Skip to content

Vulnerability Protection Profile Models

Overview

The Vulnerability Protection Profile models provide a structured way to manage vulnerability protection profiles in Palo Alto Networks' Strata Cloud Manager. These models support defining rules and threat exceptions with various actions, severities, and categories. Profiles can be defined in folders, snippets, or devices. The models handle validation of inputs and outputs when interacting with the SCM API.

Attributes

Attribute Type Required Default Description
name str Yes None Name of the profile. Must match pattern: ^[a-zA-Z0-9._-]+$
description str No None Description of the profile
rules List[RuleRequest] Yes None List of rules for the profile
threat_exception List[ThreatExceptionRequest] No None List of threat exceptions
folder str No* None Folder where profile is defined. Max length: 64 chars
snippet str No* None Snippet where profile is defined. Max length: 64 chars
device str No* None Device where profile is defined. Max length: 64 chars
id UUID Yes** None UUID of the profile (response only)

* Exactly one container type (folder/snippet/device) must be provided ** Only required for response model

Exceptions

The Vulnerability Protection Profile models can raise the following exceptions during validation:

  • ValueError: Raised in several scenarios:
    • When multiple container types (folder/snippet/device) are specified
    • When no container type is specified for create operations
    • When invalid action formats are provided (must be string or dict)
    • When multiple actions are specified in a single rule
    • When block_ip action is missing required fields
    • When non-empty parameters are provided for simple actions
    • When name pattern validation fails
    • When container field pattern validation fails
    • When field length limits are exceeded
    • When invalid time attribute values are provided

Model Validators

Container Type Validation

For create operations, exactly one container type must be specified:

# Using dictionary
from scm.config.security import VulnerabilityProtectionProfile

# Error: multiple containers specified
try:
    profile_dict = {
        "name": "invalid-profile",
        "rules": [{
            "name": "rule1",
            "action": {"alert": {}}
        }],
        "folder": "Texas",
        "device": "fw01"  # Can't specify both folder and device
    }
    profile = VulnerabilityProtectionProfile(api_client)
    response = profile.create(profile_dict)
except ValueError as e:
    print(e)  # "Exactly one of 'folder', 'snippet', or 'device' must be provided."

Action Validation

Actions must be properly formatted and validated:

# Invalid action format
try:
    profile_dict = {
        "name": "test-profile",
        "folder": "Texas",
        "rules": [{
            "name": "rule1",
            "action": ["alert"]  # Must be string or dict
        }]
    }
    response = profile.create(profile_dict)
except ValueError as e:
    print(e)  # "Invalid action format; must be a string or dict."

# Multiple actions specified
try:
    profile_dict = {
        "name": "test-profile",
        "folder": "Texas",
        "rules": [{
            "name": "rule1",
            "action": {
                "alert": {},
                "drop": {}  # Can't specify multiple actions
            }
        }]
    }
    response = profile.create(profile_dict)
except ValueError as e:
    print(e)  # "Exactly one action must be provided in 'action' field."

Usage Examples

Creating a Basic Profile

# Using dictionary
basic_dict = {
    "name": "basic-profile",
    "description": "Basic vulnerability protection profile",
    "folder": "Texas",
    "rules": [{
        "name": "rule1",
        "action": {"alert": {}},
        "severity": ["critical", "high"],
        "category": "exploit-kit"
    }]
}

profile = VulnerabilityProtectionProfile(api_client)
response = profile.create(basic_dict)

# Using model directly
from scm.models.security import (
    VulnerabilityProfileCreateModel,
    VulnerabilityProfileRuleModel,
    VulnerabilityProfileActionResponse,
    VulnerabilityProfileSeverity,
    VulnerabilityProfileCategory
)

basic_profile = VulnerabilityProfileCreateModel(
    name="basic-profile",
    description="Basic vulnerability protection profile",
    folder="Texas",
    rules=[
        VulnerabilityProfileRuleModel(
            name="rule1",
            action=VulnerabilityProfileActionResponse(root={"alert": {}}),
            severity=[VulnerabilityProfileSeverity.critical, VulnerabilityProfileSeverity.high],
            category=VulnerabilityProfileCategory.exploit_kit
        )
    ]
)

payload = basic_profile.model_dump(exclude_unset=True)
response = profile.create(payload)

Creating a Profile with Threat Exceptions

# Using dictionary
advanced_dict = {
    "name": "advanced-profile",
    "description": "Profile with threat exceptions",
    "folder": "Texas",
    "rules": [{
        "name": "rule1",
        "action": {
            "block_ip": {
                "track_by": "source",
                "duration": 3600
            }
        },
        "severity": ["critical"],
        "category": "code-execution"
    }],
    "threat_exception": [{
        "name": "exception1",
        "action": {"allow": {}},
        "exempt_ip": [{"name": "trusted-server"}],
        "time_attribute": {
            "interval": 300,
            "threshold": 5,
            "track_by": "source-and-destination"
        }
    }]
}

response = profile.create(advanced_dict)

# Using model directly
from scm.models.security import (
    VulnerabilityProfileCreateModel,
    VulnerabilityProfileRuleModel,
    VulnerabilityProfileThreatExceptionModel,
    VulnerabilityProfileActionResponse,
    VulnerabilityProfileBlockIpAction,
    VulnerabilityProfileBlockIpTrackBy,
    VulnerabilityProfileExemptIpEntry,
    VulnerabilityProfileTimeAttribute,
    VulnerabilityProfileTimeAttributeTrackBy
)

advanced_profile = VulnerabilityProfileCreateModel(
    name="advanced-profile",
    description="Profile with threat exceptions",
    folder="Texas",
    rules=[
        VulnerabilityProfileRuleModel(
            name="rule1",
            action=VulnerabilityProfileActionResponse(root={
                "block_ip": VulnerabilityProfileBlockIpAction(
                    track_by=VulnerabilityProfileBlockIpTrackBy.source,
                    duration=3600
                ).model_dump()
            }),
            severity=[VulnerabilityProfileSeverity.critical],
            category=VulnerabilityProfileCategory.code_execution
        )
    ],
    threat_exception=[
        VulnerabilityProfileThreatExceptionModel(
            name="exception1",
            action=VulnerabilityProfileActionResponse(root={"allow": {}}),
            exempt_ip=[VulnerabilityProfileExemptIpEntry(name="trusted-server")],
            time_attribute=VulnerabilityProfileTimeAttribute(
                interval=300,
                threshold=5,
                track_by=VulnerabilityProfileTimeAttributeTrackBy.source_and_destination
            )
        )
    ]
)

payload = advanced_profile.model_dump(exclude_unset=True)
response = profile.create(payload)