feat: Add support for wildcard address objects #228
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
You're right, it will be an error either way, but this should have a profile that adds this support to 9.0+. Perhaps a better way to handle "you're telling me to add content to this API request that isn't supported in your version" is to return a PanDeviceError saying as much, but the profile needs to exist so that we could add that kind of logic. |
Added ip-wildcard as a type in the AddressObject PanObject Closes #226 I chose not to use a version profile for this parameter because the user will get an error on pre-9.0 versions either way. For example, there's no reason to omit the ip-wildcard on 8.1 because that AddressObject would be invalid anyway.
btorresgil
force-pushed
the
feature/address-object-wildcard
branch
from
6c2d862 to
d1208dd
Compare
|
I'm going to go ahead and merge it so we can get this into the hands of customers. A PAN-OS that doesn't support this feature would produce an exception anyway, it's just a PanXapiError instead of a PanDeviceError. We can consider changing this to a PanDeviceError in the future, but that's a larger undertaking for multiple PanVersionedObjects separate from this enhancement. |
github-actions bot
pushed a commit
that referenced
this pull request
Jul 24, 2020
## 1.0.0-alpha.1 (2020-07-24) ### Features * IP Classification and easier field usage. Fields added: user, src_class, dst_class, server_ip, server_location, client_ip, client_location. Note that client_ip was already in use by the config logs and dashboard, so that client_ip field is renamed to admin_ip, and the client_type field is renamed to admin_type. This is done to avoid naming conflicts. ([f2405cb](f2405cb)) * New App highlighting. When apps are added to the master Palo Alto Networks applipedia, Splunk will get the apps and index them. Then, dashboard panels can be created to show when new apps are added, or if any traffic in the network is matching these new apps. ([550fca6](550fca6)) * Add normalized objects for firewall and Panorama commits ([0983558](0983558)), closes [#220](#220) * Add support for wildcard address objects ([e859ff6](e859ff6)), closes [#228](#228) [#226](#226) * Support for Dynamic Address Groups and Dynamic Address Objects (IP address tagging). This feature is utilized similarly to 'panblock', but the command is 'pantag'. ([8753410](8753410)) ### Bug Fixes * config field 'host' overlapped with Splunk default field 'host'. Changed to 'client_ip'. Changed 'client' to 'client_type'. ([5bb9a9f](5bb9a9f)) * config field 'host' overlapped with Splunk default field 'host'. Changed to 'client_ip'. Changed 'client' to 'client_type'. ([d1f5e76](d1f5e76)) * Correct how target_version is determined ([4269200](4269200)), closes [#216](#216) * Fix tag-allowed property of VirtualWire ([f02143e](f02143e)), closes [#232](#232) [#221](#221) * if there are no registered addresses iterator will throw exception ([eabfbd9](eabfbd9)) ### Reverts * Revert "Added a Splunk 6 Data Model to represent the Palo Alto Networks log structure. Currently this model is NOT accelerated due to known Splunk issue (SPL-74415)" ([60b23f9](60b23f9)) * Revert "Possible Malware Traffic table search made much more efficient". It is more efficient, on initial testing, but requires more testing of corner cases. Reversing the commit until more testing can be done. ([90fae34](90fae34))
github-actions bot
pushed a commit
that referenced
this pull request
Jul 24, 2020
## 1.0.0-beta.1 (2020-07-24) ### Features * IP Classification and easier field usage. Fields added: user, src_class, dst_class, server_ip, server_location, client_ip, client_location. Note that client_ip was already in use by the config logs and dashboard, so that client_ip field is renamed to admin_ip, and the client_type field is renamed to admin_type. This is done to avoid naming conflicts. ([f2405cb](f2405cb)) * New App highlighting. When apps are added to the master Palo Alto Networks applipedia, Splunk will get the apps and index them. Then, dashboard panels can be created to show when new apps are added, or if any traffic in the network is matching these new apps. ([550fca6](550fca6)) * Add normalized objects for firewall and Panorama commits ([0983558](0983558)), closes [#220](#220) * Add support for wildcard address objects ([e859ff6](e859ff6)), closes [#228](#228) [#226](#226) * Support for Dynamic Address Groups and Dynamic Address Objects (IP address tagging). This feature is utilized similarly to 'panblock', but the command is 'pantag'. ([8753410](8753410)) ### Bug Fixes * config field 'host' overlapped with Splunk default field 'host'. Changed to 'client_ip'. Changed 'client' to 'client_type'. ([5bb9a9f](5bb9a9f)) * config field 'host' overlapped with Splunk default field 'host'. Changed to 'client_ip'. Changed 'client' to 'client_type'. ([d1f5e76](d1f5e76)) * Correct how target_version is determined ([4269200](4269200)), closes [#216](#216) * Fix tag-allowed property of VirtualWire ([f02143e](f02143e)), closes [#232](#232) [#221](#221) * if there are no registered addresses iterator will throw exception ([eabfbd9](eabfbd9)) ### Reverts * Revert "Added a Splunk 6 Data Model to represent the Palo Alto Networks log structure. Currently this model is NOT accelerated due to known Splunk issue (SPL-74415)" ([60b23f9](60b23f9)) * Revert "Possible Malware Traffic table search made much more efficient". It is more efficient, on initial testing, but requires more testing of corner cases. Reversing the commit until more testing can be done. ([90fae34](90fae34))
github-actions bot
pushed a commit
that referenced
this pull request
Jul 24, 2020
## 1.0.0-beta.1 (2020-07-24) ### Features * IP Classification and easier field usage. Fields added: user, src_class, dst_class, server_ip, server_location, client_ip, client_location. Note that client_ip was already in use by the config logs and dashboard, so that client_ip field is renamed to admin_ip, and the client_type field is renamed to admin_type. This is done to avoid naming conflicts. ([f2405cb](f2405cb)) * New App highlighting. When apps are added to the master Palo Alto Networks applipedia, Splunk will get the apps and index them. Then, dashboard panels can be created to show when new apps are added, or if any traffic in the network is matching these new apps. ([550fca6](550fca6)) * Add normalized objects for firewall and Panorama commits ([0983558](0983558)), closes [#220](#220) * Add support for wildcard address objects ([e859ff6](e859ff6)), closes [#228](#228) [#226](#226) * Support for Dynamic Address Groups and Dynamic Address Objects (IP address tagging). This feature is utilized similarly to 'panblock', but the command is 'pantag'. ([8753410](8753410)) ### Bug Fixes * config field 'host' overlapped with Splunk default field 'host'. Changed to 'client_ip'. Changed 'client' to 'client_type'. ([5bb9a9f](5bb9a9f)) * config field 'host' overlapped with Splunk default field 'host'. Changed to 'client_ip'. Changed 'client' to 'client_type'. ([d1f5e76](d1f5e76)) * Correct how target_version is determined ([4269200](4269200)), closes [#216](#216) * Fix tag-allowed property of VirtualWire ([f02143e](f02143e)), closes [#232](#232) [#221](#221) * if there are no registered addresses iterator will throw exception ([eabfbd9](eabfbd9)) ### Reverts * Revert "Added a Splunk 6 Data Model to represent the Palo Alto Networks log structure. Currently this model is NOT accelerated due to known Splunk issue (SPL-74415)" ([60b23f9](60b23f9)) * Revert "Possible Malware Traffic table search made much more efficient". It is more efficient, on initial testing, but requires more testing of corner cases. Reversing the commit until more testing can be done. ([90fae34](90fae34))
github-actions bot
pushed a commit
that referenced
this pull request
Jul 24, 2020
## 1.0.0-beta.1 (2020-07-24) ### Features * IP Classification and easier field usage. Fields added: user, src_class, dst_class, server_ip, server_location, client_ip, client_location. Note that client_ip was already in use by the config logs and dashboard, so that client_ip field is renamed to admin_ip, and the client_type field is renamed to admin_type. This is done to avoid naming conflicts. ([f2405cb](f2405cb)) * New App highlighting. When apps are added to the master Palo Alto Networks applipedia, Splunk will get the apps and index them. Then, dashboard panels can be created to show when new apps are added, or if any traffic in the network is matching these new apps. ([550fca6](550fca6)) * Add normalized objects for firewall and Panorama commits ([0983558](0983558)), closes [#220](#220) * Add support for wildcard address objects ([e859ff6](e859ff6)), closes [#228](#228) [#226](#226) * Support for Dynamic Address Groups and Dynamic Address Objects (IP address tagging). This feature is utilized similarly to 'panblock', but the command is 'pantag'. ([8753410](8753410)) ### Bug Fixes * config field 'host' overlapped with Splunk default field 'host'. Changed to 'client_ip'. Changed 'client' to 'client_type'. ([5bb9a9f](5bb9a9f)) * config field 'host' overlapped with Splunk default field 'host'. Changed to 'client_ip'. Changed 'client' to 'client_type'. ([d1f5e76](d1f5e76)) * Correct how target_version is determined ([4269200](4269200)), closes [#216](#216) * Fix tag-allowed property of VirtualWire ([f02143e](f02143e)), closes [#232](#232) [#221](#221) * if there are no registered addresses iterator will throw exception ([eabfbd9](eabfbd9)) ### Reverts * Revert "Added a Splunk 6 Data Model to represent the Palo Alto Networks log structure. Currently this model is NOT accelerated due to known Splunk issue (SPL-74415)" ([60b23f9](60b23f9)) * Revert "Possible Malware Traffic table search made much more efficient". It is more efficient, on initial testing, but requires more testing of corner cases. Reversing the commit until more testing can be done. ([90fae34](90fae34))
|
🎉 This PR is included in version 1.0.0-beta.1 🎉 The release is available on PyPI and GitHub release
|
github-actions bot
pushed a commit
that referenced
this pull request
Aug 17, 2020
## 1.0.0 (2020-08-17) ### Features * IP Classification and easier field usage. Fields added: user, src_class, dst_class, server_ip, server_location, client_ip, client_location. Note that client_ip was already in use by the config logs and dashboard, so that client_ip field is renamed to admin_ip, and the client_type field is renamed to admin_type. This is done to avoid naming conflicts. ([f2405cb](f2405cb)) * New App highlighting. When apps are added to the master Palo Alto Networks applipedia, Splunk will get the apps and index them. Then, dashboard panels can be created to show when new apps are added, or if any traffic in the network is matching these new apps. ([550fca6](550fca6)) * Add `type` parameter to `CustomUrlCategory` ([f3c85d6](f3c85d6)), closes [#244](#244) * Add FQDN support to IKE gateways ([722594c](722594c)), closes [#250](#250) [#252](#252) * Add normalized objects for firewall and Panorama commits ([0983558](0983558)), closes [#220](#220) * Add support for wildcard address objects ([e859ff6](e859ff6)), closes [#228](#228) [#226](#226) * Support for Dynamic Address Groups and Dynamic Address Objects (IP address tagging). This feature is utilized similarly to 'panblock', but the command is 'pantag'. ([8753410](8753410)) ### Bug Fixes * config field 'host' overlapped with Splunk default field 'host'. Changed to 'client_ip'. Changed 'client' to 'client_type'. ([5bb9a9f](5bb9a9f)) * config field 'host' overlapped with Splunk default field 'host'. Changed to 'client_ip'. Changed 'client' to 'client_type'. ([d1f5e76](d1f5e76)) * Correct how target_version is determined ([4269200](4269200)), closes [#216](#216) * Fix tag-allowed property of VirtualWire ([f02143e](f02143e)), closes [#232](#232) [#221](#221) * if there are no registered addresses iterator will throw exception ([eabfbd9](eabfbd9)) * Perform release on master branch ([7da85ef](7da85ef)) ### Reverts * Revert "Added a Splunk 6 Data Model to represent the Palo Alto Networks log structure. Currently this model is NOT accelerated due to known Splunk issue (SPL-74415)" ([60b23f9](60b23f9)) * Revert "Possible Malware Traffic table search made much more efficient". It is more efficient, on initial testing, but requires more testing of corner cases. Reversing the commit until more testing can be done. ([90fae34](90fae34))
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Added ip-wildcard as a type in the AddressObject PanObject
Closes #226
I chose not to use a version profile for this parameter because the user will get an error on pre-9.0 versions either way. For example, there's no reason to omit the ip-wildcard on 8.1 because that AddressObject would be invalid anyway.
Motivation and Context
Support new feature in PAN-OS 9.0
How Has This Been Tested?
Tested against PA-220
Types of changes
Checklist