PaloAlto 'apikey' PropertySource

I haven't seen that warning before, but it could be related to the upcoming changes they're making to the Exchange. Consequently, there's a fairly manual review and publication process for modules submitted to the Exchange right now. Github is probably the better way to do it for the time being. 

Nice PS. You mind if I take your logic and try to make it work in groovy? That way this PS can run on either Windows or Linux collector (as opposed to only running on Windows now).

12 hours ago, Stuart Weenig said:

I haven't seen that warning before, but it could be related to the upcoming changes they're making to the Exchange. Consequently, there's a fairly manual review and publication process for modules submitted to the Exchange right now. Github is probably the better way to do it for the time being. 

Nice PS. You mind if I take your logic and try to make it work in groovy? That way this PS can run on either Windows or Linux collector (as opposed to only running on Windows now).

Makes sense, will use Github for now.
Not at all, feel free to use it @Stuart Weenig! 

Alright, give this a couple tests if you wouldn't mind. I standardized the property names to match my personal rules, which specify one API token per LogicModule and the api token id/key/company properties use the LogicModule name. This allows the appliesTo to simply be:

paloalto.apikey.lm.id && paloalto.apikey.lm.key && paloalto.apikey.lm.company && ssh.user && ssh.pass

You take care of making sure the paloalto.apikey.lm.* properties are on the right device and you don't have to worry about categories or anything else. 

Also a tip: the password encoding can be done much more simply in powershell. It's called URI (or URL) encoding: https://stackoverflow.com/questions/23548386/how-do-i-replace-spaces-with-20-in-powershell. Looks like you just have to add System.web to make EscapeDataString work.

I've just applied that to our environment & will further let you know how it goes.
We've some new Palo Alto(s) to add into monitoring so I'll just use those to test this out.

Thank you for that property suggestion, it makes sense. We're currently using a global property for an API account that we created (that gets inherited by all devices) - That's why I've the need to pass the 'hasCategory("PaloAlto")' in the property source (to make sure it gets routed only to Palo Alto stuff).
I guess it ends up being easier than creating multiple API properties for the different technologies.

Related with your powershell encoding suggestion, thanks a lot for that tip man. I created a function for that lol (apologize my noob stuff) - from now on I'll definitely make use of that feature