WildFire Antivirus Profile Configuration Object
The WildfireAntivirusProfile
class is used to manage WildFire Antivirus Profile objects in the Strata Cloud Manager.
It provides methods to create, retrieve, update, delete, and list WildFire Antivirus Profile objects.
Creating an API client object
api_client = Scm(
client_id="this-is-a-placeholder",
client_secret="this-is-a-placeholder",
tsg_id="this-is-a-placeholder",
)
Importing the WildfireAntivirusProfile Class
wildfire_antivirus_profile = WildfireAntivirusProfile(api_client)
Methods
create(data: Dict[str, Any]) -> WildfireAntivirusProfileResponseModel
Creates a new WildFire Antivirus Profile object.
Parameters:
data
(Dict[str, Any]): A dictionary containing the WildFire Antivirus Profile object data.
Example:
"name": "test_profile",
"description": "Created via pan-scm-sdk",
"folder": "Prisma Access",
"rules": [
{
"name": "rule1",
"direction": "both",
"analysis": "public-cloud",
"application": [
"facebook-uploading",
"facebook-posting",
"facebook-downloading",
"facebook-base"
],
"file_type": [
"flash",
"jar"
]
}
]
}
new_profile = wildfire_antivirus_profile.create(profile_data)
print(f"Created WildFire Antivirus Profile with ID: {new_profile.id}")
get(object_id: str) -> WildfireAntivirusProfileResponseModel
Retrieves a WildFire Antivirus Profile object by its ID.
Parameters:
object_id
(str): The UUID of the WildFire Antivirus Profile object.
Example:
profile_object = wildfire_antivirus_profile.get(profile_id)
print(f"Profile Name: {profile_object.name}")
update(object_id: str, data: Dict[str, Any]) -> WildfireAntivirusProfileResponseModel
Updates an existing WildFire Antivirus Profile object.
Parameters:
object_id
(str): The UUID of the WildFire Antivirus Profile object.data
(Dict[str, Any]): A dictionary containing the updated WildFire Antivirus Profile data.
Example:
"name": "Updated123",
"description": "Updated description",
"folder": "Prisma Access",
"rules": [
{
"name": "updated_rule",
"direction": "upload",
"analysis": "private-cloud",
"application": [
"facebook-uploading",
"facebook-posting",
"facebook-downloading",
"facebook-base"
],
"file_type": [
"flash",
"jar"
]
}
]
}
updated_profile = wildfire_antivirus_profile.update(profile_id, update_data)
print(f"Updated WildFire Antivirus Profile with ID: {updated_profile.id}")
delete(object_id: str) -> None
Deletes a WildFire Antivirus Profile object by its ID.
Parameters:
object_id
(str): The UUID of the WildFire Antivirus Profile object.
Example:
print(f"Deleted WildFire Antivirus Profile with ID: {profile_id}")
list(folder: Optional[str] = None, snippet: Optional[str] = None, device: Optional[str] = None, offset: Optional[int] = None, limit: Optional[int] = None, name: Optional[str] = None, **filters) -> List[WildfireAntivirusProfileResponseModel]
Lists WildFire Antivirus Profile objects, optionally filtered by folder, snippet, device, or other criteria.
Parameters:
folder
(Optional[str]): The folder to list profiles from.snippet
(Optional[str]): The snippet to list profiles from.device
(Optional[str]): The device to list profiles from.offset
(Optional[int]): The pagination offset.limit
(Optional[int]): The pagination limit.name
(Optional[str]): Filter profiles by name.**filters
: Additional filters.
Example:
for profile in profiles:
print(f"Profile Name: {profile.name}, ID: {profile.id}")
Usage Examples
Example 1: Creating a WildFire Antivirus Profile
"name": "example_profile",
"description": "Example WildFire Antivirus Profile",
"folder": "Prisma Access",
"packet_capture": True,
"rules": [
{
"name": "rule1",
"direction": "both",
"analysis": "public-cloud",
"application": ["web-browsing", "ssl"],
"file_type": ["pe", "pdf"]
}
]
}
new_profile = wildfire_antivirus_profile.create(profile_data)
print(f"Created profile: {new_profile.name} with ID: {new_profile.id}")
Example 2: Updating a WildFire Antivirus Profile
"description": "Updated WildFire Antivirus Profile",
"packet_capture": False,
"rules": [
{
"name": "updated_rule",
"direction": "upload",
"analysis": "private-cloud",
"application": ["any"],
"file_type": ["any"]
}
]
}
updated_profile = wildfire_antivirus_profile.update(new_profile.id, update_data)
print(f"Updated profile: {updated_profile.name}")
Example 3: Listing WildFire Antivirus Profiles with Filters
folder='Prisma Access',
limit=5,
name='example'
)
for profile in profiles:
print(f"Profile: {profile.name}, Description: {profile.description}")
Example 4: Creating a Profile with MLAV Exceptions
"name": "mlav_exception_profile",
"folder": "Shared",
"rules": [
{
"name": "default_rule",
"direction": "both",
"analysis": "public-cloud"
}
],
"mlav_exception": [
{
"name": "exception1",
"description": "MLAV exception example",
"filename": "test_file.exe"
}
]
}
new_profile = wildfire_antivirus_profile.create(profile_data)
print(f"Created profile with MLAV exception: {new_profile.name}")
Example 5: Updating a Profile with Threat Exceptions
"threat_exception": [
{
"name": "threat_exception1",
"notes": "Example threat exception"
}
]
}
updated_profile = wildfire_antivirus_profile.update(new_profile.id, update_data)
print(f"Updated profile with threat exception: {updated_profile.name}")
Example 6: Creating a Profile in a Snippet
"name": "snippet_profile",
"description": "Profile in a snippet",
"snippet": "Example Snippet",
"rules": [
{
"name": "snippet_rule",
"direction": "download",
"analysis": "public-cloud"
}
]
}
new_profile = wildfire_antivirus_profile.create(profile_data)
print(f"Created profile in snippet: {new_profile.name}")
Full Example: Creating and Managing a WildFire Antivirus Profile
from scm.config.security import WildfireAntivirusProfile
# Initialize the SCM clientapi_client = Scm(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id",
)
# Create a WildfireAntivirusProfile instancewildfire_antivirus_profile = WildfireAntivirusProfile(api_client)
# Create a new WildFire Antivirus Profileprofile_data = {
"name": "comprehensive_profile",
"description": "Comprehensive WildFire Antivirus Profile",
"folder": "Prisma Access",
"packet_capture": True,
"rules": [
{
"name": "rule1",
"direction": "both",
"analysis": "public-cloud",
"application": ["web-browsing", "ssl"],
"file_type": ["pe", "pdf"]
},
{
"name": "rule2",
"direction": "upload",
"analysis": "private-cloud",
"application": ["ftp", "sftp"],
"file_type": ["any"]
}
],
"mlav_exception": [
{
"name": "mlav_exception1",
"description": "MLAV exception for specific file",
"filename": "allowed_file.exe"
}
],
"threat_exception": [
{
"name": "threat_exception1",
"notes": "Exception for known false positive"
}
]
}
new_profile = wildfire_antivirus_profile.create(profile_data)
print(f"Created comprehensive profile: {new_profile.name} with ID: {new_profile.id}")
# Retrieve the created profileretrieved_profile = wildfire_antivirus_profile.get(new_profile.id)
print(f"Retrieved profile: {retrieved_profile.name}")
# Update the profileupdate_data = {
"description": "Updated comprehensive WildFire Antivirus Profile",
"packet_capture": False,
"rules": [
{
"name": "updated_rule",
"direction": "both",
"analysis": "public-cloud",
"application": ["any"],
"file_type": ["any"]
}
]
}
updated_profile = wildfire_antivirus_profile.update(new_profile.id, update_data)
print(f"Updated profile: {updated_profile.name}")
# List profilesprofiles = wildfire_antivirus_profile.list(folder='Prisma Access', limit=10)
print("List of profiles:")
for profile in profiles:
print(f"- {profile.name} (ID: {profile.id})")
# Delete the profilewildfire_antivirus_profile.delete(new_profile.id)
print(f"Deleted profile: {new_profile.name}")