Skip to content

Commit

Permalink
Merge pull request #680 from PaloAltoNetworks/fix-update4
Browse files Browse the repository at this point in the history
Desc-folder-changes-for-oneal-update4
  • Loading branch information
manukumar6 authored Jun 1, 2024
2 parents b65bf24 + d8052ed commit 4d84e49
Show file tree
Hide file tree
Showing 504 changed files with 11,852 additions and 0 deletions.
11 changes: 11 additions & 0 deletions openapi-specs/compute/32-04/desc/SCAP/get.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
This endpoint will return any SCAP datastreams uploaded to the console. This endpoint will return a 404 error if you have not configured your console to consume SCAP datastreams.

The following is an example curl command that uses basic auth to retrieve any uploaded datastreams configured for SCAP scanning:

```bash
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
https://<CONSOLE>:8083/api/v1/scap
```
11 changes: 11 additions & 0 deletions openapi-specs/compute/32-04/desc/SCAP/id_delete.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
This endpoint will delete any SCAP datastreams uploaded to the console. You can find `xml_name` from the `GET /api/v1/scap` endpoint.

The following is an example curl command that uses basic auth to delete an uploaded datastreams configured for SCAP scanning:

```bash
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X DELETE \
https://<CONSOLE>:8083/api/v1/scap/{xml_name}
```
12 changes: 12 additions & 0 deletions openapi-specs/compute/32-04/desc/SCAP/post.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
This endpoint will allow you to add a SCAP datastream to the console.

The following is an example curl command that uses basic auth to add an uploaded datastreams configured for SCAP scanning:

```bash
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X POST \
-d '{"XMLName":{"Space":"","Local":""}}' \
https://<CONSOLE>:8083/api/v1/scap
```
2 changes: 2 additions & 0 deletions openapi-specs/compute/32-04/desc/SCAP/scap.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Import custom security checklists and evaluate them against your container images.
Custom checklists complement the predefined compliance checks provided in the default Prisma Cloud Compute installation.
1 change: 1 addition & 0 deletions openapi-specs/compute/32-04/desc/_ping/_ping.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Checks if the Console is alive, responsive, and reachable from your network host.
14 changes: 14 additions & 0 deletions openapi-specs/compute/32-04/desc/_ping/get.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
Checks if Console is reachable from your network host.

### cURL Request

Refer to the following cURL example command that pings Console and prints the HTTP response code:

```bash
$ curl -k \
-s \
-o /dev/null \
-w "%{http_code}\n" \
-X GET \
https://<CONSOLE>/api/v<VERSION>/_ping
```
19 changes: 19 additions & 0 deletions openapi-specs/compute/32-04/desc/agentless/agentless.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
The agentless security scan monitors hosts and containers for vulnerabilities and compliance risks by scanning the root volumes of snapshots without the need to install an agent.
Supported cloud service provider platforms for agentless scanning:
* Hosts - Amazon AWS, Google Cloud Platform, Microsoft Azure, and Oracle Cloud Infrastructure.
* Containers- AWS, Azure, and GCP

When you add a cloud account in the Prisma Cloud Compute (Manage > Cloud accounts), enable the agentless scan option and configure the scan scope.

### Authentication

#### Basic Auth
##### Headers
- Authorization: required (string): Authenticates with the Base64-encoded "username:password" credentials.

#### JWT Access Token
Use POST, /api/vVERSION/authenticate for authorization
##### Headers
- Authorization: required (string): Authenticates with the Bearer authentication scheme to transmit the access token.
Example:
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJk…………
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
Shows the progress of an ongoing scan on hosts or containers for vulnerabilities and compliance.

### cURL Request

Refer to the following example cURL command:

```
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
“https://<CONSOLE>/api/v<VERSION>/agentless/progress”
```

### cURL Response

Refer to the following example cURL response:

```
{
"hostname": "",
"id": "",
"scanTime": "2022-11-09T11:10:51.649Z",
"type": "agentlessHost",
"discovery": true,
"total": 5,
"scanned": 2,
"title": "Agentless discovering"
}
]
```
17 changes: 17 additions & 0 deletions openapi-specs/compute/32-04/desc/agentless/post_agentless_scan.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
Scans the hosts or containers for vulnerabilities and compliance.

**Before you begin**
Make sure that you download (use the agentless/templates API) and apply the permission templates in the supported cloud accounts: AWS, Azure, GCP, and OCI.


### cURL Request

Refer to the following example cURL command:

```
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X POST \
“https://<CONSOLE>/api/v<VERSION>/agentless/scan”
```
13 changes: 13 additions & 0 deletions openapi-specs/compute/32-04/desc/agentless/post_agentless_stop.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
Stops an ongoing scan on hosts or containers for vulnerabilities and compliance.

### cURL Request

Refer to the following example cURL command:

```
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X POST \
“https://<CONSOLE>/api/v<VERSION>/agentless/stop”
```
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
Downloads a tarball file that contains the agentless resource permission templates for the cloud accounts. Apply these permission templates to complete the onboarding process for agentless scanning.

* AWS: The tarball contains templates in JSON format ending with the following names:
* _aws_hub_target_user_permissions.json
* _aws_hub_user_permissions.json
* _aws_target_user_permissions.json

For more information on how to apply the permission templates, refer to the "Configure agentless scanning" section in the Prisma Cloud Compute administration guide.

* Azure: Use the following script, that comes bundled in the tarball file, to apply permission template to an Azure cloud account:
* apply_azure_permissions.sh: Run the script with a location (that specifies location of the resource) parameter. For more information on location parameters, see [resource location in ARM template](https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/resource-location?tabs=azure-cli).

* OCI: Use the following script, that comes bundled in the tarball file, to apply permission template to an OCI cloud account:
* pcc-apply-permissions.sh: Run the script with a compartment name parameter.

* GCP: The tarball contains Jinja templates in YAML format ending with the following names:
* _hub_target_access_permissions.yaml.jinja
* _hub_target_user_permissions.yaml.jinja
* _hub_user_permissions.yaml.jinja
* _target_user_permissions.yaml.jinja

For more information on how to apply the permission templates, refer to the "Configure agentless scanning" section in the Prisma Cloud Compute administration guide.

**Note**: The body parameter `credentialID` is required to download templates in tar.gz format.

### Before you begin
Add the supported cloud accounts (AWS, Azure, GCP, and OCI) in Prisma Cloud Compute.

### cURL Request

Refer to the following example cURL command:

```
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X POST \
-O <agentlesstemplate.tar.gz> \
-d {"credentialID":"aws_docs"} \
“https://<CONSOLE>/api/v<VERSION>/agentless/templates”
```
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
Manage alert profiles, which let you surface critical policy breaches by sending alerts to channels, such as email, Slack, and JIRA.

Alert profiles define which events should be sent to which channel.
Each profile declares:

* One or more recipients.
* One or more triggers, that raise alerts by sending messages on the configured channel.

11 changes: 11 additions & 0 deletions openapi-specs/compute/32-04/desc/alert-profiles/get.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
Retrieve a list of all alert profiles created in the system.

The following example curl command uses basic auth to retrieve all alert profiles:

```bash
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
https://<CONSOLE>:8083/api/v1/alert-profiles
```
14 changes: 14 additions & 0 deletions openapi-specs/compute/32-04/desc/alert-profiles/id_delete.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
Deletes an alert profile entry by name.
In the request payload, specify the alert profile name.
This method has no response data.

The following example curl command deletes an existing alert profile named `PROFILE-NAME`.

```bash
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X DELETE \
https://<CONSOLE>:8083/api/v1/alert-profiles/<PROFILE-NAME>
```

20 changes: 20 additions & 0 deletions openapi-specs/compute/32-04/desc/alert-profiles/names_get.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
Retrieve a list of only the names of all alert profiles created in the system.

The following example curl command uses basic auth to retrieve all alert profiles' names:

```bash
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
https://<CONSOLE>:8083/api/v1/alert-profiles/names
```

Example Response:

```
[
"jira",
"aqsa vulns"
]
```
32 changes: 32 additions & 0 deletions openapi-specs/compute/32-04/desc/alert-profiles/post.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
Update an existing alert profile created in the system.

The following example curl command uses basic auth to add a Jira Alert profile:

```bash
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X POST \
https://<CONSOLE>:8083/api/v1/alert-profiles \
-d ' {
"name": "jira",
"_id": "jira",
"jira": {
"enabled": true,
"projectKey": "TWIS",
"issueType": "Task",
"priority": "High",
"labels": [],
"assignee": ""
}
"policy": {
"cve": {
"enabled": true,
"allRules": true,
"rules": [],
"clients": [
"jira"
]
}
} '
```
14 changes: 14 additions & 0 deletions openapi-specs/compute/32-04/desc/alert-profiles/test_post.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
Sends a test alert to verify successful configuration of the alert profile settings.

The following example curl command uses basic auth to send test alert for an email alert profile:

```bash
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X POST \
-d <REQUEST-PAYLOAD>
https://<CONSOLE>:8083/api/v1/alert-profiles/test
```

In this case, the `REQUEST-PAYLOAD` would be the full JSON formatted alert profile from the base `GET` command
8 changes: 8 additions & 0 deletions openapi-specs/compute/32-04/desc/api_restrictions.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
Paginated API requests are capped to a max of 50 returned objects because very large responses could DoS Console.

If the response contains more than 50 objects, cycle through the collection with the `offset` query parameter to retrieve more objects.
For example:

```
https://<CONSOLE>/api/v1/images?limit=50&offset=X
```
10 changes: 10 additions & 0 deletions openapi-specs/compute/32-04/desc/audits/access_delete.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
Deletes **all** access audits. This deletion cannot be undone.


```bash
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X DELETE \
https://console:8083/api/v1/audits/access
```
12 changes: 12 additions & 0 deletions openapi-specs/compute/32-04/desc/audits/access_download_get.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
Returns the docker access audit events data in CSV format that are logged and aggregated for any container resource protected by a Defender in Prisma Cloud Compute.

**Note**: You can download the access events from Console under **Monitor > Events > Docker audits > Download CSV**.

```bash
$ curl -k \
-u <USER> \
-H 'Content-Type: text/csv' \
-X GET \
-O <access_audits.csv> \
"https://<CONSOLE>/api/v<VERSION>/audits/access/download?type=docker"
```
37 changes: 37 additions & 0 deletions openapi-specs/compute/32-04/desc/audits/access_filters_get.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
Retrieves all access audits by specific host filters.
There are three types of host filters based on host history, sudo events on host and SSHD events on hosts.

The following example uses basic auth to list history of commands that are run on hosts protected by Prisma Cloud Compute.


```bash
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
https://console:8083/api/v1/history/host
```

The following command gives list of sudo events on hosts.


```bash
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
https://console:8083/api/v1/audits/access/filters?type=sudo

```

The following command gives list of SSHD events on hosts.

```bash
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
https://console:8083/api/v1/audits/access/filters?type=sshd

```

Loading

0 comments on commit 4d84e49

Please sign in to comment.