Security Services Configuration Objects

Overview

This section covers the configuration security services provided by the Palo Alto Networks Strata Cloud Manager SDK. Each configuration object corresponds to a resource in the Strata Cloud Manager and provides methods for managing security policies and profiles.

Security Rules and Policy Management

Security Rule

Manage Security Rules, which define the core security policies for your network traffic. These rules determine:

Source and destination zones/addresses
Applications and services allowed/denied
Security profiles to be applied
Logging and monitoring settings

Security Profiles

Anti Spyware Profile

Configure Anti-Spyware profiles to protect against:

Spyware downloads and installations
Command-and-control (C2) traffic
Data exfiltration attempts
Known malicious sites and patterns

Decryption Profile

Manage SSL/TLS Decryption profiles to:

Control encrypted traffic inspection
Define certificate validation settings
Configure SSL/TLS protocol settings
Manage trusted certificates

DNS Security Profile

Configure DNS Security profiles to protect against:

DNS tunneling
Domain generation algorithms (DGA)
Fast-flux DNS attacks
Known malicious domains

URL Categories

Manage URL Categories to:

Create custom URL categories
Define custom URL lists
Override default category settings
Apply granular policy control

Vulnerability Protection Profile

Manage Vulnerability Protection profiles to:

Protect against known CVEs
Block exploit attempts
Prevent buffer overflows
Protect against code execution attempts

Wildfire Antivirus Profile

Configure WildFire and Antivirus profiles for:

Real-time malware analysis
Zero-day threat protection
Known malware blocking
File type controls

Common Features

All configuration objects provide standard CRUD operations:

Create: Add new security profiles or rules
Read: Retrieve existing configurations
Update: Modify existing profiles or rules
Delete: Remove unwanted configurations
List: Enumerate and filter configurations

Additional features include:

Pagination support for large collections
Filtering capabilities
Container-aware operations (folder/device/snippet)
Validation of configuration parameters

Usage Pattern

All configuration objects follow a consistent pattern:

from scm.client import ScmClient
# Initialize the client using unified interfaceclient = ScmClient(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id"
)
# Define your intended object as a Python dictionarysec_rule_dictionary = {
"name": "test-rule",
"folder": "Texas",
"source": ["any"],
"destination": ["any"],
"application": ["web-browsing"],
"service": ["application-default"],
"action": "allow"
}
# Perform operations using the unified clientresult = client.security_rule.create(sec_rule_dictionary)
print(f"Created security rule with ID: {result.id}")

You can also use the traditional approach:

from scm.client import Scm
from scm.config.security import SecurityRule # Or other config object
# Initialize the clientapi_client = Scm(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id"
)
# Create configuration object instancesecurity_rule = SecurityRule(api_client)
# Define your intended object as a Python dictionarysec_rule_dictionary = {
"name": "test-rule",
"folder": "Texas",
"source": ["any"],
"destination": ["any"],
"application": ["web-browsing"],
"service": ["application-default"],
"action": "allow"
}
# Perform operationsresult = security_rule.create(sec_rule_dictionary)
print(f"Created security rule with ID: {result.id}")

Select a configuration object above to view detailed documentation, including methods, parameters, and examples.