Object
You have a list of web sites that you want to check the categories recognized by PAN-DB (or BrightCloud). It's not ideal to check the categories on Test-A-site (https://urlfiltering.paloaltonetworks.com) or on BrightCloud URL/IP lookup page (http://www.brightcloud.com/tools/url-ip-lookup.php) one by one when there are too many sites to check.
Solution
The firewall CLI accepts multiple lines of commands at one time. So, this can be achieved by following steps.
- Create a text file that contains the list of "test url <url>" commands.
- (Optional) Switch URL filtering database as needed.
> set system setting url-database <paloaltonetworks or brightcloud>
https://live.paloaltonetworks.com/t5/Learning-Articles/PAN-DB-URL-Filtering-CLI-Command-Reference/ta-p/61598
- Copy & paste entire text onto firewall CLI.
> test url www.paloaltonetworks.com
www.paloaltonetworks.com computer-and-internet-info (Base db) expires in 24000 seconds
www.paloaltonetworks.com computer-and-internet-info (Cloud db)
> test url www.google.com
www.google.com search-engines (Base db) expires in 0 seconds
www.google.com search-engines (Cloud db)
:
Object
Obtaining the list of Threat Names for a certain range of Threat ID.
Solution
- Create a text file that contains the list of "show threat id <id>" commands.
show threat id 3800000
show threat id 3800001
:
|
In order to create such text, following script can be used.
#!/bin/bash
for i in {3800000..3804000}
do
echo 'show threat id '${i} >> command_list.txt
done
|
The Threat ID range can be found in the following article.
https://live.paloaltonetworks.com/t5/Threat-Articles/Threat-ID-Ranges-in-the-Palo-Alto-Networks-Content-Database/ta-p/59969
- Copy & paste entire text onto firewall CLI.
> show threat id 3800000
unknown
spyware
> show threat id 3800001
This signature detected generic:geik.ddns[.]net
medium
:
Additional Tips
The list of commands for packet-diag can be saved as a text and executed in the same way.
https://live.paloaltonetworks.com/t5/Learning-Articles/How-to-Run-a-Packet-Capture/ta-p/62390