Module: objects¶

Inheritance diagram¶

Class Reference¶

Objects module contains objects that exist in the ‘Objects’ tab in the firewall GUI

class panos.objects.AddressGroup(*args, **kwargs)[source]¶

Address Group

Parameters:	name (str) – Name of the address group static_value (list) – Values for a static address group dynamic_value (str) – Registered-ip tags for a dynamic address group description (str) – Description of this object tag (list) – Administrative tags (not to be confused with registered-ip tags)

class panos.objects.AddressObject(*args, **kwargs)[source]¶

Address Object

Parameters:	name (str) – Name of the object value (str) – IP address or other value of the object type (str) – Type of address: * ip-netmask (default) * ip-range * ip-wildcard (added in PAN-OS 9.0) * fqdn description (str) – Description of this object tag (list) – Administrative tags

class panos.objects.ApplicationContainer(*args, **kwargs)[source]¶

ApplicationContainer object

This is a special class that is used in the predefined module. It acts much like an ApplicationGroup object but exists only in the predefined context. It is more or less a way that Palo Alto groups predefined applications together.

Parameters:	name (str) – The name applications (list) – List of memeber applications

class panos.objects.ApplicationFilter(*args, **kwargs)[source]¶

ApplicationFilter Object

Parameters:

name (str) – Name of the object
category (list) – Application category
subcategory (list) – Application subcategory
technology (list) – Application technology
risk (list) – Application risk
evasive (bool) –
excessive_bandwidth_use (bool) –
prone_to_misuse (bool) –
is_saas (bool) –
transfers_files (bool) –
tunnels_other_apps (bool) –
used_by_malware (bool) –
has_known_vulnerabilities (bool) –
pervasive (bool) –
tag (list) – Administrative tags

class panos.objects.ApplicationGroup(*args, **kwargs)[source]¶

ApplicationGroup Object

Parameters:	name (str) – Name of the object value (list) – List of application values tag (list) – Administrative tags

class panos.objects.ApplicationObject(*args, **kwargs)[source]¶

Application Object

Parameters:

name (str) – Name of the object
category (str) – Application category
subcategory (str) – Application subcategory
technology (str) – Application technology
risk (int) – Risk (1-5) of the application
default_type (str) – Default identification type of the application
default_port (list) – Default ports
default_ip_protocol (str) – Default IP protocol
default_icmp_type (int) – Default ICMP type
default_icmp_code (int) – Default ICMP code
parent_app (str) – Parent Application for which this app falls under
timeout (int) – Default timeout
tcp_timeout (int) – TCP timeout
udp_timeout (int) – UDP timeout
tcp_half_closed_timeout (int) – TCP half closed timeout
tcp_time_wait_timeout (int) – TCP wait time timeout
evasive_behavior (bool) – Applicaiton is actively evasive
consume_big_bandwidth (bool) – Application uses large bandwidth
used_by_malware (bool) – Application is used by malware
able_to_transfer_file (bool) – Application can do file transfers
has_known_vulnerability (bool) – Application has known vulnerabilities
tunnel_other_application (bool) –
tunnel_applications (list) – List of tunneled applications
prone_to_misuse (bool) –
pervasive_use (bool) –
file_type_ident (bool) –
virus_ident (bool) –
data_ident (bool) –
description (str) – Description of this object
tag (list) – Administrative tags

Please refer to https://applipedia.paloaltonetworks.com/ for more info on these params

class panos.objects.ApplicationTag(*args, **kwargs)[source]¶

ApplicationTag Object

Applies an administrative tag to a predefined application

Parameters:	name (str) – Name of predefined application tags (list) – Administrative tags

class panos.objects.CustomUrlCategory(*args, **kwargs)[source]¶

Custom url category group

Parameters:	name (str) – The name url_value (list) – Values to include in custom URL category object description (str) – Description of this object type (str) – (PAN-OS 9.0+) The type

class panos.objects.DynamicUserGroup(*args, **kwargs)[source]¶

Dynamic user group.

Note: PAN-OS 9.1+

Parameters:	name – Name of the dynamic user group description (str) – Description of this object filter – Tag-based filter. tag (list) – Administrative tags

class panos.objects.Edl(*args, **kwargs)[source]¶

External Dynamic List.

Parameters:

name (str) – The name.
edl_type (str) – The EDL type.
description (str) – Description.
source (str) – Source.
exceptions (list) – (PAN-OS 8.0+) Exceptions.
certificate_profile (str) – (PAN-OS 8.0+) Profile for authenticating client certificates.
username (str) – (PAN-OS 8.0+) Username auth.
password (str) – (PAN-OS 8.0+) Password auth.
expand_domain (bool) – (PAN-OS 9.0+) Enable/disable expand domain (requires edl_type=domain).
repeat (str) – Retrieval interval. Valid values are “five-minute”, “hourly”, “daily”, “weekly”, or “monthly”.
repeat_at (str) – The time specification for the given repeat value.
repeat_day_of_week (str) – For repeat=daily, the day of the week.
repeat_day_of_month (int) – For repeat=monthly, the day of the month.

class panos.objects.LogForwardingProfile(*args, **kwargs)[source]¶

A log forwarding profile.

Note: This is valid for PAN-OS 8.0+

Parameters:	name (str) – The name description (str) – The description enhanced_logging (bool) – (PAN-OS 8.1+) Enabling enhanced application logging

class panos.objects.LogForwardingProfileMatchList(*args, **kwargs)[source]¶

A log forwarding profile match list entry.

Note: This is valid for PAN-OS 8.0+

Parameters:

name (str) – The name
description (str) – Description
log_type (str) – Log type. Valid values are traffic, threat, wildfire, url, data, gtp, tunnel, auth, or sctp (PAN-OS 8.1+).
filter (str) – The filter.
send_to_panorama (bool) – Send to panorama or not
snmp_profiles (str/list) – List of SnmpServerProfiles.
email_profiles (str/list) – List of EmailServerProfiles.
syslog_profiles (str/list) – List of SyslogServerProfiles.
http_profiles (str/list) – List of HttpServerProfiles.

class panos.objects.LogForwardingProfileMatchListAction(*args, **kwargs)[source]¶

Action for a log forwarding profile match list entry.

Note: This is valid for PAN-OS 8.0+

Parameters:

name (str) – The name
action_type (str) – Action type. Valid values are tagging (default) or (PAN-OS 8.1+) integration.
action (str) – The action. Valid values are add-tag, remove-tag, or (PAN-OS 8.1+) Azure-Security-Center-Integration.
target (str) – The target. Valid values are source-address or destination-address.
registration (str) – Registration. Valid values are localhost, panorama, or remote.
http_profile (str) – The HTTP profile for registration of “remote”.
tags (str/list) – List of administrative tags.
timeout (int) – (PAN-OS 9.0+) Timeout in minutes

class panos.objects.Region(*args, **kwargs)[source]¶

Region.

Parameters:	name (str) – Name of the region address (list) – List of IP networks latitude (float) – Latitude of the region longitude (float) – Longitude of the region

class panos.objects.ScheduleObject(*args, **kwargs)[source]¶

Schedule Object

“Date and Time Range” Example: 2019/11/01@00:15-2019/11/28@00:30 “Time Range” Example: 17:00-19:00

Parameters:

name (str) – Name of the object
disable_override (bool) – “True” to set disable-override
type (str) – Type of Schedule: “recurring” or “non-recurring”
non_recurring_date_time (list/str) – “Date and Time Range” string for a non-recurring schedule
recurrence (str) – “daily” or “weekly” recurrence
daily_time (list/str) – “Time Range” for a daily recurring schedule
weekly_sunday_time (list/str) – “Time Range” for a weekly recurring schedule (Sunday)
weekly_monday_time (list/str) – “Time Range” for a weekly recurring schedule (Monday)
weekly_tuesday_time (list/str) – “Time Range” for a weekly recurring schedule (Tuesday)
weekly_wednesday_time (list/str) – “Time Range” for a weekly recurring schedule (Wednesday)
weekly_thursday_time (list/str) – “Time Range” for a weekly recurring schedule (Thursday)
weekly_friday_time (list/str) – “Time Range” for a weekly recurring schedule (Friday)
weekly_saturday_time (list/str) – “Time Range” for a weekly recurring schedule (Saturday)

class panos.objects.SecurityProfileGroup(*args, **kwargs)[source]¶

Security Profile Group object

Parameters:

name (str) – The group name
virus (str) – Antivirus profile
spyware (str) – Anti-spyware profile
vulnerability (str) – Vulnerability protection profile
url_filtering (str) – URL filtering profile
file_blocking (str) – File blocking profile
data_filtering (str) – Data filtering profile
wildfire_analysis (str) – WildFire analysis profile

class panos.objects.ServiceGroup(*args, **kwargs)[source]¶

ServiceGroup Object

Parameters:	name (str) – Name of the object value (list) – List of service values tag (list) – Administrative tags

class panos.objects.ServiceObject(*args, **kwargs)[source]¶

Service Object

Parameters:

name (str) – Name of the object
protocol (str) – Protocol of the service, either tcp or udp
source_port (str) – Source port of the protocol, if any
destination_port (str) – Destination port of the service
description (str) – Description of this object
tag (list) – Administrative tags
enable_override_timeout (str) – (PAN-OS 8.1+) Override session timeout value.
override_timeout (int) – (PAN-OS 8.1+) The TCP or UDP session timeout value (in seconds).
override_half_close_timeout (int) – (PAN-OS 8.1+) TCP session half-close tieout value (in seconds).
override_time_wait_timeout (int) – (PAN-OS 8.1+) TCP session time-wait timeout value (in seconds).

class panos.objects.Tag(*args, **kwargs)[source]¶

Administrative tag

Parameters:	name (str) – Name of the tag color (str) – Color ID (eg. ‘color1’, ‘color4’, etc). You can use `color_code()` to generate the ID. comments (str) – Comments

static color_code(color_name)[source]¶

Return the color code for a color

Parameters:

color_name (str) –

One of the following colors:

red
green
blue
yellow
copper
orange
purple
gray
light green
cyan
light gray
blue gray
lime
black
gold
brown