Module: objects

Inheritance diagram

Inheritance diagram of pandevice.objects

Class Reference

Objects module contains objects that exist in the ‘Objects’ tab in the firewall GUI

class pandevice.objects.AddressGroup(*args, **kwargs)[source]

Address Group

Parameters:
  • name (str) – Name of the address group
  • static_value (list) – Values for a static address group
  • dynamic_value (str) – Registered-ip tags for a dynamic address group
  • description (str) – Description of this object
  • tag (list) – Administrative tags (not to be confused with registered-ip tags)
class pandevice.objects.AddressObject(*args, **kwargs)[source]

Address Object

Parameters:
  • name (str) – Name of the object
  • value (str) – IP address or other value of the object
  • type (str) – Type of address: * ip-netmask (default) * ip-range * fqdn
  • description (str) – Description of this object
  • tag (list) – Administrative tags
class pandevice.objects.ApplicationContainer(*args, **kwargs)[source]

ApplicationContainer object

This is a special class that is used in the predefined module. It acts much like an ApplicationGroup object but exists only in the predefined context. It is more or less a way that Palo Alto groups predefined applications together.

Parameters:applications (list) – List of memeber applications
class pandevice.objects.ApplicationFilter(*args, **kwargs)[source]

ApplicationFilter Object

Parameters:
  • name (str) – Name of the object
  • category (list) – Application category
  • subcategory (list) – Application subcategory
  • technology (list) – Application technology
  • risk (list) – Application risk
  • evasive (bool) –
  • excessive_bandwidth_use (bool) –
  • prone_to_misuse (bool) –
  • is_saas (bool) –
  • transfers_files (bool) –
  • tunnels_other_apps (bool) –
  • used_by_malware (bool) –
  • has_known_vulnerabilities (bool) –
  • pervasive (bool) –
  • tag (list) – Administrative tags
class pandevice.objects.ApplicationGroup(*args, **kwargs)[source]

ApplicationGroup Object

Parameters:
  • name (str) – Name of the object
  • value (list) – List of application values
  • tag (list) – Administrative tags
class pandevice.objects.ApplicationObject(*args, **kwargs)[source]

Application Object

Parameters:
  • name (str) – Name of the object
  • category (str) – Application category
  • subcategory (str) – Application subcategory
  • technology (str) – Application technology
  • risk (int) – Risk (1-5) of the application
  • default_type (str) – Default identification type of the application
  • default_value (list) – Values for the default type
  • parent_app (str) – Parent Application for which this app falls under
  • timeout (int) – Default timeout
  • tcp_timeout (int) – TCP timeout
  • udp_timeout (int) – UDP timeout
  • tcp_half_closed_timeout (int) – TCP half closed timeout
  • tcp_time_wait_timeout (int) – TCP wait time timeout
  • evasive_behavior (bool) – Applicaiton is actively evasive
  • consume_big_bandwidth (bool) – Application uses large bandwidth
  • used_by_malware (bool) – Application is used by malware
  • able_to_transfer_file (bool) – Application can do file transfers
  • has_known_vulnerability (bool) – Application has known vulnerabilities
  • tunnel_other_application (bool) –
  • tunnel_applications (list) – List of tunneled applications
  • prone_to_misuse (bool) –
  • pervasive_use (bool) –
  • file_type_ident (bool) –
  • virus_ident (bool) –
  • data_ident (bool) –
  • description (str) – Description of this object
  • tag (list) – Administrative tags

Please refer to https://applipedia.paloaltonetworks.com/ for more info on these params

class pandevice.objects.CustomUrlCategory(*args, **kwargs)[source]

Custom url category group

Parameters:
  • name (str) – The name
  • url_value (list) – Values to include in custom URL category object
  • description (str) – Description of this object
class pandevice.objects.DynamicUserGroup(*args, **kwargs)[source]

Dynamic user group.

Note: PAN-OS 9.1+

Parameters:
  • name – Name of the dynamic user group
  • description (str) – Description of this object
  • filter – Tag-based filter.
  • tag (list) – Administrative tags
class pandevice.objects.LogForwardingProfile(*args, **kwargs)[source]

A log forwarding profile.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The name
  • description (str) – The description
  • enhanced_logging (bool) – (PAN-OS 8.1+) Enabling enhanced application logging
class pandevice.objects.LogForwardingProfileMatchList(*args, **kwargs)[source]

A log forwarding profile match list entry.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The name
  • description (str) – Description
  • log_type (str) – Log type. Valid values are traffic, threat, wildfire, url, data, gtp, tunnel, auth, or sctp (PAN-OS 8.1+).
  • filter (str) – The filter.
  • send_to_panorama (bool) – Send to panorama or not
  • snmp_profiles (str/list) – List of SnmpServerProfiles.
  • email_profiles (str/list) – List of EmailServerProfiles.
  • syslog_profiles (str/list) – List of SyslogServerProfiles.
  • http_profiles (str/list) – List of HttpServerProfiles.
class pandevice.objects.LogForwardingProfileMatchListAction(*args, **kwargs)[source]

Action for a log forwarding profile match list entry.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The name
  • action_type (str) – Action type. Valid values are tagging (default) or (PAN-OS 8.1+) integration.
  • action (str) – The action. Valid values are add-tag, remove-tag, or (PAN-OS 8.1+) Azure-Security-Center-Integration.
  • target (str) – The target. Valid values are source-address or destination-address.
  • registration (str) – Registration. Valid values are localhost, panorama, or remote.
  • http_profile (str) – The HTTP profile for registration of “remote”.
  • tags (str/list) – List of administrative tags.
  • timeout (int) – (PAN-OS 9.0+) Timeout in minutes
class pandevice.objects.SecurityProfileGroup(*args, **kwargs)[source]

Security Profile Group object

Parameters:
  • name (str) – The group name
  • virus (str) – Antivirus profile
  • spyware (str) – Anti-spyware profile
  • vulnerability (str) – Vulnerability protection profile
  • url_filtering (str) – URL filtering profile
  • file_blocking (str) – File blocking profile
  • data_filtering (str) – Data filtering profile
  • wildfire_analysis (str) – WildFire analysis profile
class pandevice.objects.ServiceGroup(*args, **kwargs)[source]

ServiceGroup Object

Parameters:
  • name (str) – Name of the object
  • value (list) – List of service values
  • tag (list) – Administrative tags
class pandevice.objects.ServiceObject(*args, **kwargs)[source]

Service Object

Parameters:
  • name (str) – Name of the object
  • protocol (str) – Protocol of the service, either tcp or udp
  • source_port (str) – Source port of the protocol, if any
  • destination_port (str) – Destination port of the service
  • description (str) – Description of this object
  • tag (list) – Administrative tags
class pandevice.objects.Tag(*args, **kwargs)[source]

Administrative tag

Parameters:
  • name (str) – Name of the tag
  • color (str) – Color ID (eg. ‘color1’, ‘color4’, etc). You can use color_code() to generate the ID.
  • comments (str) – Comments
static color_code(color_name)[source]

Returns the color code for a color

Parameters:color_name (str) –

One of the following colors:

  • red
  • green
  • blue
  • yellow
  • copper
  • orange
  • purple
  • gray
  • light green
  • cyan
  • light gray
  • blue gray
  • lime
  • black
  • gold
  • brown