Skip to content

Security Services Data Models

Table of Contents

  1. Overview
  2. Model Types
  3. Common Model Patterns
  4. Usage Examples
  5. Models by Category
  6. Security Rules
  7. Anti-Spyware Profile
  8. Decryption Profile
  9. DNS Security Profile
  10. URL Categories
  11. Vulnerability Protection Profile
  12. WildFire Antivirus Profile
  13. Best Practices
  14. Related Documentation

Overview

The Strata Cloud Manager SDK uses Pydantic models for data validation and serialization of security services. These models ensure that the data being sent to and received from the Strata Cloud Manager API adheres to the expected structure and constraints. This section documents the models for security service configuration resources.

Model Types

For each security service configuration, there are corresponding model types:

  • Create Models: Used when creating new security resources ({Object}CreateModel)
  • Update Models: Used when updating existing security resources ({Object}UpdateModel)
  • Response Models: Used when parsing security data retrieved from the API ({Object}ResponseModel)
  • Base Models: Common shared attributes for related security models ({Object}BaseModel)

Common Model Patterns

Security service models share common patterns:

  • Container validation (exactly one of folder/snippet/device)
  • UUID validation for identifiers
  • Profile name and description validation
  • Reference validation for associated objects
  • Security action and severity validation
  • Rule ordering and positioning logic

Usage Examples

from scm.client import ScmClient
from scm.models.security import SecurityRuleCreateModel, SecurityRuleUpdateModel
# Initialize clientclient = ScmClient(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id"
)
# Create a new security rule using a modelsecurity_rule = SecurityRuleCreateModel(
name="allow-web-traffic",
source=["any"],
destination=["any"],
application=["web-browsing"],
service=["application-default"],
action="allow",
folder="Security Policies"
)
# Convert the model to a dictionary for the API callrule_dict = security_rule.model_dump(exclude_unset=True)
result = client.security_rule.create(rule_dict)
# Update an existing security rule using a modelupdate_rule = SecurityRuleUpdateModel(
id=result.id,
name="allow-web-traffic-updated",
description="Updated web traffic rule",
application=["web-browsing", "ssl"],
folder="Security Policies"
)

update_dict = update_rule.model_dump(exclude_unset=True)
updated_result = client.security_rule.update(update_dict)

Models by Category

Security Rules

Anti-Spyware Profile

Decryption Profile

DNS Security Profile

URL Categories

Vulnerability Protection Profile

WildFire Antivirus Profile

Best Practices

  1. Model Validation
  2. Always validate security configuration data with models before sending to the API
  3. Handle validation errors appropriately for security policy data

  4. Use model_dump(exclude_unset=True) to avoid sending default values in security policies

  5. Security Rule Configuration

  6. Ensure source and destination attributes are properly formatted
  7. Validate application and service combinations
  8. Remember that security rule order is important for policy evaluation

  9. Test security rules in a non-production environment first

  10. Security Profile Association

  11. Validate that referenced security profiles exist before associating them with rules
  12. Use consistent security profile naming conventions

  13. Understand the implications of profile group vs. individual profile attachments

  14. Policy Validation

  15. Test security rules with model validation before deployment
  16. Validate security profile settings against expected protection levels
  17. Ensure security policies don't conflict with other existing policies