WildFire Antivirus Profile Configuration Object
The WildfireAntivirusProfile class is used to manage WildFire Antivirus Profile objects in the Strata Cloud Manager.
It provides methods to create, retrieve, update, delete, and list WildFire Antivirus Profile objects.
Creating an API client object
from scm.client import Scm
api_client = Scm(
client_id="this-is-a-placeholder",
client_secret="this-is-a-placeholder",
tsg_id="this-is-a-placeholder",
)
api_client = Scm(
client_id="this-is-a-placeholder",
client_secret="this-is-a-placeholder",
tsg_id="this-is-a-placeholder",
)
Importing the WildfireAntivirusProfile Class
from scm.config.security import WildfireAntivirusProfile
wildfire_antivirus_profile = WildfireAntivirusProfile(api_client)
wildfire_antivirus_profile = WildfireAntivirusProfile(api_client)
Methods
create(data: Dict[str, Any]) -> WildfireAntivirusProfileResponseModel
Creates a new WildFire Antivirus Profile object.
Parameters:
data(Dict[str, Any]): A dictionary containing the WildFire Antivirus Profile object data.
Example:
profile_data = {
"name": "test_profile",
"description": "Created via pan-scm-sdk",
"folder": "Prisma Access",
"rules": [
{
"name": "rule1",
"direction": "both",
"analysis": "public-cloud",
"application": [
"facebook-uploading",
"facebook-posting",
"facebook-downloading",
"facebook-base"
],
"file_type": [
"flash",
"jar"
]
}
]
}
new_profile = wildfire_antivirus_profile.create(profile_data)
print(f"Created WildFire Antivirus Profile with ID: {new_profile.id}")
"name": "test_profile",
"description": "Created via pan-scm-sdk",
"folder": "Prisma Access",
"rules": [
{
"name": "rule1",
"direction": "both",
"analysis": "public-cloud",
"application": [
"facebook-uploading",
"facebook-posting",
"facebook-downloading",
"facebook-base"
],
"file_type": [
"flash",
"jar"
]
}
]
}
new_profile = wildfire_antivirus_profile.create(profile_data)
print(f"Created WildFire Antivirus Profile with ID: {new_profile.id}")
get(object_id: str) -> WildfireAntivirusProfileResponseModel
Retrieves a WildFire Antivirus Profile object by its ID.
Parameters:
object_id(str): The UUID of the WildFire Antivirus Profile object.
Example:
profile_id = "ddcf8352-65cd-4cf3-a9b5-e2b344bbdb08"
profile_object = wildfire_antivirus_profile.get(profile_id)
print(f"Profile Name: {profile_object.name}")
profile_object = wildfire_antivirus_profile.get(profile_id)
print(f"Profile Name: {profile_object.name}")
update(object_id: str, data: Dict[str, Any]) -> WildfireAntivirusProfileResponseModel
Updates an existing WildFire Antivirus Profile object.
Parameters:
object_id(str): The UUID of the WildFire Antivirus Profile object.data(Dict[str, Any]): A dictionary containing the updated WildFire Antivirus Profile data.
Example:
update_data = {
"name": "Updated123",
"description": "Updated description",
"folder": "Prisma Access",
"rules": [
{
"name": "updated_rule",
"direction": "upload",
"analysis": "private-cloud",
"application": [
"facebook-uploading",
"facebook-posting",
"facebook-downloading",
"facebook-base"
],
"file_type": [
"flash",
"jar"
]
}
]
}
updated_profile = wildfire_antivirus_profile.update(profile_id, update_data)
print(f"Updated WildFire Antivirus Profile with ID: {updated_profile.id}")
"name": "Updated123",
"description": "Updated description",
"folder": "Prisma Access",
"rules": [
{
"name": "updated_rule",
"direction": "upload",
"analysis": "private-cloud",
"application": [
"facebook-uploading",
"facebook-posting",
"facebook-downloading",
"facebook-base"
],
"file_type": [
"flash",
"jar"
]
}
]
}
updated_profile = wildfire_antivirus_profile.update(profile_id, update_data)
print(f"Updated WildFire Antivirus Profile with ID: {updated_profile.id}")
delete(object_id: str) -> None
Deletes a WildFire Antivirus Profile object by its ID.
Parameters:
object_id(str): The UUID of the WildFire Antivirus Profile object.
Example:
wildfire_antivirus_profile.delete(profile_id)
print(f"Deleted WildFire Antivirus Profile with ID: {profile_id}")
print(f"Deleted WildFire Antivirus Profile with ID: {profile_id}")
list(folder: Optional[str] = None, snippet: Optional[str] = None, device: Optional[str] = None, offset: Optional[int] = None, limit: Optional[int] = None, name: Optional[str] = None, **filters) -> List[WildfireAntivirusProfileResponseModel]
Lists WildFire Antivirus Profile objects, optionally filtered by folder, snippet, device, or other criteria.
Parameters:
folder(Optional[str]): The folder to list profiles from.snippet(Optional[str]): The snippet to list profiles from.device(Optional[str]): The device to list profiles from.offset(Optional[int]): The pagination offset.limit(Optional[int]): The pagination limit.name(Optional[str]): Filter profiles by name.**filters: Additional filters.
Example:
profiles = wildfire_antivirus_profile.list(folder='Prisma Access', limit=10)
for profile in profiles:
print(f"Profile Name: {profile.name}, ID: {profile.id}")
for profile in profiles:
print(f"Profile Name: {profile.name}, ID: {profile.id}")
Usage Examples
Example 1: Creating a WildFire Antivirus Profile
profile_data = {
"name": "example_profile",
"description": "Example WildFire Antivirus Profile",
"folder": "Prisma Access",
"packet_capture": True,
"rules": [
{
"name": "rule1",
"direction": "both",
"analysis": "public-cloud",
"application": ["web-browsing", "ssl"],
"file_type": ["pe", "pdf"]
}
]
}
new_profile = wildfire_antivirus_profile.create(profile_data)
print(f"Created profile: {new_profile.name} with ID: {new_profile.id}")
"name": "example_profile",
"description": "Example WildFire Antivirus Profile",
"folder": "Prisma Access",
"packet_capture": True,
"rules": [
{
"name": "rule1",
"direction": "both",
"analysis": "public-cloud",
"application": ["web-browsing", "ssl"],
"file_type": ["pe", "pdf"]
}
]
}
new_profile = wildfire_antivirus_profile.create(profile_data)
print(f"Created profile: {new_profile.name} with ID: {new_profile.id}")
Example 2: Updating a WildFire Antivirus Profile
update_data = {
"description": "Updated WildFire Antivirus Profile",
"packet_capture": False,
"rules": [
{
"name": "updated_rule",
"direction": "upload",
"analysis": "private-cloud",
"application": ["any"],
"file_type": ["any"]
}
]
}
updated_profile = wildfire_antivirus_profile.update(new_profile.id, update_data)
print(f"Updated profile: {updated_profile.name}")
"description": "Updated WildFire Antivirus Profile",
"packet_capture": False,
"rules": [
{
"name": "updated_rule",
"direction": "upload",
"analysis": "private-cloud",
"application": ["any"],
"file_type": ["any"]
}
]
}
updated_profile = wildfire_antivirus_profile.update(new_profile.id, update_data)
print(f"Updated profile: {updated_profile.name}")
Example 3: Listing WildFire Antivirus Profiles with Filters
profiles = wildfire_antivirus_profile.list(
folder='Prisma Access',
limit=5,
name='example'
)
for profile in profiles:
print(f"Profile: {profile.name}, Description: {profile.description}")
folder='Prisma Access',
limit=5,
name='example'
)
for profile in profiles:
print(f"Profile: {profile.name}, Description: {profile.description}")
Example 4: Creating a Profile with MLAV Exceptions
profile_data = {
"name": "mlav_exception_profile",
"folder": "Shared",
"rules": [
{
"name": "default_rule",
"direction": "both",
"analysis": "public-cloud"
}
],
"mlav_exception": [
{
"name": "exception1",
"description": "MLAV exception example",
"filename": "test_file.exe"
}
]
}
new_profile = wildfire_antivirus_profile.create(profile_data)
print(f"Created profile with MLAV exception: {new_profile.name}")
"name": "mlav_exception_profile",
"folder": "Shared",
"rules": [
{
"name": "default_rule",
"direction": "both",
"analysis": "public-cloud"
}
],
"mlav_exception": [
{
"name": "exception1",
"description": "MLAV exception example",
"filename": "test_file.exe"
}
]
}
new_profile = wildfire_antivirus_profile.create(profile_data)
print(f"Created profile with MLAV exception: {new_profile.name}")
Example 5: Updating a Profile with Threat Exceptions
update_data = {
"threat_exception": [
{
"name": "threat_exception1",
"notes": "Example threat exception"
}
]
}
updated_profile = wildfire_antivirus_profile.update(new_profile.id, update_data)
print(f"Updated profile with threat exception: {updated_profile.name}")
"threat_exception": [
{
"name": "threat_exception1",
"notes": "Example threat exception"
}
]
}
updated_profile = wildfire_antivirus_profile.update(new_profile.id, update_data)
print(f"Updated profile with threat exception: {updated_profile.name}")
Example 6: Creating a Profile in a Snippet
profile_data = {
"name": "snippet_profile",
"description": "Profile in a snippet",
"snippet": "Example Snippet",
"rules": [
{
"name": "snippet_rule",
"direction": "download",
"analysis": "public-cloud"
}
]
}
new_profile = wildfire_antivirus_profile.create(profile_data)
print(f"Created profile in snippet: {new_profile.name}")
"name": "snippet_profile",
"description": "Profile in a snippet",
"snippet": "Example Snippet",
"rules": [
{
"name": "snippet_rule",
"direction": "download",
"analysis": "public-cloud"
}
]
}
new_profile = wildfire_antivirus_profile.create(profile_data)
print(f"Created profile in snippet: {new_profile.name}")
Full Example: Creating and Managing a WildFire Antivirus Profile
from scm.client import Scm
from scm.config.security import WildfireAntivirusProfile
# Initialize the SCM clientapi_client = Scm(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id",
)
# Create a WildfireAntivirusProfile instancewildfire_antivirus_profile = WildfireAntivirusProfile(api_client)
# Create a new WildFire Antivirus Profileprofile_data = {
"name": "comprehensive_profile",
"description": "Comprehensive WildFire Antivirus Profile",
"folder": "Prisma Access",
"packet_capture": True,
"rules": [
{
"name": "rule1",
"direction": "both",
"analysis": "public-cloud",
"application": ["web-browsing", "ssl"],
"file_type": ["pe", "pdf"]
},
{
"name": "rule2",
"direction": "upload",
"analysis": "private-cloud",
"application": ["ftp", "sftp"],
"file_type": ["any"]
}
],
"mlav_exception": [
{
"name": "mlav_exception1",
"description": "MLAV exception for specific file",
"filename": "allowed_file.exe"
}
],
"threat_exception": [
{
"name": "threat_exception1",
"notes": "Exception for known false positive"
}
]
}
new_profile = wildfire_antivirus_profile.create(profile_data)
print(f"Created comprehensive profile: {new_profile.name} with ID: {new_profile.id}")
# Retrieve the created profileretrieved_profile = wildfire_antivirus_profile.get(new_profile.id)
print(f"Retrieved profile: {retrieved_profile.name}")
# Update the profileupdate_data = {
"description": "Updated comprehensive WildFire Antivirus Profile",
"packet_capture": False,
"rules": [
{
"name": "updated_rule",
"direction": "both",
"analysis": "public-cloud",
"application": ["any"],
"file_type": ["any"]
}
]
}
updated_profile = wildfire_antivirus_profile.update(new_profile.id, update_data)
print(f"Updated profile: {updated_profile.name}")
# List profilesprofiles = wildfire_antivirus_profile.list(folder='Prisma Access', limit=10)
print("List of profiles:")
for profile in profiles:
print(f"- {profile.name} (ID: {profile.id})")
# Delete the profilewildfire_antivirus_profile.delete(new_profile.id)
print(f"Deleted profile: {new_profile.name}")
from scm.config.security import WildfireAntivirusProfile
# Initialize the SCM clientapi_client = Scm(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id",
)
# Create a WildfireAntivirusProfile instancewildfire_antivirus_profile = WildfireAntivirusProfile(api_client)
# Create a new WildFire Antivirus Profileprofile_data = {
"name": "comprehensive_profile",
"description": "Comprehensive WildFire Antivirus Profile",
"folder": "Prisma Access",
"packet_capture": True,
"rules": [
{
"name": "rule1",
"direction": "both",
"analysis": "public-cloud",
"application": ["web-browsing", "ssl"],
"file_type": ["pe", "pdf"]
},
{
"name": "rule2",
"direction": "upload",
"analysis": "private-cloud",
"application": ["ftp", "sftp"],
"file_type": ["any"]
}
],
"mlav_exception": [
{
"name": "mlav_exception1",
"description": "MLAV exception for specific file",
"filename": "allowed_file.exe"
}
],
"threat_exception": [
{
"name": "threat_exception1",
"notes": "Exception for known false positive"
}
]
}
new_profile = wildfire_antivirus_profile.create(profile_data)
print(f"Created comprehensive profile: {new_profile.name} with ID: {new_profile.id}")
# Retrieve the created profileretrieved_profile = wildfire_antivirus_profile.get(new_profile.id)
print(f"Retrieved profile: {retrieved_profile.name}")
# Update the profileupdate_data = {
"description": "Updated comprehensive WildFire Antivirus Profile",
"packet_capture": False,
"rules": [
{
"name": "updated_rule",
"direction": "both",
"analysis": "public-cloud",
"application": ["any"],
"file_type": ["any"]
}
]
}
updated_profile = wildfire_antivirus_profile.update(new_profile.id, update_data)
print(f"Updated profile: {updated_profile.name}")
# List profilesprofiles = wildfire_antivirus_profile.list(folder='Prisma Access', limit=10)
print("List of profiles:")
for profile in profiles:
print(f"- {profile.name} (ID: {profile.id})")
# Delete the profilewildfire_antivirus_profile.delete(new_profile.id)
print(f"Deleted profile: {new_profile.name}")