How to retrieve or export threat signature information from firewall with CLI, XML API and GUI?

How to retrieve or export threat signature information from firewall with CLI, XML API and GUI?

3986168
Created On 04/01/20 03:08 AM - Last Modified 07/11/25 15:15 PM


Objective


This article describes the steps to retrieve or export threat signatures information from the firewall with CLI, XML API and GUI. 

Environment


- PAN-OS 8.0 and later.
- This article assumes that an API key is already generated. Refer to https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/get-your-api-key if you have not generated an API key.
 

Procedure


Firewall CLI:
- The following command will provide output for both vulnerability protection and anti-spyware signatures available on the firewall.

> show predefined xpath /predefined/threats

threats {
  phone-home {
    18250 {
      threatname "Microsoft Phishing Site Detection";
      category phishing-kit;
      severity critical;
      engine-version;
      default-action reset-both;
    }
    18575 {
      threatname "Bartblaze PHP Webshell Traffic Detection";
      category webshell;
      severity medium;
      engine-version;
      default-action alert;
    }

....truncated...

- User can also specify vulnerability protection or anti-spyware signatures output only with the following commands

> show predefined xpath /predefined/threats/vulnerability

> show predefined xpath /predefined/threats/phone-home


XML API:

-To display both vulnerability protection and anti-spyware signatures available on the firewall.

https[:]//FIREWALL-IPADDRESS/api/?key=APIKEY&type=op&cmd=<show><predefined><xpath>/predefined/threats</xpath></predefined></show>

The output will look similar to the screenshot below:

User-added image

- User can also specify vulnerability protection or anti-spyware signatures output only with the following XML API commands


https[:]//FIREWALL-IPADDRESS/api/?key=APIKEY&type=op&cmd=<show><predefined><xpath>/predefined/threats/vulnerability</xpath></predefined></show>
https[:]//FIREWALL-IPADDRESS/api/?key=APIKEY&type=op&cmd=<show><predefined><xpath>/predefined/phone-home</xpath></predefined></show>




Firewall GUI:

Vulnerability Protection Profile - Navigate to the vulnerability protection profile, click on the Exceptions tab, check "Show all signatures" and click PDF/CSV to export the file.




Anti-Spyware Profile - Navigate to the Anti-Spyware profile, click on the Signature Exceptions tab, check the "Show all signatures" and click PDF/CSV to export the file.


 

Additional Information


- https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/pan-os/11-1/pan-os-panorama-api/pan-os-panorama-api.pdf
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPOLCA4&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language