Vulnerability Protection Profile Models
This section covers the data models associated with the VulnerabilityProtectionProfile
configuration object.
VulnerabilityProtectionProfileRequestModel
Used when creating or updating a Vulnerability Protection Profile object.
Attributes
name
(str): Required. The name of the Vulnerability Protection Profile object.description
(Optional[str]): A description of the Vulnerability Protection Profile object.rules
(List[RuleRequest]): Required. List of rules for the profile.threat_exception
(Optional[List[ThreatExceptionRequest]]): List of threat exceptions.- Container Type Fields (Exactly one must be provided):
folder
(Optional[str]): The folder where the profile is defined.snippet
(Optional[str]): The snippet where the profile is defined.device
(Optional[str]): The device where the profile is defined.
Example
VulnerabilityProtectionProfileRequestModel,
RuleRequest,
Severity,
Category,
PacketCapture,
ActionRequest
)
profile_request = VulnerabilityProtectionProfileRequestModel(
name="test-profile",
description="Sample Vulnerability Protection Profile",
folder="Shared",
rules=[
RuleRequest(
name="rule1",
action=ActionRequest(root={"alert": {}}),
severity=[Severity.critical, Severity.high],
category=Category.exploit_kit,
packet_capture=PacketCapture.single_packet,
cve=["CVE-2021-44228"],
threat_name="Log4j RCE"
)
]
)
print(profile_request.model_dump_json(indent=2))
VulnerabilityProtectionProfileResponseModel
Used when parsing Vulnerability Protection Profile objects retrieved from the API.
Attributes
id
(str): The UUID of the Vulnerability Protection Profile object.name
(str): The name of the Vulnerability Protection Profile object.description
(Optional[str]): A description of the Vulnerability Protection Profile object.rules
(List[RuleResponse]): List of rules for the profile.threat_exception
(Optional[List[ThreatExceptionResponse]]): List of threat exceptions.- Container Type Fields:
folder
(Optional[str]): The folder where the profile is defined.snippet
(Optional[str]): The snippet where the profile is defined.device
(Optional[str]): The device where the profile is defined.
Example
VulnerabilityProtectionProfileResponseModel,
RuleResponse,
Severity,
Category,
PacketCapture,
ActionResponse
)
profile_response = VulnerabilityProtectionProfileResponseModel(
id="123e4567-e89b-12d3-a456-426655440000",
name="test-profile",
description="Sample Vulnerability Protection Profile",
folder="Shared",
rules=[
RuleResponse(
name="rule1",
action=ActionResponse(root={"alert": {}}),
severity=[Severity.critical, Severity.high],
category=Category.exploit_kit,
packet_capture=PacketCapture.single_packet,
cve=["CVE-2021-44228"],
threat_name="Log4j RCE"
)
]
)
print(profile_response.model_dump_json(indent=2))
RuleBase
Base class for Rule objects used in Vulnerability Protection Profiles.
Attributes
name
(str): Required. Rule name.packet_capture
(Optional[PacketCapture]): Packet capture setting.severity
(Optional[List[Severity]]): List of severities.category
(Optional[Category]): Category.cve
(Optional[List[str]]): List of CVEs.host
(Optional[Host]): Host.vendor_id
(Optional[List[str]]): List of vendor IDs.threat_name
(Optional[str]): Threat name.
Example
RuleBase,
Severity,
Category,
PacketCapture,
Host
)
rule = RuleBase(
name="example_rule",
packet_capture=PacketCapture.single_packet,
severity=[Severity.critical, Severity.high],
category=Category.exploit_kit,
cve=["CVE-2021-44228"],
host=Host.any,
vendor_id=["PAN-OS-2021-0001"],
threat_name="Log4j RCE"
)
print(rule.model_dump_json(indent=2))
ThreatExceptionBase
Base class for ThreatException objects used in Vulnerability Protection Profiles.
Attributes
name
(str): Required. Threat exception name.packet_capture
(Optional[PacketCapture]): Packet capture setting.exempt_ip
(Optional[List[ExemptIpEntry]]): List of exempt IP entries.time_attribute
(Optional[TimeAttribute]): Time attribute settings.notes
(Optional[str]): Notes for the threat exception.
Example
ThreatExceptionBase,
PacketCapture,
ExemptIpEntry,
TimeAttribute,
TimeAttributeTrackBy
)
threat_exception = ThreatExceptionBase(
name="exception1",
packet_capture=PacketCapture.extended_capture,
exempt_ip=[ExemptIpEntry(name="trusted_server")],
time_attribute=TimeAttribute(
interval=300,
threshold=5,
track_by=TimeAttributeTrackBy.source_and_destination
),
notes="Exception for trusted server"
)
print(threat_exception.model_dump_json(indent=2))
ActionRequest and ActionResponse
Represents the 'action' field in rules and threat exceptions.
Attributes
root
(Dict[str, Any]): A dictionary containing the action and its properties.
Example
ActionRequest,
BlockIpAction,
BlockIpTrackBy
)
action_request = ActionRequest(root={
"block_ip": BlockIpAction(
track_by=BlockIpTrackBy.source,
duration=3600
).model_dump()
})
print(action_request.model_dump_json(indent=2))
Enums
Severity
Enumeration of severity levels:
critical
high
medium
low
informational
any
Category
Enumeration of vulnerability categories:
any
brute_force
code_execution
code_obfuscation
command_execution
dos
exploit_kit
info_leak
insecure_credentials
overflow
phishing
protocol_anomaly
scan
sql_injection
PacketCapture
Enumeration of packet capture options:
disable
single_packet
extended_capture
Host
Enumeration of host options:
any
client
server
Example
Severity,
Category,
PacketCapture,
Host
)
print(f"Severity levels: {[s.value for s in Severity]}")
print(f"Categories: {[c.value for c in Category]}")
print(f"Packet capture options: {[pc.value for pc in PacketCapture]}")
print(f"Host options: {[h.value for h in Host]}")
Full Example: Creating a Comprehensive Vulnerability Protection Profile Model
VulnerabilityProtectionProfileRequestModel,
RuleRequest,
ThreatExceptionRequest,
ActionRequest,
BlockIpAction,
BlockIpTrackBy,
Severity,
Category,
PacketCapture,
Host,
ExemptIpEntry,
TimeAttribute,
TimeAttributeTrackBy
)
# Create a comprehensive Vulnerability Protection Profile modelcomprehensive_profile = VulnerabilityProtectionProfileRequestModel(
name="comprehensive_profile",
description="Comprehensive Vulnerability Protection Profile",
folder="Shared",
rules=[
RuleRequest(
name="critical_vulnerabilities",
action=ActionRequest(root={
"block_ip": BlockIpAction(
track_by=BlockIpTrackBy.source,
duration=3600
).model_dump()
}),
severity=[Severity.critical],
packet_capture=PacketCapture.single_packet,
category=Category.exploit_kit,
cve=["CVE-2021-44228"],
host=Host.any,
vendor_id=["PAN-OS-2021-0001"],
threat_name="Log4j RCE"
),
RuleRequest(
name="high_severity_rule",
action=ActionRequest(root={"reset_both": {}}),
severity=[Severity.high],
category=Category.code_execution
)
],
threat_exception=[
ThreatExceptionRequest(
name="exception1",
action=ActionRequest(root={"allow": {}}),
packet_capture=PacketCapture.extended_capture,
exempt_ip=[ExemptIpEntry(name="trusted_server")],
time_attribute=TimeAttribute(
interval=300,
threshold=5,
track_by=TimeAttributeTrackBy.source_and_destination
),
notes="Exception for trusted server"
)
]
)
# Print the JSON representation of the modelprint(comprehensive_profile.model_dump_json(indent=2))
# Validate the modelcomprehensive_profile.model_validate(comprehensive_profile.model_dump())
print("Model validation successful")
This example demonstrates how to create a comprehensive Vulnerability Protection Profile model using the provided classes and enums. It includes multiple rules, threat exceptions, and various configuration options to showcase the full capabilities of the model.