Vulnerability Protection Profile Configuration Object
The VulnerabilityProtectionProfile class is used to manage Vulnerability Protection Profile objects in the Strata
Cloud Manager.
It provides methods to create, retrieve, update, delete, and list Vulnerability Protection Profile objects.
Creating an API client object
from scm.client import Scm
api_client = Scm(
client_id="this-is-a-placeholder",
client_secret="this-is-a-placeholder",
tsg_id="this-is-a-placeholder",
)
api_client = Scm(
client_id="this-is-a-placeholder",
client_secret="this-is-a-placeholder",
tsg_id="this-is-a-placeholder",
)
Importing the VulnerabilityProtectionProfile Class
from scm.config.security import VulnerabilityProtectionProfile
vulnerability_protection_profile = VulnerabilityProtectionProfile(api_client)
vulnerability_protection_profile = VulnerabilityProtectionProfile(api_client)
Methods
create(data: Dict[str, Any]) -> VulnerabilityProtectionProfileResponseModel
Creates a new Vulnerability Protection Profile object.
Parameters:
data(Dict[str, Any]): A dictionary containing the Vulnerability Protection Profile object data.
Example:
profile_data = {
"name": "test_profile",
"description": "Created via pan-scm-sdk",
"folder": "Shared",
"rules": [
{
"name": "rule1",
"action": "alert",
"severity": ["critical", "high"],
"cve": ["CVE-2021-44228"],
"threat_name": "Log4j RCE"
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created Vulnerability Protection Profile with ID: {new_profile.id}")
"name": "test_profile",
"description": "Created via pan-scm-sdk",
"folder": "Shared",
"rules": [
{
"name": "rule1",
"action": "alert",
"severity": ["critical", "high"],
"cve": ["CVE-2021-44228"],
"threat_name": "Log4j RCE"
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created Vulnerability Protection Profile with ID: {new_profile.id}")
get(object_id: str) -> VulnerabilityProtectionProfileResponseModel
Retrieves a Vulnerability Protection Profile object by its ID.
Parameters:
object_id(str): The UUID of the Vulnerability Protection Profile object.
Example:
profile_id = "ddcf8352-65cd-4cf3-a9b5-e2b344bbdb08"
profile_object = vulnerability_protection_profile.get(profile_id)
print(f"Profile Name: {profile_object.name}")
profile_object = vulnerability_protection_profile.get(profile_id)
print(f"Profile Name: {profile_object.name}")
update(object_id: str, data: Dict[str, Any]) -> VulnerabilityProtectionProfileResponseModel
Updates an existing Vulnerability Protection Profile object.
Parameters:
object_id(str): The UUID of the Vulnerability Protection Profile object.data(Dict[str, Any]): A dictionary containing the updated Vulnerability Protection Profile data.
Example:
update_data = {
"name": "Updated_Profile",
"description": "Updated description",
"folder": "Shared",
"rules": [
{
"name": "updated_rule",
"action": "drop",
"severity": ["critical", "high", "medium"],
"category": "exploit-kit"
}
]
}
updated_profile = vulnerability_protection_profile.update(profile_id, update_data)
print(f"Updated Vulnerability Protection Profile with ID: {updated_profile.id}")
"name": "Updated_Profile",
"description": "Updated description",
"folder": "Shared",
"rules": [
{
"name": "updated_rule",
"action": "drop",
"severity": ["critical", "high", "medium"],
"category": "exploit-kit"
}
]
}
updated_profile = vulnerability_protection_profile.update(profile_id, update_data)
print(f"Updated Vulnerability Protection Profile with ID: {updated_profile.id}")
delete(object_id: str) -> None
Deletes a Vulnerability Protection Profile object by its ID.
Parameters:
object_id(str): The UUID of the Vulnerability Protection Profile object.
Example:
vulnerability_protection_profile.delete(profile_id)
print(f"Deleted Vulnerability Protection Profile with ID: {profile_id}")
print(f"Deleted Vulnerability Protection Profile with ID: {profile_id}")
list(folder: Optional[str] = None, snippet: Optional[str] = None, device: Optional[str] = None, offset: Optional[int] = None, limit: Optional[int] = None, name: Optional[str] = None, **filters) -> List[VulnerabilityProtectionProfileResponseModel]
Lists Vulnerability Protection Profile objects, optionally filtered by folder, snippet, device, or other criteria.
Parameters:
folder(Optional[str]): The folder to list profiles from.snippet(Optional[str]): The snippet to list profiles from.device(Optional[str]): The device to list profiles from.offset(Optional[int]): The pagination offset.limit(Optional[int]): The pagination limit.name(Optional[str]): Filter profiles by name.**filters: Additional filters.
Example:
profiles = vulnerability_protection_profile.list(folder='Shared', limit=10)
for profile in profiles:
print(f"Profile Name: {profile.name}, ID: {profile.id}")
for profile in profiles:
print(f"Profile Name: {profile.name}, ID: {profile.id}")
Usage Examples
Example 1: Creating a Vulnerability Protection Profile with Multiple Rules
profile_data = {
"name": "multi_rule_profile",
"description": "Profile with multiple rules",
"folder": "Shared",
"rules": [
{
"name": "critical_vulnerabilities",
"action": "block_ip",
"severity": ["critical"],
"packet_capture": "single-packet"
},
{
"name": "high_severity_exploits",
"action": "reset_both",
"severity": ["high"],
"category": "exploit-kit"
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created profile: {new_profile.name} with ID: {new_profile.id}")
"name": "multi_rule_profile",
"description": "Profile with multiple rules",
"folder": "Shared",
"rules": [
{
"name": "critical_vulnerabilities",
"action": "block_ip",
"severity": ["critical"],
"packet_capture": "single-packet"
},
{
"name": "high_severity_exploits",
"action": "reset_both",
"severity": ["high"],
"category": "exploit-kit"
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created profile: {new_profile.name} with ID: {new_profile.id}")
Example 2: Updating a Profile with Threat Exceptions
update_data = {
"threat_exception": [
{
"name": "exception1",
"action": "allow",
"packet_capture": "extended-capture",
"exempt_ip": [{"name": "trusted_server"}],
"notes": "Exception for trusted server"
}
]
}
updated_profile = vulnerability_protection_profile.update(new_profile.id, update_data)
print(f"Updated profile: {updated_profile.name}")
"threat_exception": [
{
"name": "exception1",
"action": "allow",
"packet_capture": "extended-capture",
"exempt_ip": [{"name": "trusted_server"}],
"notes": "Exception for trusted server"
}
]
}
updated_profile = vulnerability_protection_profile.update(new_profile.id, update_data)
print(f"Updated profile: {updated_profile.name}")
Example 3: Creating a Profile with Advanced Rule Configuration
profile_data = {
"name": "advanced_rule_profile",
"description": "Profile with advanced rule configuration",
"snippet": "Example Snippet",
"rules": [
{
"name": "complex_rule",
"action": {"block_ip": {"track_by": "source", "duration": 3600}},
"severity": ["critical", "high"],
"category": "command-execution",
"cve": ["CVE-2021-44228", "CVE-2021-45046"],
"vendor_id": ["PAN-OS-2021-0001"],
"host": "client"
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created profile with advanced rule: {new_profile.name}")
"name": "advanced_rule_profile",
"description": "Profile with advanced rule configuration",
"snippet": "Example Snippet",
"rules": [
{
"name": "complex_rule",
"action": {"block_ip": {"track_by": "source", "duration": 3600}},
"severity": ["critical", "high"],
"category": "command-execution",
"cve": ["CVE-2021-44228", "CVE-2021-45046"],
"vendor_id": ["PAN-OS-2021-0001"],
"host": "client"
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created profile with advanced rule: {new_profile.name}")
Example 4: Listing Profiles with Custom Filters
profiles = vulnerability_protection_profile.list(
folder='Shared',
limit=5,
name='test',
severity='critical'
)
for profile in profiles:
print(f"Profile: {profile.name}, Description: {profile.description}")
folder='Shared',
limit=5,
name='test',
severity='critical'
)
for profile in profiles:
print(f"Profile: {profile.name}, Description: {profile.description}")
Example 5: Creating a Profile with Time Attribute in Threat Exception
profile_data = {
"name": "time_attribute_profile",
"folder": "Shared",
"rules": [
{
"name": "default_rule",
"action": "alert",
"severity": ["any"]
}
],
"threat_exception": [
{
"name": "time_based_exception",
"action": "allow",
"time_attribute": {
"interval": 300,
"threshold": 10,
"track_by": "source"
}
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created profile with time attribute: {new_profile.name}")
"name": "time_attribute_profile",
"folder": "Shared",
"rules": [
{
"name": "default_rule",
"action": "alert",
"severity": ["any"]
}
],
"threat_exception": [
{
"name": "time_based_exception",
"action": "allow",
"time_attribute": {
"interval": 300,
"threshold": 10,
"track_by": "source"
}
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created profile with time attribute: {new_profile.name}")
Example 6: Updating a Profile in a Device Container
update_data = {
"name": "device_profile",
"description": "Profile in a device container",
"device": "firewall-01",
"rules": [
{
"name": "device_specific_rule",
"action": "drop",
"severity": ["critical", "high"],
"category": "overflow"
}
]
}
updated_profile = vulnerability_protection_profile.update(profile_id, update_data)
print(f"Updated profile in device: {updated_profile.name}")
"name": "device_profile",
"description": "Profile in a device container",
"device": "firewall-01",
"rules": [
{
"name": "device_specific_rule",
"action": "drop",
"severity": ["critical", "high"],
"category": "overflow"
}
]
}
updated_profile = vulnerability_protection_profile.update(profile_id, update_data)
print(f"Updated profile in device: {updated_profile.name}")
Full Example: Creating and Managing a Vulnerability Protection Profile
from scm.client import Scm
from scm.config.security import VulnerabilityProtectionProfile
# Initialize the SCM clientapi_client = Scm(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id",
)
# Create a VulnerabilityProtectionProfile instancevulnerability_protection_profile = VulnerabilityProtectionProfile(api_client)
# Create a new Vulnerability Protection Profileprofile_data = {
"name": "comprehensive_profile",
"description": "Comprehensive Vulnerability Protection Profile",
"folder": "Shared",
"rules": [
{
"name": "critical_vulnerabilities",
"action": {"block_ip": {"track_by": "source", "duration": 3600}},
"severity": ["critical"],
"packet_capture": "single-packet",
"category": "exploit-kit",
"cve": ["CVE-2021-44228"],
"host": "any",
"vendor_id": ["PAN-OS-2021-0001"],
"threat_name": "Log4j RCE"
},
{
"name": "high_severity_rule",
"action": "reset_both",
"severity": ["high"],
"category": "code-execution"
}
],
"threat_exception": [
{
"name": "exception1",
"action": "allow",
"packet_capture": "extended-capture",
"exempt_ip": [{"name": "trusted_server"}],
"time_attribute": {
"interval": 300,
"threshold": 5,
"track_by": "source-and-destination"
},
"notes": "Exception for trusted server"
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created comprehensive profile: {new_profile.name} with ID: {new_profile.id}")
# Retrieve the created profileretrieved_profile = vulnerability_protection_profile.get(new_profile.id)
print(f"Retrieved profile: {retrieved_profile.name}")
# Update the profileupdate_data = {
"description": "Updated comprehensive Vulnerability Protection Profile",
"rules": [
{
"name": "updated_rule",
"action": "drop",
"severity": ["critical", "high", "medium"],
"category": "dos"
}
]
}
updated_profile = vulnerability_protection_profile.update(new_profile.id, update_data)
print(f"Updated profile: {updated_profile.name}")
# List profilesprofiles = vulnerability_protection_profile.list(folder='Shared', limit=10)
print("List of profiles:")
for profile in profiles:
print(f"- {profile.name} (ID: {profile.id})")
# Delete the profilevulnerability_protection_profile.delete(new_profile.id)
print(f"Deleted profile: {new_profile.name}")
from scm.config.security import VulnerabilityProtectionProfile
# Initialize the SCM clientapi_client = Scm(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id",
)
# Create a VulnerabilityProtectionProfile instancevulnerability_protection_profile = VulnerabilityProtectionProfile(api_client)
# Create a new Vulnerability Protection Profileprofile_data = {
"name": "comprehensive_profile",
"description": "Comprehensive Vulnerability Protection Profile",
"folder": "Shared",
"rules": [
{
"name": "critical_vulnerabilities",
"action": {"block_ip": {"track_by": "source", "duration": 3600}},
"severity": ["critical"],
"packet_capture": "single-packet",
"category": "exploit-kit",
"cve": ["CVE-2021-44228"],
"host": "any",
"vendor_id": ["PAN-OS-2021-0001"],
"threat_name": "Log4j RCE"
},
{
"name": "high_severity_rule",
"action": "reset_both",
"severity": ["high"],
"category": "code-execution"
}
],
"threat_exception": [
{
"name": "exception1",
"action": "allow",
"packet_capture": "extended-capture",
"exempt_ip": [{"name": "trusted_server"}],
"time_attribute": {
"interval": 300,
"threshold": 5,
"track_by": "source-and-destination"
},
"notes": "Exception for trusted server"
}
]
}
new_profile = vulnerability_protection_profile.create(profile_data)
print(f"Created comprehensive profile: {new_profile.name} with ID: {new_profile.id}")
# Retrieve the created profileretrieved_profile = vulnerability_protection_profile.get(new_profile.id)
print(f"Retrieved profile: {retrieved_profile.name}")
# Update the profileupdate_data = {
"description": "Updated comprehensive Vulnerability Protection Profile",
"rules": [
{
"name": "updated_rule",
"action": "drop",
"severity": ["critical", "high", "medium"],
"category": "dos"
}
]
}
updated_profile = vulnerability_protection_profile.update(new_profile.id, update_data)
print(f"Updated profile: {updated_profile.name}")
# List profilesprofiles = vulnerability_protection_profile.list(folder='Shared', limit=10)
print("List of profiles:")
for profile in profiles:
print(f"- {profile.name} (ID: {profile.id})")
# Delete the profilevulnerability_protection_profile.delete(new_profile.id)
print(f"Deleted profile: {new_profile.name}")