How to create HIP Objects via API call

How to create HIP Objects via API call

1552
Created On 05/30/23 23:35 PM - Last Modified 08/02/23 21:26 PM


Objective


To create HIP Objects via API call

Environment


  • Palo Alto Firewall
  • PANOS 8.1 and Later Version
  • HIP Object
  • API

Procedure


The function is performed using https commands directly from a web browser.

  1. Obtain the authorization API key to be used in subsequent API commands. Command below.
 https://<firewall>/api/?type=keygen&user=<username>&password=<password>

Example:

https://10.129.161.132/api/?type=keygen&user=admin&password=xyzxyzxyz@123

Output:
<response status="success">
<result>
<key>LUFRPT1IRjdDNHl1MVZVbFpTL2dDc0drNm5xOEs3WVE9Uk41dHh6MDljcUtnL3NJOW5LblRjUzQybjFpVFFaL0dES3E4TmoxeXdJL2JUaGl5YjV0c2IvYkJ6aEtOQm5jag==</key>
</result>
</response>

 
  1. Issue API command to create HIP object With Patch Management.
Example:  Note: Use Firewall Management IP for <Firewall_IP>; and API Key from step 1.
https://10.129.161.132/api/?key=LUFRPT1WMnNoc1pZMTluSTZMOHJjWU1BdzZteEVuN2c9Uk41dHh6MDljcUtnL3NJOW5LblRjYWJLaGJzdTVSM0l2SHJKQnFhNmloYlZlZHA4cmJlRjRWRjNiS05GNGJUNA==&type=config&action=edit&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/profiles/hip-objects/entry[@name='Test']&element=<entry name="Test"><patch-management><criteria><missing-patches><patches><member>1235</member></patches><check>has-any</check></missing-patches><is-installed>yes</is-installed></criteria><exclude-vendor>no</exclude-vendor></patch-management></entry>

Output:
<response status="success" code="20">
<msg>command succeeded</msg>
</response>
  • Node represents configuration requests (type=config)
  • The XPath location referred in the above command for the HIP object tab is given below.
"&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/profiles/hip-objects"
  1. The Object is now added and can be seen.

image (9).png

  • Entry (@name) means where we have to add the Name of the HIP object, in this scenario we are using "Test"
image (7).png
  • Patch-Management is the sub-location where we added the information about the patches. 
<patch-management><criteria><missing-patches><patches><member>1235</member></patches><check>has-any</check></missing-patches><is-installed>yes</is-installed></criteria><exclude-vendor>no</exclude-vendor></patch-management></entry> 

 

image (8).png

 

  1. Now commit the configuration. Example of commit on firewall through API given below.
https://<firewall>/api/?key=apikey&type=commit&cmd=<commit></commit>
  • Note: Use Firewall Management IP for <Firewall_IP>; and API Key from step 1.

Example:

https://10.129.161.132/api/?key=LUFRPT1WMnNoc1pZMTluSTZMOHJjWU1BdzZteEVuN2c9Uk41dHh6MDljcUtnL3NJOW5LblRjYWJLaGJzdTVSM0l2SHJKQnFhNmloYlZlZHA4cmJlRjRWRjNiS05GNGJUNA==&type=commit&cmd=<commit></commit>

Output:
<response status="success" code="19">
<result>
<msg>
<line>Commit job enqueued with jobid 90</line>
</msg>
<job>90</job>
</result>
</response>


Additional Information


  • How to generate API key here
  • How to commit on firewall through API here
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000bppZCAQ&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail