PaloAltoNetworks · GrantGabbert · Apr 5, 2024 · Apr 5, 2024 · Apr 5, 2024
diff --git a/...AN_OS_Upgrade_Services/Integrations/PAN_OS_Device_Management/PAN_OS_Device_Management.yml b/...AN_OS_Upgrade_Services/Integrations/PAN_OS_Device_Management/PAN_OS_Device_Management.yml
@@ -1,72 +1,72 @@
+category: Network Security
 commonfields:
   id: PAN-OS Device Management
   version: -1
-vcShouldKeepItemLegacyProdMachine: false
-name: PAN-OS Device Management
-display: PAN-OS Device Management
-category: Network Security
-description: Ingests PAN-OS NGFW's connected to Panorama as XSOAR objects, and continously montior for best practice issues.
 configuration:
-- display: Server URL (e.g. https://panorama.corp.local)
+- defaultvalue: https://panorama.corp.local
+  display: Server URL (e.g. https://panorama.corp.local)
   name: url
-  defaultvalue: https://panorama.corp.local
-  type: 0
   required: true
+  type: 0
 - display: API Key
   name: key
-  type: 4
   required: true
-- display: Server Port
+  type: 4
+- default: 443
+  display: Server Port
   name: port
-  type: 0
   required: false
-  default: 443
+  type: 0
 - display: Fetch Configuration  Issues from Panorama as Indicators
   name: fetch_panorama_hygiene_issues
-  type: 8
   required: false
+  type: 8
 - display: Trust any certificate (not secure)
   name: insecure
-  type: 8
   required: false
+  type: 8
 - display: Use system proxy settings
   name: proxy
-  type: 8
   required: false
+  type: 8
 - display: Fetch indicators
   name: feed
-  type: 8
   required: false
-- display: ""
+  type: 8
+- defaultvalue: indicatorType
+  display: ""
   name: feedExpirationPolicy
-  defaultvalue: indicatorType
-  type: 17
-  required: false
   options:
   - never
   - interval
   - indicatorType
   - suddenDeath
-- display: ""
+  required: false
+  type: 17
+- defaultvalue: "20160"
+  display: ""
   name: feedExpirationInterval
-  defaultvalue: "20160"
-  type: 1
   required: false
-- display: Feed Fetch Interval
+  type: 1
+- defaultvalue: "240"
+  display: Feed Fetch Interval
   name: feedFetchInterval
-  defaultvalue: "240"
-  type: 19
-  required: false
-- display: Bypass exclusion list
-  name: feedBypassExclusionList
-  type: 8
   required: false
-  additionalinfo: When selected, the exclusion list is ignored for indicators from
+  type: 19
+- additionalinfo: When selected, the exclusion list is ignored for indicators from
     this feed. This means that if an indicator from this feed is on the exclusion
     list, the indicator might still be added to the system.
+  display: Bypass exclusion list
+  name: feedBypassExclusionList
+  required: false
+  type: 8
+description: Ingests PAN-OS NGFW's connected to Panorama as XSOAR objects, and continously montior for best practice issues.
+display: PAN-OS Device Management
+name: PAN-OS Device Management
 script:
-  type: python
   dockerimage: demisto/pan-os-python:1.0.0.30307
   feed: true
   runonce: false
-  subtype: python3
+  subtype: python3
+  type: python
+vcShouldKeepItemLegacyProdMachine: false
diff --git a/...PAN_OS_Upgrade_Services/Integrations/PAN_OS_Upgrade_Assurance/PAN_OS_Upgrade_Assurance.py b/...PAN_OS_Upgrade_Services/Integrations/PAN_OS_Upgrade_Assurance/PAN_OS_Upgrade_Assurance.py
@@ -1,6 +1,9 @@
-from CommonServerPython import *
+import demistomock as demisto  # noqa: F401
+from CommonServerPython import *  # noqa: F401
+
 
 from typing import Optional, List
+from urllib.parse import urlparse
 
 from panos_upgrade_assurance.firewall_proxy import FirewallProxy
 from panos_upgrade_assurance.check_firewall import CheckFirewall
@@ -267,10 +270,23 @@ def command_compare_snapshots():
 
 
 def main():
-    panorama_ip = demisto.params().get("url")
-    panorama_user = demisto.params().get("panorama_user")
-    panorama_password = demisto.params().get("panorama_password")
-    panorama = get_panorama(panorama_ip, panorama_user, panorama_password)
+    #GG panorama_ip = demisto.params().get("url")
+    #GG panorama_user = demisto.params().get("panorama_user")
+    #GG panorama_password = demisto.params().get("panorama_password")
+    #GG panorama = get_panorama(panorama_ip, panorama_user, panorama_password)
+
+    # copied from device mgmt...
+    params = demisto.params()
+    api_key = str(params.get('key')) or str((params.get('credentials') or {}).get('password', ''))
+    parsed_url = urlparse(params.get("url"))
+    port = params.get("port", "443")
+    hostname = parsed_url.hostname
+
+    panorama = Panorama.create_from_device(
+        hostname=hostname,
+        api_key=api_key,
+        port=port
+    )
 
     handle_proxy()
 

diff --git a/...AN_OS_Upgrade_Services/Integrations/PAN_OS_Upgrade_Assurance/PAN_OS_Upgrade_Assurance.yml b/...AN_OS_Upgrade_Services/Integrations/PAN_OS_Upgrade_Assurance/PAN_OS_Upgrade_Assurance.yml
@@ -1,168 +1,109 @@
 category: Utilities
-description: Operational testing for PAN-OS for PAN-OS upgrades.
 commonfields:
   id: PAN_OS_Upgrade_Assurance
   version: -1
-name: PAN_OS_Upgrade_Assurance
-display: PAN-OS Assurance Testing
 configuration:
-- display: Panorama IP or Hostname
+- defaultvalue: 192.168.1.1
+  display: Panorama IP or Hostname
   name: url
-  defaultvalue: 192.168.1.1
-  type: 0
   required: true
-- display: Panorama Username
-  name: panorama_user
   type: 0
-  required: true
-- display: Panorama Password
-  name: panorama_password
-  type: 4
-  required: true
 - display: Server Port
   name: port
-  type: 4
   required: false
+  type: 4
 - display: Trust any certificate (not secure)
   name: insecure
-  type: 8
   required: false
+  type: 8
 - display: Use system proxy settings
   name: proxy
-  type: 8
   required: false
+  type: 8
+- display: API Key
+  name: key
+  required: true
+  type: 4
+description: Operational testing for PAN-OS for PAN-OS upgrades.
+display: PAN-OS Assurance Testing
+name: PAN_OS_Upgrade_Assurance
 script:
   commands:
-  - deprecated: false
-    description: "Runs checks to confirm a PAN-OS firewall is ready to be upgraded."
-    name: pan-os-assurance-run-readiness-checks
-    arguments:
-    - name: firewall_serial
-      isArray: false
-      description: The firewall serial number to run validations against. Use `pan-os-platform-get-system-info if not known`.
+  - arguments:
+    - description: The firewall serial number to run validations against. Use `pan-os-platform-get-system-info if not known`.
+      name: firewall_serial
       required: true
-      secret: false
-      default: false
-    - name: check_list
+    - description: List of tests to run. If not provided, a base set of tests will be run.
       isArray: true
-      description: List of tests to run. If not provided, a base set of tests will be run.
-      required: false
-      secret: false
-      default: false
-    - name: min_content_version
-      isArray: false
-      description: The minimum content version to check for, enables "content_version" check
-      required: false
-      secret: false
-      default: false
-    - name: candidate_version
-      isArray: false
-      description: The candidate version to runchecks against. Enables "free_disk_space" check
-      required: false
-      secret: false
-      default: false
-    - name: dp_mp_clock_diff
-      isArray: false
-      description: The drift allowed between DP clock and MP clock. Enabled "planes_clock_sync" check.
-      required: false
-      secret: false
-      default: false
-    - name: ipsec_tunnel_status
-      isArray: false
-      description: Check a specific IPsec - by tunnel name. Tunnel must be up for this check to pass.
-      required: false
-      secret: false
-      default: false
-    - name: arp_entry_exists
-      isArray: false
-      description: Check for the existence of a specific IP in the ARP Table.
-      required: false
-      secret: false
-      default: false
-    - name: check_session_exists
-      isArray: false
-      description: |
+      name: check_list
+    - description: The minimum content version to check for, enables "content_version" check
+      name: min_content_version
+    - description: The candidate version to runchecks against. Enables "free_disk_space" check
+      name: candidate_version
+    - description: The drift allowed between DP clock and MP clock. Enabled "planes_clock_sync" check.
+      name: dp_mp_clock_diff
+    - description: Check a specific IPsec - by tunnel name. Tunnel must be up for this check to pass.
+      name: ipsec_tunnel_status
+    - description: Check for the existence of a specific IP in the ARP Table.
+      name: arp_entry_exists
+    - description: |
         Check for the presence of a specific connection. Session check format is <source>/destination/destination-port. example: 10.10.10.10/8.8.8.8/443
-      required: false
-      secret: false
-      default: false
+      name: check_session_exists
+    description: Runs checks to confirm a PAN-OS firewall is ready to be upgraded.
+    name: pan-os-assurance-run-readiness-checks
     outputs:
-      - contextPath: FirewallAssurance.ReadinessCheckResults
-        description: Readiness check results
-        type: Unknown
-  - deprecated: false
-    description: "Takes a snapshot of the operational state of the system."
+    - contextPath: FirewallAssurance.ReadinessCheckResults
+      description: Readiness check results
+      type: Unknown
+  - arguments:
+    - description: The firewall serial number to run validations against. Use `pan-os-platform-get-system-info if not known`.
+      name: firewall_serial
+      required: true
+    - default: true
+      description: The name of the snapshot to take. Defaults to "fw_snapshot"
+      name: snapshot_name
+    - description: List of tests to run. If not provided, a base set of tests will be run.
+      isArray: true
+      name: check_list
+    description: Takes a snapshot of the operational state of the system.
     name: pan-os-assurance-run-snapshot
-    arguments:
-      - name: firewall_serial
-        isArray: false
-        description: The firewall serial number to run validations against. Use `pan-os-platform-get-system-info if not known`.
-        required: true
-        secret: false
-        default: false
-      - name: snapshot_name
-        isArray: false
-        description: The name of the snapshot to take. Defaults to "fw_snapshot"
-        required: false
-        secret: false
-        default: true
-      - name: check_list
-        isArray: true
-        description: List of tests to run. If not provided, a base set of tests will be run.
-        required: false
-        secret: false
-        default: false
     outputs:
-      - contextPath: File.EntryID
-        description: The EntryID of the report file.
-        type: Unknown
-      - contextPath: File.Extension
-        description: The extension of the report file.
-        type: String
-      - contextPath: File.Name
-        description: The name of the report file.
-        type: String
-      - contextPath: File.Info
-        description: The info of the report file.
-        type: String
-      - contextPath: File.Size
-        description: The size of the report file.
-        type: Number
-      - contextPath: File.Type
-        description: The type of the report file.
-        type: String
-  - deprecated: false
-    description: "Takes a snapshot of the operational state of the system."
+    - contextPath: File.EntryID
+      description: The EntryID of the report file.
+      type: Unknown
+    - contextPath: File.Extension
+      description: The extension of the report file.
+      type: String
+    - contextPath: File.Name
+      description: The name of the report file.
+      type: String
+    - contextPath: File.Info
+      description: The info of the report file.
+      type: String
+    - contextPath: File.Size
+      description: The size of the report file.
+      type: Number
+    - contextPath: File.Type
+      description: The type of the report file.
+      type: String
+  - arguments:
+    - description: The Left (or "first") snapshot to compare.
+      name: left_snapshot_id
+      required: true
+    - description: The right (or "second") snapshot to compare.
+      name: right_snapshot_id
+      required: true
+    description: Takes a snapshot of the operational state of the system.
     name: pan-os-assurance-compare-snapshots
-    arguments:
-      - name: left_snapshot_id
-        isArray: false
-        description: The Left (or "first") snapshot to compare.
-        required: true
-        secret: false
-        default: false
-      - name: right_snapshot_id
-        isArray: false
-        description: The right (or "second") snapshot to compare.
-        required: true
-        secret: false
-        default: false
     outputs:
-      - contextPath: FirewallAssurance.SnapshotComparisonResult
-        description: Snapshot comparison results
-        type: Unknown
-      - contextPath: FirewallAssurance.SnapshotComparisonRawResult
-        description: The complete snapshot comparison results
-        type: Unknown
-  script: '-'
-  type: python
-  subtype: python3
-  dockerimage: ghcr.io/paloaltonetworks/panos_upgrade_assurance:latest
-  feed: false
-  isfetch: false
+    - contextPath: FirewallAssurance.SnapshotComparisonResult
+      description: Snapshot comparison results
+      type: Unknown
+    - contextPath: FirewallAssurance.SnapshotComparisonRawResult
+      description: The complete snapshot comparison results
+      type: Unknown
+  dockerimage: ghcr.io/paloaltonetworks/panos_upgrade_assurance:v0.3.0
   runonce: false
-  longRunning: false
-  longRunningPort: false
-fromversion: 6.0.0
-tests:
-- No tests
+  script: ''
+  subtype: python3
+  type: python