Anti-Spyware Profile Configuration Object
The AntiSpywareProfile
class is used to manage anti-spyware profile objects in the Strata Cloud Manager. It provides
methods to create, retrieve, update, delete, and list anti-spyware profile objects.
Creating an API client object
api_client = Scm(
client_id="this-is-a-placeholder",
client_secret="this-is-a-placeholder",
tsg_id="this-is-a-placeholder",
)
Importing the AntiSpywareProfile Class
anti_spyware_profile = AntiSpywareProfile(api_client)
Methods
create(data: Dict[str, Any]) -> AntiSpywareProfileResponseModel
Creates a new anti-spyware profile object.
Parameters:
data
(Dict[str, Any]): A dictionary containing the anti-spyware profile object data.
Example:
"name": "test_profile",
"description": "Test anti-spyware profile",
"folder": "Prisma Access",
"rules": [
{
"name": "rule1",
"severity": ["critical", "high"],
"category": "spyware",
"action": {"alert": {}}
}
]
}
new_profile = anti_spyware_profile.create(profile_data)
print(f"Created anti-spyware profile with ID: {new_profile.id}")
get(object_id: str) -> AntiSpywareProfileResponseModel
Retrieves an anti-spyware profile object by its ID.
Parameters:
object_id
(str): The UUID of the anti-spyware profile object.
Example:
profile_object = anti_spyware_profile.get(profile_id)
print(f"Anti-Spyware Profile Name: {profile_object.name}")
update(object_id: str, data: Dict[str, Any]) -> AntiSpywareProfileResponseModel
Updates an existing anti-spyware profile object.
Parameters:
object_id
(str): The UUID of the anti-spyware profile object.data
(Dict[str, Any]): A dictionary containing the updated anti-spyware profile data.
Example:
"name": "Updated name",
"folder": "Prisma Access",
"description": "Updated anti-spyware profile description",
"rules": [
{
"name": "updated_rule",
"severity": ["high"],
"category": "dns-security",
"action": {"block_ip": {"track_by": "source", "duration": 300}}
}
]
}
updated_profile = anti_spyware_profile.update(profile_id, update_data)
print(f"Updated anti-spyware profile with ID: {updated_profile.id}")
delete(object_id: str) -> None
Deletes an anti-spyware profile object by its ID.
Parameters:
object_id
(str): The UUID of the anti-spyware profile object.
Example:
print(f"Deleted anti-spyware profile with ID: {profile_id}")
list(folder: Optional[str] = None, snippet: Optional[str] = None, device: Optional[str] = None, offset: Optional[int] = None, limit: Optional[int] = None, name: Optional[str] = None, **filters) -> List[AntiSpywareProfileResponseModel]
Lists anti-spyware profile objects, optionally filtered by folder, snippet, device, or other criteria.
Parameters:
folder
(Optional[str]): The folder to list anti-spyware profiles from.snippet
(Optional[str]): The snippet to list anti-spyware profiles from.device
(Optional[str]): The device to list anti-spyware profiles from.offset
(Optional[int]): The offset for pagination.limit
(Optional[int]): The limit for pagination.name
(Optional[str]): Filter profiles by name.**filters
: Additional filters.
Example:
for profile in profiles:
print(f"Anti-Spyware Profile Name: {profile.name}, ID: {profile.id}")
Usage Examples
Example 1: Creating a profile with multiple rules
"name": "multi_rule_profile",
"description": "Profile with multiple rules",
"folder": "Prisma Access",
"rules": [
{
"name": "rule1",
"severity": ["critical", "high"],
"category": "spyware",
"action": {"alert": {}}
},
{
"name": "rule2",
"severity": ["medium"],
"category": "dns-security",
"action": {"drop": {}}
}
]
}
new_profile = anti_spyware_profile.create(profile_data)
print(f"Created profile with ID: {new_profile.id}")
Example 2: Updating a profile with threat exceptions
Note: There is currently a schema validation error if an update is made with either
threat_name
orcategory
set to the value ofany
, it suggests that a minimum of four characters is required and thatany
is not a valid category
"name": "updated profile",
"description": "Profile with multiple rules",
"folder": "Prisma Access",
"rules": [
{
"name": "rule1",
"severity": ["critical", "high"],
"category": "spyware",
"action": {"alert": {}}
},
{
"name": "rule2",
"severity": ["medium"],
"category": "dns-security",
"action": {"drop": {}}
}
],
"threat_exception": [
{
"name": "10001",
"packet_capture": "single-packet",
"action": {"allow": {}},
"exempt_ip": [{"name": "10.0.0.1"}]
}
]
}
updated_profile = anti_spyware_profile.update(profile_id, update_data)
print(f"Updated profile with ID: {updated_profile.id}")
Example 3: Listing profiles with filters
folder='Prisma Access',
limit=5,
name='updated profile',
)
for profile in filtered_profiles:
print(f"Filtered Profile: {profile.name}")
Example 4: Creating a profile with MICA engine settings
"name": "mica_profile",
"description": "Profile with MICA engine settings",
"folder": "Prisma Access",
"mica_engine_spyware_enabled": [
{
"name": "HTTP Command and Control detector",
"inline_policy_action": "alert"
},
{
"name": "HTTP2 Command and Control detector",
"inline_policy_action": "reset-both"
}
],
"rules": [
{
"name": "mica_rule",
"severity": ["any"],
"category": "any",
"action": {"reset_both": {}}
}
]
}
new_profile = anti_spyware_profile.create(profile_data)
print(f"Created MICA profile with ID: {new_profile.id}")
Example 5: Updating a profile with inline exceptions
"inline_exception_edl_url": ["http://example.com/edl1", "http://example.com/edl2"],
"inline_exception_ip_address": ["192.168.1.1", "192.168.1.2"]
}
updated_profile = anti_spyware_profile.update(profile_id, update_data)
print(f"Updated profile with inline exceptions, ID: {updated_profile.id}")
Example 6: Creating a profile in a snippet
"name": "snippet_profile",
"description": "Profile in a snippet",
"snippet": "cdot.io Best Practices",
"rules": [
{
"name": "snippet_rule",
"severity": ["high"],
"category": "command-and-control",
"action": {"reset_both": {}}
}
]
}
new_profile = anti_spyware_profile.create(profile_data)
print(f"Created profile in snippet with ID: {new_profile.id}")
Full Example
from scm.config.security import AntiSpywareProfile
# Initialize the SCM clientapi_client = Scm(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id",
)
# Create an AntiSpywareProfile instanceanti_spyware_profile = AntiSpywareProfile(api_client)
# Create a new anti-spyware profileprofile_data = {
"name": "comprehensive_profile",
"description": "A comprehensive anti-spyware profile",
"folder": "Prisma Access",
"cloud_inline_analysis": True,
"mica_engine_spyware_enabled": [
{
"name": "HTTP Command and Control detector",
"inline_policy_action": "alert"
}
],
"rules": [
{
"name": "rule1",
"severity": ["critical", "high"],
"category": "spyware",
"action": {"alert": {}}
},
{
"name": "rule2",
"severity": ["medium"],
"category": "dns-security",
"action": {"drop": {}}
}
],
"threat_exception": [
{
"name": "10001",
"packet_capture": "single-packet",
"action": {"allow": {}},
"exempt_ip": [{"name": "10.0.0.1"}]
}
]
}
new_profile = anti_spyware_profile.create(profile_data)
print(f"Created comprehensive anti-spyware profile with ID: {new_profile.id}")
# List anti-spyware profilesprofiles = anti_spyware_profile.list(folder='Prisma Access', limit=10)
for profile in profiles:
print(f"Anti-Spyware Profile Name: {profile.name}, ID: {profile.id}")
# Update the profileupdate_data = {
"description": "Updated comprehensive anti-spyware profile",
"rules": [
{
"name": "updated_rule",
"severity": ["high"],
"category": "command-and-control",
"action": {"block_ip": {"track_by": "source", "duration": 300}}
}
]
}
updated_profile = anti_spyware_profile.update(new_profile.id, update_data)
print(f"Updated anti-spyware profile with ID: {updated_profile.id}")
# Delete the profileanti_spyware_profile.delete(new_profile.id)
print(f"Deleted anti-spyware profile with ID: {new_profile.id}")