Skip to content

Vulnerability Protection Profile Models

Overview

The Vulnerability Protection Profile models provide a structured way to manage vulnerability protection profiles in Palo Alto Networks' Strata Cloud Manager. These models support defining rules and threat exceptions with various actions, severities, and categories. Profiles can be defined in folders, snippets, or devices. The models handle validation of inputs and outputs when interacting with the SCM API.

Attributes

Attribute Type Required Default Description
name str Yes None Name of the profile. Must match pattern: ^[a-zA-Z0-9._-]+$
description str No None Description of the profile
rules List[RuleRequest] Yes None List of rules for the profile
threat_exception List[ThreatExceptionRequest] No None List of threat exceptions
folder str No* None Folder where profile is defined. Max length: 64 chars
snippet str No* None Snippet where profile is defined. Max length: 64 chars
device str No* None Device where profile is defined. Max length: 64 chars
id UUID Yes** None UUID of the profile (response only)

* Exactly one container type (folder/snippet/device) must be provided ** Only required for response model

Model Validators

Container Type Validation

For create operations, exactly one container type must be specified:

# Using dictionaryfrom scm.config.security import VulnerabilityProtectionProfile
# Error: multiple containers specifiedtry:
profile_dict = {
"name": "invalid-profile",
"rules": [{
"name": "rule1",
"action": {"alert": {}}
}],
"folder": "Shared",
"device": "fw01" # Can't specify both folder and device
}
profile = VulnerabilityProtectionProfile(api_client)
response = profile.create(profile_dict)
except ValueError as e:
print(e) # "Exactly one of 'folder', 'snippet', or 'device' must be provided."
# Using model directlyfrom scm.models.security import VulnerabilityProtectionProfileCreateModel
# Error: no container specifiedtry:
profile = VulnerabilityProtectionProfileCreateModel(
name="invalid-profile",
rules=[{
"name": "rule1",
"action": {"alert": {}}
}]
)
except ValueError as e:
print(e) # "Exactly one of 'folder', 'snippet', or 'device' must be provided."

Action Validation

For rules and threat exceptions, exactly one action must be specified:

# Using dictionarytry:
action_dict = {
"alert": {},
"drop": {} # Can't specify multiple actions
}
profile_dict = {
"name": "invalid-profile",
"rules": [{
"name": "rule1",
"action": action_dict
}],
"folder": "Shared"
}
response = profile.create(profile_dict)
except ValueError as e:
print(e) # "Exactly one action must be provided in 'action' field."
# Using model directlyfrom scm.models.security import ActionRequest

try:
action = ActionRequest(root={
"alert": {},
"drop": {}
})
except ValueError as e:
print(e) # "Exactly one action must be provided in 'action' field."

Usage Examples

Creating a Basic Profile

# Using dictionarybasic_dict = {
"name": "basic-profile",
"description": "Basic vulnerability protection profile",
"folder": "Shared",
"rules": [{
"name": "rule1",
"action": {"alert": {}},
"severity": ["critical", "high"],
"category": "exploit-kit"
}]
}

profile = VulnerabilityProtectionProfile(api_client)
response = profile.create(basic_dict)
# Using model directlyfrom scm.models.security import (
VulnerabilityProtectionProfileCreateModel,
RuleRequest,
ActionRequest,
Severity,
Category
)

basic_profile = VulnerabilityProtectionProfileCreateModel(
name="basic-profile",
description="Basic vulnerability protection profile",
folder="Shared",
rules=[
RuleRequest(
name="rule1",
action=ActionRequest(root={"alert": {}}),
severity=[Severity.critical, Severity.high],
category=Category.exploit_kit
)
]
)

payload = basic_profile.model_dump(exclude_unset=True)
response = profile.create(payload)

Creating a Profile with Threat Exceptions

# Using dictionaryadvanced_dict = {
"name": "advanced-profile",
"description": "Profile with threat exceptions",
"folder": "Shared",
"rules": [{
"name": "rule1",
"action": {
"block_ip": {
"track_by": "source",
"duration": 3600
}
},
"severity": ["critical"],
"category": "code-execution"
}],
"threat_exception": [{
"name": "exception1",
"action": {"allow": {}},
"exempt_ip": [{"name": "trusted-server"}],
"time_attribute": {
"interval": 300,
"threshold": 5,
"track_by": "source-and-destination"
}
}]
}

response = profile.create(advanced_dict)
# Using model directlyfrom scm.models.security import (
VulnerabilityProtectionProfileCreateModel,
RuleRequest,
ThreatExceptionRequest,
ActionRequest,
BlockIpAction,
BlockIpTrackBy,
ExemptIpEntry,
TimeAttribute,
TimeAttributeTrackBy
)

advanced_profile = VulnerabilityProtectionProfileCreateModel(
name="advanced-profile",
description="Profile with threat exceptions",
folder="Shared",
rules=[
RuleRequest(
name="rule1",
action=ActionRequest(root={
"block_ip": BlockIpAction(
track_by=BlockIpTrackBy.source,
duration=3600
).model_dump()
}),
severity=[Severity.critical],
category=Category.code_execution
)
],
threat_exception=[
ThreatExceptionRequest(
name="exception1",
action=ActionRequest(root={"allow": {}}),
exempt_ip=[ExemptIpEntry(name="trusted-server")],
time_attribute=TimeAttribute(
interval=300,
threshold=5,
track_by=TimeAttributeTrackBy.source_and_destination
)
)
]
)

payload = advanced_profile.model_dump(exclude_unset=True)
response = profile.create(payload)

```