": "Shared",
"description": "Test HIP object",
"host_info": {
"criteria": {
"managed": True
}
}
}

# Create the HIP object
new_hip = hip_objects.create(hip_config)

# Commit changes
result = hip_objects.commit(
folders=["Shared"],
description="Added test HIP object",
sync=True
)

# Check job status
status = hip_objects.get_job_status(result.job_id)

except InvalidObjectError as e:
print(f"Invalid HIP object data: {e.message}")
except NameNotUniqueError as e:
print(f"HIP object name already exists: {e.message}")
except ObjectNotPresentError as e:
print(f"HIP object not found: {e.message}")
except ReferenceNotZeroError as e:
print(f"HIP object still in use: {e.message}")
except MissingQueryParameterError as e:
print(f"Missing parameter: {e.message}")

Best Practices

HIP Object Design
- Use descriptive names for clarity
- Define specific criteria for each type
- Combine criteria types logically
- Document requirements clearly
- Keep criteria focused and minimal
Container Management
- Always specify exactly one container
- Use consistent container names
- Validate container existence
- Group related HIP objects
- Consider inheritance patterns
Performance
- Set appropriate max_limit values
- Use pagination for large lists
- Cache frequently accessed objects
- Implement proper retry logic
- Monitor API response times
Security
- Follow least privilege principle
- Validate input data
- Use secure connection settings
- Implement proper authentication
- Monitor security posture changes
Error Handling
- Implement comprehensive error handling
- Check job status after commits
- Log error details
- Handle specific exceptions
- Validate criteria before creation

Full Script Examples

Refer to the hip_object.py example.