Application Models
Overview
The Application models provide a structured way to manage custom applications in Palo Alto Networks' Strata Cloud Manager. These models support defining application characteristics like category, risk level, and behavioral attributes. Applications can be defined in folders or snippets. The models handle validation of inputs and outputs when interacting with the SCM API.
Attributes
| Attribute | Type | Required | Default | Description |
|---|---|---|---|---|
| name | str | Yes | None | Name of the application. Max length: 63 chars. Must match pattern: ^[a-zA-Z0-9_ .-]+$ |
| category | str | Yes | None | High-level category. Max length: 50 chars |
| subcategory | str | Yes | None | Specific sub-category. Max length: 50 chars |
| technology | str | Yes | None | Underlying technology. Max length: 50 chars |
| risk | int | Yes | None | Risk level associated with the application |
| description | str | No | None | Description of the application. Max length: 1023 chars |
| ports | List[str] | No | None | List of TCP/UDP ports |
| folder | str | No* | None | Folder where application is defined. Max length: 64 chars |
| snippet | str | No* | None | Snippet where application is defined. Max length: 64 chars |
| evasive | bool | No | False | Uses evasive techniques |
| pervasive | bool | No | False | Widely used |
| excessive_bandwidth_use | bool | No | False | Uses excessive bandwidth |
| used_by_malware | bool | No | False | Commonly used by malware |
| transfers_files | bool | No | False | Transfers files |
| has_known_vulnerabilities | bool | No | False | Has known vulnerabilities |
| tunnels_other_apps | bool | No | False | Tunnels other applications |
| prone_to_misuse | bool | No | False | Prone to misuse |
| no_certifications | bool | No | False | Lacks certifications |
| id | UUID | Yes** | None | UUID of the application (response only) |
* Exactly one container type (folder/snippet) must be provided ** Only required for response model
Model Validators
Container Type Validation
For create operations, exactly one container type must be specified:
# Using dictionaryfrom scm.config.objects import Application
# Error: multiple containers specifiedtry:
app_dict = {
"name": "invalid-app",
"category": "business-systems",
"subcategory": "database",
"technology": "client-server",
"risk": 3,
"folder": "Shared",
"snippet": "Config" # Can't specify both folder and snippet
}
app = Application(api_client)
response = app.create(app_dict)
except ValueError as e:
print(e) # "Exactly one of 'folder' or 'snippet' must be provided."
# Using model directlyfrom scm.models.objects import ApplicationCreateModel
# Error: no container specifiedtry:
app = ApplicationCreateModel(
name="invalid-app",
category="business-systems",
subcategory="database",
technology="client-server",
risk=3
)
except ValueError as e:
print(e) # "Exactly one of 'folder' or 'snippet' must be provided."
# Error: multiple containers specifiedtry:
app_dict = {
"name": "invalid-app",
"category": "business-systems",
"subcategory": "database",
"technology": "client-server",
"risk": 3,
"folder": "Shared",
"snippet": "Config" # Can't specify both folder and snippet
}
app = Application(api_client)
response = app.create(app_dict)
except ValueError as e:
print(e) # "Exactly one of 'folder' or 'snippet' must be provided."
# Using model directlyfrom scm.models.objects import ApplicationCreateModel
# Error: no container specifiedtry:
app = ApplicationCreateModel(
name="invalid-app",
category="business-systems",
subcategory="database",
technology="client-server",
risk=3
)
except ValueError as e:
print(e) # "Exactly one of 'folder' or 'snippet' must be provided."
Usage Examples
Creating a Basic Application
# Using dictionaryfrom scm.config.objects import Application
app_dict = {
"name": "custom-db",
"category": "business-systems",
"subcategory": "database",
"technology": "client-server",
"risk": 3,
"folder": "Custom Apps",
"ports": ["tcp/1433"]
}
app = Application(api_client)
response = app.create(app_dict)
# Using model directlyfrom scm.models.objects import ApplicationCreateModel
app = ApplicationCreateModel(
name="custom-db",
category="business-systems",
subcategory="database",
technology="client-server",
risk=3,
folder="Custom Apps",
ports=["tcp/1433"]
)
payload = app.model_dump(exclude_unset=True)
response = app.create(payload)
app_dict = {
"name": "custom-db",
"category": "business-systems",
"subcategory": "database",
"technology": "client-server",
"risk": 3,
"folder": "Custom Apps",
"ports": ["tcp/1433"]
}
app = Application(api_client)
response = app.create(app_dict)
# Using model directlyfrom scm.models.objects import ApplicationCreateModel
app = ApplicationCreateModel(
name="custom-db",
category="business-systems",
subcategory="database",
technology="client-server",
risk=3,
folder="Custom Apps",
ports=["tcp/1433"]
)
payload = app.model_dump(exclude_unset=True)
response = app.create(payload)
Creating an Application with Behavioral Attributes
# Using dictionaryapp_dict = {
"name": "file-share",
"category": "collaboration",
"subcategory": "file-sharing",
"technology": "peer-to-peer",
"risk": 4,
"folder": "Shared",
"description": "Custom file sharing application",
"ports": ["tcp/6346", "tcp/6347"],
"evasive": True,
"transfers_files": True,
"excessive_bandwidth_use": True,
"prone_to_misuse": True
}
response = app.create(app_dict)
# Using model directlyapp = ApplicationCreateModel(
name="file-share",
category="collaboration",
subcategory="file-sharing",
technology="peer-to-peer",
risk=4,
folder="Shared",
description="Custom file sharing application",
ports=["tcp/6346", "tcp/6347"],
evasive=True,
transfers_files=True,
excessive_bandwidth_use=True,
prone_to_misuse=True
)
payload = app.model_dump(exclude_unset=True)
response = app.create(payload)
"name": "file-share",
"category": "collaboration",
"subcategory": "file-sharing",
"technology": "peer-to-peer",
"risk": 4,
"folder": "Shared",
"description": "Custom file sharing application",
"ports": ["tcp/6346", "tcp/6347"],
"evasive": True,
"transfers_files": True,
"excessive_bandwidth_use": True,
"prone_to_misuse": True
}
response = app.create(app_dict)
# Using model directlyapp = ApplicationCreateModel(
name="file-share",
category="collaboration",
subcategory="file-sharing",
technology="peer-to-peer",
risk=4,
folder="Shared",
description="Custom file sharing application",
ports=["tcp/6346", "tcp/6347"],
evasive=True,
transfers_files=True,
excessive_bandwidth_use=True,
prone_to_misuse=True
)
payload = app.model_dump(exclude_unset=True)
response = app.create(payload)
Updating an Application
# Using dictionaryupdate_dict = {
"id": "123e4567-e89b-12d3-a456-426655440000",
"name": "custom-db-updated",
"risk": 4,
"description": "Updated database application",
"has_known_vulnerabilities": True
}
response = app.update(update_dict)
# Using model directlyfrom scm.models.objects import ApplicationUpdateModel
update = ApplicationUpdateModel(
id="123e4567-e89b-12d3-a456-426655440000",
name="custom-db-updated",
risk=4,
description="Updated database application",
has_known_vulnerabilities=True
)
payload = update.model_dump(exclude_unset=True)
response = app.update(payload)
"id": "123e4567-e89b-12d3-a456-426655440000",
"name": "custom-db-updated",
"risk": 4,
"description": "Updated database application",
"has_known_vulnerabilities": True
}
response = app.update(update_dict)
# Using model directlyfrom scm.models.objects import ApplicationUpdateModel
update = ApplicationUpdateModel(
id="123e4567-e89b-12d3-a456-426655440000",
name="custom-db-updated",
risk=4,
description="Updated database application",
has_known_vulnerabilities=True
)
payload = update.model_dump(exclude_unset=True)
response = app.update(payload)