Vulnerability Protection Profile Configuration Object
The VulnerabilityProtectionProfile
class is used to manage Vulnerability Protection Profile objects in the Strata
Cloud Manager.
It provides methods to create, retrieve, update, delete, and list Vulnerability Protection Profile objects.
Creating an API client object
api_client = Scm(
client_id="this-is-a-placeholder",
client_secret="this-is-a-placeholder",
tsg_id="this-is-a-placeholder",
)
Importing the VulnerabilityProtectionProfile Class
vulnerability_protection_profile = VulnerabilityProtectionProfile(api_client)
Methods
create(data: Dict[str, Any]) -> VulnerabilityProtectionProfileResponseModel
Creates a new Vulnerability Protection Profile object.
Parameters:
data
(Dict[str, Any]): A dictionary containing the Vulnerability Protection Profile object data.
Example:
"name": "test_profile",
"description": "Created via pan-scm-sdk",
"folder": "Shared",
"rules": [
{
"name": "rule1",
"action": "alert",
"severity": ["critical", "high"],
"cve": ["CVE-2021-44228"],
"threat_name": "Log4j RCE"
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created Vulnerability Protection Profile with ID: {new_profile.id}")
get(object_id: str) -> VulnerabilityProtectionProfileResponseModel
Retrieves a Vulnerability Protection Profile object by its ID.
Parameters:
object_id
(str): The UUID of the Vulnerability Protection Profile object.
Example:
profile_object = vulnerability_protection_profile.get(profile_id)
print(f"Profile Name: {profile_object.name}")
update(object_id: str, data: Dict[str, Any]) -> VulnerabilityProtectionProfileResponseModel
Updates an existing Vulnerability Protection Profile object.
Parameters:
object_id
(str): The UUID of the Vulnerability Protection Profile object.data
(Dict[str, Any]): A dictionary containing the updated Vulnerability Protection Profile data.
Example:
"name": "Updated_Profile",
"description": "Updated description",
"folder": "Shared",
"rules": [
{
"name": "updated_rule",
"action": "drop",
"severity": ["critical", "high", "medium"],
"category": "exploit-kit"
}
]
}
updated_profile = vulnerability_protection_profile.update(profile_id, update_data)
print(f"Updated Vulnerability Protection Profile with ID: {updated_profile.id}")
delete(object_id: str) -> None
Deletes a Vulnerability Protection Profile object by its ID.
Parameters:
object_id
(str): The UUID of the Vulnerability Protection Profile object.
Example:
print(f"Deleted Vulnerability Protection Profile with ID: {profile_id}")
list(folder: Optional[str] = None, snippet: Optional[str] = None, device: Optional[str] = None, offset: Optional[int] = None, limit: Optional[int] = None, name: Optional[str] = None, **filters) -> List[VulnerabilityProtectionProfileResponseModel]
Lists Vulnerability Protection Profile objects, optionally filtered by folder, snippet, device, or other criteria.
Parameters:
folder
(Optional[str]): The folder to list profiles from.snippet
(Optional[str]): The snippet to list profiles from.device
(Optional[str]): The device to list profiles from.offset
(Optional[int]): The pagination offset.limit
(Optional[int]): The pagination limit.name
(Optional[str]): Filter profiles by name.**filters
: Additional filters.
Example:
for profile in profiles:
print(f"Profile Name: {profile.name}, ID: {profile.id}")
Usage Examples
Example 1: Creating a Vulnerability Protection Profile with Multiple Rules
"name": "multi_rule_profile",
"description": "Profile with multiple rules",
"folder": "Shared",
"rules": [
{
"name": "critical_vulnerabilities",
"action": "block_ip",
"severity": ["critical"],
"packet_capture": "single-packet"
},
{
"name": "high_severity_exploits",
"action": "reset_both",
"severity": ["high"],
"category": "exploit-kit"
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created profile: {new_profile.name} with ID: {new_profile.id}")
Example 2: Updating a Profile with Threat Exceptions
"threat_exception": [
{
"name": "exception1",
"action": "allow",
"packet_capture": "extended-capture",
"exempt_ip": [{"name": "trusted_server"}],
"notes": "Exception for trusted server"
}
]
}
updated_profile = vulnerability_protection_profile.update(new_profile.id, update_data)
print(f"Updated profile: {updated_profile.name}")
Example 3: Creating a Profile with Advanced Rule Configuration
"name": "advanced_rule_profile",
"description": "Profile with advanced rule configuration",
"snippet": "Example Snippet",
"rules": [
{
"name": "complex_rule",
"action": {"block_ip": {"track_by": "source", "duration": 3600}},
"severity": ["critical", "high"],
"category": "command-execution",
"cve": ["CVE-2021-44228", "CVE-2021-45046"],
"vendor_id": ["PAN-OS-2021-0001"],
"host": "client"
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created profile with advanced rule: {new_profile.name}")
Example 4: Listing Profiles with Custom Filters
folder='Shared',
limit=5,
name='test',
severity='critical'
)
for profile in profiles:
print(f"Profile: {profile.name}, Description: {profile.description}")
Example 5: Creating a Profile with Time Attribute in Threat Exception
"name": "time_attribute_profile",
"folder": "Shared",
"rules": [
{
"name": "default_rule",
"action": "alert",
"severity": ["any"]
}
],
"threat_exception": [
{
"name": "time_based_exception",
"action": "allow",
"time_attribute": {
"interval": 300,
"threshold": 10,
"track_by": "source"
}
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created profile with time attribute: {new_profile.name}")
Example 6: Updating a Profile in a Device Container
"name": "device_profile",
"description": "Profile in a device container",
"device": "firewall-01",
"rules": [
{
"name": "device_specific_rule",
"action": "drop",
"severity": ["critical", "high"],
"category": "overflow"
}
]
}
updated_profile = vulnerability_protection_profile.update(profile_id, update_data)
print(f"Updated profile in device: {updated_profile.name}")
Full Example: Creating and Managing a Vulnerability Protection Profile
from scm.config.security import VulnerabilityProtectionProfile
# Initialize the SCM clientapi_client = Scm(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id",
)
# Create a VulnerabilityProtectionProfile instancevulnerability_protection_profile = VulnerabilityProtectionProfile(api_client)
# Create a new Vulnerability Protection Profileprofile_data = {
"name": "comprehensive_profile",
"description": "Comprehensive Vulnerability Protection Profile",
"folder": "Shared",
"rules": [
{
"name": "critical_vulnerabilities",
"action": {"block_ip": {"track_by": "source", "duration": 3600}},
"severity": ["critical"],
"packet_capture": "single-packet",
"category": "exploit-kit",
"cve": ["CVE-2021-44228"],
"host": "any",
"vendor_id": ["PAN-OS-2021-0001"],
"threat_name": "Log4j RCE"
},
{
"name": "high_severity_rule",
"action": "reset_both",
"severity": ["high"],
"category": "code-execution"
}
],
"threat_exception": [
{
"name": "exception1",
"action": "allow",
"packet_capture": "extended-capture",
"exempt_ip": [{"name": "trusted_server"}],
"time_attribute": {
"interval": 300,
"threshold": 5,
"track_by": "source-and-destination"
},
"notes": "Exception for trusted server"
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created comprehensive profile: {new_profile.name} with ID: {new_profile.id}")
# Retrieve the created profileretrieved_profile = vulnerability_protection_profile.get(new_profile.id)
print(f"Retrieved profile: {retrieved_profile.name}")
# Update the profileupdate_data = {
"description": "Updated comprehensive Vulnerability Protection Profile",
"rules": [
{
"name": "updated_rule",
"action": "drop",
"severity": ["critical", "high", "medium"],
"category": "dos"
}
]
}
updated_profile = vulnerability_protection_profile.update(new_profile.id, update_data)
print(f"Updated profile: {updated_profile.name}")
# List profilesprofiles = vulnerability_protection_profile.list(folder='Shared', limit=10)
print("List of profiles:")
for profile in profiles:
print(f"- {profile.name} (ID: {profile.id})")
# Delete the profilevulnerability_protection_profile.delete(new_profile.id)
print(f"Deleted profile: {new_profile.name}")