Vulnerability Protection Profile Configuration Object
The VulnerabilityProtectionProfile class provides functionality to manage vulnerability protection profiles in Palo
Alto Networks' Strata
Cloud Manager. These profiles define rules and policies for detecting and preventing exploitation of known
vulnerabilities in network
traffic.
Overview
Vulnerability protection profiles in Strata Cloud Manager allow you to:
- Define rules for different vulnerability severities and categories
- Configure actions for detected vulnerabilities (alert, block, reset connections)
- Set up threat exceptions for specific cases
- Specify packet capture settings
- Track vulnerabilities by CVE or vendor ID
- Organize profiles within folders, snippets, or devices
Methods
| Method | Description |
|---|---|
create() |
Creates a new vulnerability protection profile |
get() |
Retrieves a vulnerability protection profile by ID |
update() |
Updates an existing vulnerability protection profile |
delete() |
Deletes a vulnerability protection profile |
list() |
Lists vulnerability protection profiles with optional filters |
fetch() |
Retrieves a single vulnerability protection profile by name |
Creating Vulnerability Protection Profiles
The create() method allows you to define new vulnerability protection profiles. You must specify a name, rules, and
exactly one
container type (folder, snippet, or device).
Example: Basic Profile with Single Rule
profile_data = {
"name": "basic-profile",
"description": "Basic vulnerability protection",
"folder": "Shared",
"rules": [
{
"name": "critical-vulns",
"severity": ["critical"],
"category": "code-execution",
"action": {"block_ip": {"track_by": "source", "duration": 300}}
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created profile: {new_profile['name']}")
"name": "basic-profile",
"description": "Basic vulnerability protection",
"folder": "Shared",
"rules": [
{
"name": "critical-vulns",
"severity": ["critical"],
"category": "code-execution",
"action": {"block_ip": {"track_by": "source", "duration": 300}}
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created profile: {new_profile['name']}")
Example: Profile with Multiple Rules and CVEs
profile_data = {
"name": "advanced-profile",
"description": "Advanced vulnerability protection",
"folder": "Shared",
"rules": [
{
"name": "critical-cves",
"severity": ["critical", "high"],
"category": "command-execution",
"cve": ["CVE-2021-44228", "CVE-2021-45046"],
"action": {"reset_both": {}}
},
{
"name": "medium-vulns",
"severity": ["medium"],
"category": "sql-injection",
"action": {"alert": {}}
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created profile: {new_profile['name']}")
"name": "advanced-profile",
"description": "Advanced vulnerability protection",
"folder": "Shared",
"rules": [
{
"name": "critical-cves",
"severity": ["critical", "high"],
"category": "command-execution",
"cve": ["CVE-2021-44228", "CVE-2021-45046"],
"action": {"reset_both": {}}
},
{
"name": "medium-vulns",
"severity": ["medium"],
"category": "sql-injection",
"action": {"alert": {}}
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created profile: {new_profile['name']}")
Getting Vulnerability Protection Profiles
Use the get() method to retrieve a vulnerability protection profile by its ID.
profile_id = "123e4567-e89b-12d3-a456-426655440000"
profile = vulnerability_protection_profile.get(profile_id)
print(f"Profile Name: {profile['name']}")
print(f"Number of Rules: {len(profile['rules'])}")
profile = vulnerability_protection_profile.get(profile_id)
print(f"Profile Name: {profile['name']}")
print(f"Number of Rules: {len(profile['rules'])}")
Updating Vulnerability Protection Profiles
The update() method allows you to modify existing vulnerability protection profiles.
update_data = {
"id": "123e4567-e89b-12d3-a456-426655440000",
"description": "Updated profile description",
"folder": "Shared",
"rules": [
{
"name": "updated-rule",
"severity": ["critical", "high"],
"category": "exploit-kit",
"action": {"reset_both": {}}
}
],
"threat_exception": [
{
"name": "exception-1",
"packet_capture": "single-packet",
"action": {"allow": {}},
"exempt_ip": [{"name": "10.0.0.1"}]
}
]
}
updated_profile = vulnerability_protection_profile.update(update_data)
print(f"Updated profile: {updated_profile['name']}")
"id": "123e4567-e89b-12d3-a456-426655440000",
"description": "Updated profile description",
"folder": "Shared",
"rules": [
{
"name": "updated-rule",
"severity": ["critical", "high"],
"category": "exploit-kit",
"action": {"reset_both": {}}
}
],
"threat_exception": [
{
"name": "exception-1",
"packet_capture": "single-packet",
"action": {"allow": {}},
"exempt_ip": [{"name": "10.0.0.1"}]
}
]
}
updated_profile = vulnerability_protection_profile.update(update_data)
print(f"Updated profile: {updated_profile['name']}")
Deleting Vulnerability Protection Profiles
Use the delete() method to remove a vulnerability protection profile.
profile_id = "123e4567-e89b-12d3-a456-426655440000"
vulnerability_protection_profile.delete(profile_id)
print("Profile deleted successfully")
vulnerability_protection_profile.delete(profile_id)
print("Profile deleted successfully")
Listing Vulnerability Protection Profiles
The list() method retrieves multiple vulnerability protection profiles with optional filtering. You can filter the
results using the
following kwargs:
severity: List[str] - Filter by rule severities (e.g., ['critical', 'high'])action: List[str] - Filter by rule actions (e.g., ['alert', 'block'])threat_name: List[str] - Filter by rule threat names
# List all profiles in a folderprofiles = vulnerability_protection_profile.list(
folder="Shared"
)
# List profiles with critical severity rulescritical_profiles = vulnerability_protection_profile.list(
folder="Shared",
severity=['critical']
)
# List profiles with specific actionsalert_profiles = vulnerability_protection_profile.list(
folder="Shared",
action=['alert', 'block']
)
# List profiles with specific threat namesthreat_profiles = vulnerability_protection_profile.list(
folder="Shared",
threat_name=['Log4Shell', 'SQLi']
)
# Combine multiple filtersfiltered_profiles = vulnerability_protection_profile.list(
folder="Shared",
severity=['critical', 'high'],
action=['block']
)
# Print the resultsfor profile in profiles:
print(f"Name: {profile.name}")
for rule in profile.rules:
print(f"Rule: {rule.name}, Severity: {rule.severity}")
folder="Shared"
)
# List profiles with critical severity rulescritical_profiles = vulnerability_protection_profile.list(
folder="Shared",
severity=['critical']
)
# List profiles with specific actionsalert_profiles = vulnerability_protection_profile.list(
folder="Shared",
action=['alert', 'block']
)
# List profiles with specific threat namesthreat_profiles = vulnerability_protection_profile.list(
folder="Shared",
threat_name=['Log4Shell', 'SQLi']
)
# Combine multiple filtersfiltered_profiles = vulnerability_protection_profile.list(
folder="Shared",
severity=['critical', 'high'],
action=['block']
)
# Print the resultsfor profile in profiles:
print(f"Name: {profile.name}")
for rule in profile.rules:
print(f"Rule: {rule.name}, Severity: {rule.severity}")
Fetching Vulnerability Protection Profiles
The fetch() method retrieves a single vulnerability protection profile by name from a specific container.
profile = vulnerability_protection_profile.fetch(
name="basic-profile",
folder="Shared"
)
print(f"Found profile: {profile['name']}")
print(f"Current rules: {len(profile['rules'])}")
name="basic-profile",
folder="Shared"
)
print(f"Found profile: {profile['name']}")
print(f"Current rules: {len(profile['rules'])}")
Full Workflow Example
Here's a complete example demonstrating the full lifecycle of a vulnerability protection profile:
from scm.client import Scm
from scm.config.security import VulnerabilityProtectionProfile
# Initialize clientclient = Scm(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id"
)
# Initialize vulnerability protection profile objectvulnerability_protection_profile = VulnerabilityProtectionProfile(client)
# Create new profilecreate_data = {
"name": "test-profile",
"description": "Test vulnerability protection",
"folder": "Shared",
"rules": [
{
"name": "test-rule",
"severity": ["critical"],
"category": "code-execution",
"action": {"alert": {}}
}
]
}
new_profile = vulnerability_protection_profile.create(create_data)
print(f"Created profile: {new_profile['name']}")
# Fetch the profile by namefetched_profile = vulnerability_protection_profile.fetch(
name="test-profile",
folder="Shared"
)
# Modify the fetched profilefetched_profile["description"] = "Updated test profile"
fetched_profile["rules"].append({
"name": "additional-rule",
"severity": ["high"],
"category": "exploit-kit",
"action": {"reset_both": {}}
})
# Update using the modified objectupdated_profile = vulnerability_protection_profile.update(fetched_profile)
print(f"Updated profile: {updated_profile['name']}")
print(f"New description: {updated_profile['description']}")
# List all profilesprofiles = vulnerability_protection_profile.list(folder="Shared")
for profile in profiles:
print(f"Listed profile: {profile['name']}")
# Clean upvulnerability_protection_profile.delete(new_profile['id'])
print("Profile deleted successfully")
from scm.config.security import VulnerabilityProtectionProfile
# Initialize clientclient = Scm(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id"
)
# Initialize vulnerability protection profile objectvulnerability_protection_profile = VulnerabilityProtectionProfile(client)
# Create new profilecreate_data = {
"name": "test-profile",
"description": "Test vulnerability protection",
"folder": "Shared",
"rules": [
{
"name": "test-rule",
"severity": ["critical"],
"category": "code-execution",
"action": {"alert": {}}
}
]
}
new_profile = vulnerability_protection_profile.create(create_data)
print(f"Created profile: {new_profile['name']}")
# Fetch the profile by namefetched_profile = vulnerability_protection_profile.fetch(
name="test-profile",
folder="Shared"
)
# Modify the fetched profilefetched_profile["description"] = "Updated test profile"
fetched_profile["rules"].append({
"name": "additional-rule",
"severity": ["high"],
"category": "exploit-kit",
"action": {"reset_both": {}}
})
# Update using the modified objectupdated_profile = vulnerability_protection_profile.update(fetched_profile)
print(f"Updated profile: {updated_profile['name']}")
print(f"New description: {updated_profile['description']}")
# List all profilesprofiles = vulnerability_protection_profile.list(folder="Shared")
for profile in profiles:
print(f"Listed profile: {profile['name']}")
# Clean upvulnerability_protection_profile.delete(new_profile['id'])
print("Profile deleted successfully")