Vitor Santos

PaloAlto 'apikey' PropertySource

Recommended Posts

Posted (edited)

Hello!

I've created a property source (PS script) that will retrieve/populate automatically the 'paloalto.apikey.pass' property within Palo Alto firewalls (since a bunch of datasources require that key).
This will be easier than retrieving the api key manually & then create the custom property for each firewall.

this will make use of the ssh credentials & also requires a LM apikey in order to actually PATCH the device in question.
Sharing this with everyone in case it is useful for you guys as well.

I've tried to publish it in LM Exchange but I'm retrieving the error below:

image.png.7f4553661fb7bb3b1076d15f9f2ecc5e.png

I'm new to LM so, excuse me if I'm being noob & missing an obvious thing 😄

Shared the PS script within GitHub -> https://github.com/vitor7santos/LogicMonitor.git

Feel free to use it & let me know your comments/suggestions/etc...

Regards,

Edited by Vitor Santos
Typo

Share this post


Link to post
Share on other sites

I haven't seen that warning before, but it could be related to the upcoming changes they're making to the Exchange. Consequently, there's a fairly manual review and publication process for modules submitted to the Exchange right now. Github is probably the better way to do it for the time being. 

Nice PS. You mind if I take your logic and try to make it work in groovy? That way this PS can run on either Windows or Linux collector (as opposed to only running on Windows now).

Share this post


Link to post
Share on other sites
12 hours ago, Stuart Weenig said:

I haven't seen that warning before, but it could be related to the upcoming changes they're making to the Exchange. Consequently, there's a fairly manual review and publication process for modules submitted to the Exchange right now. Github is probably the better way to do it for the time being. 

Nice PS. You mind if I take your logic and try to make it work in groovy? That way this PS can run on either Windows or Linux collector (as opposed to only running on Windows now).


Makes sense, will use Github for now.
Not at all, feel free to use it @Stuart Weenig

Share this post


Link to post
Share on other sites

Alright, give this a couple tests if you wouldn't mind. I standardized the property names to match my personal rules, which specify one API token per LogicModule and the api token id/key/company properties use the LogicModule name. This allows the appliesTo to simply be:

paloalto.apikey.lm.id && paloalto.apikey.lm.key && paloalto.apikey.lm.company && ssh.user && ssh.pass

You take care of making sure the paloalto.apikey.lm.* properties are on the right device and you don't have to worry about categories or anything else. 

Also a tip: the password encoding can be done much more simply in powershell. It's called URI (or URL) encoding: https://stackoverflow.com/questions/23548386/how-do-i-replace-spaces-with-20-in-powershell. Looks like you just have to add System.web to make EscapeDataString work.

Share this post


Link to post
Share on other sites

I've just applied that to our environment & will further let you know how it goes.
We've some new Palo Alto(s) to add into monitoring so I'll just use those to test this out.

Thank you for that property suggestion, it makes sense. We're currently using a global property for an API account that we created (that gets inherited by all devices) - That's why I've the need to pass the 'hasCategory("PaloAlto")' in the property source (to make sure it gets routed only to Palo Alto stuff).
I guess it ends up being easier than creating multiple API properties for the different technologies.

Related with your powershell encoding suggestion, thanks a lot for that tip man. I created a function for that lol (apologize my noob stuff) - from now on I'll definitely make use of that feature

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.