Forum Discussion

Vitor_Santos's avatar
5 years ago

PaloAlto 'apikey' PropertySource

Hello!

I've created a property source (PS script) that will retrieve/populate automatically the 'paloalto.apikey.pass' property within Palo Alto firewalls (since a bunch of datasources require that key).
This will be easier than retrieving the api key manually & then create the custom property for each firewall.

this will make use of the ssh credentials & also requires a LM apikey in order to actually PATCH the device in question.
Sharing this with everyone in case it is useful for you guys as well.

I've tried to publish it in LM Exchange but I'm retrieving the error below:



I'm new to LM so, excuse me if I'm being noob & missing an obvious thing ?

Shared the PS script within GitHub -> https://github.com/vitor7santos/LogicMonitor.git

Feel free to use it & let me know your comments/suggestions/etc...

Regards,

  • I've just applied that to our environment & will further let you know how it goes.
    We've some new Palo Alto(s) to add into monitoring so I'll just use those to test this out.

    Thank you for that property suggestion, it makes sense. We're currently using a global property for an API account that we created (that gets inherited by all devices) - That's why I've the need to pass the 'hasCategory("PaloAlto")' in the property source (to make sure it gets routed only to Palo Alto stuff).
    I guess it ends up being easier than creating multiple API properties for the different technologies.

    Related with your powershell encoding suggestion, thanks a lot for that tip man. I created a function for that lol (apologize my noob stuff) - from now on I'll definitely make use of that feature

  • Anonymous's avatar
    Anonymous

    Alright, give this a couple tests if you wouldn't mind. I standardized the property names to match my personal rules, which specify one API token per LogicModule and the api token id/key/company properties use the LogicModule name. This allows the appliesTo to simply be:

    paloalto.apikey.lm.id && paloalto.apikey.lm.key && paloalto.apikey.lm.company && ssh.user && ssh.pass

    You take care of making sure the paloalto.apikey.lm.* properties are on the right device and you don't have to worry about categories or anything else. 

    Also a tip: the password encoding can be done much more simply in powershell. It's called URI (or URL) encoding: https://stackoverflow.com/questions/23548386/how-do-i-replace-spaces-with-20-in-powershell. Looks like you just have to add System.web to make EscapeDataString work.

  • 12 hours ago, Stuart Weenig said:

    I haven't seen that warning before, but it could be related to the upcoming changes they're making to the Exchange. Consequently, there's a fairly manual review and publication process for modules submitted to the Exchange right now. Github is probably the better way to do it for the time being. 

    Nice PS. You mind if I take your logic and try to make it work in groovy? That way this PS can run on either Windows or Linux collector (as opposed to only running on Windows now).


    Makes sense, will use Github for now.
    Not at all, feel free to use it @Stuart Weenig

  • Anonymous's avatar
    Anonymous

    I haven't seen that warning before, but it could be related to the upcoming changes they're making to the Exchange. Consequently, there's a fairly manual review and publication process for modules submitted to the Exchange right now. Github is probably the better way to do it for the time being. 

    Nice PS. You mind if I take your logic and try to make it work in groovy? That way this PS can run on either Windows or Linux collector (as opposed to only running on Windows now).