Palo Alto Target Connector External API Configuration

capam344
This topic describes the required and supported Attributes used when adding or updating a Palo Alto Target Application using the External API.
2
Palo Alto Add Target Application External API Attributes
To add or update a Palo Alto Target application using the External API, use the following properties as members of the "attributes" associative array included in the 'body' parameter of the REST call:
sshPort
Indicates the port that is used to connect to the host using SSH.
Required
Default Value
Valid Values
no
22
0-65535
sshSessionTimeout
When using an SSH connection, specifies the amount of time in milliseconds that Credential Manager waits for the remote host to respond.
Required
Default Value
Valid Values
no
5000
1000-99999
scriptTimeout
Specifies the amount of time in milliseconds that Credential Manager waits to receive some expected input from the remote host.
Required
Default Value
Valid Values
no
5000
5000-59999
useUpdateScriptType
Specifies whether the default, revised, or replacement update script should be used. If you require a revised or replacement script, use the default script and contact CA Services.
Required
Default Value
Valid Values
no
'DEFAULT'
'DEFAULT', 'REVISED' or 'REPLACEMENT'
revisedUpdateScriptFilename
Specifies the name of the file containing the revised update script. The contents of the file is used as the revised script. We recommend that you use the default script and contact CA Services if you require a revised or replacement script.
Required
Default Value
Valid Values
no
N/A
a file name
useVerifyScriptType
Verifies whether the default, revised, or replacement script gets used. If you require a revised or replacement script, use the default script and contact CA Services.
Required
Default Value
Valid Values
no
'DEFAULT'
'DEFAULT', 'REVISED' or 'REPLACEMENT'
revisedVerifyScriptFilename
Specifies the name of the file containing the revised verify script. The contents of the file is used as the revised script. We recommend that you use the default script and contact CA Services if you require a revised or replacement script.
Required
Default Value
Valid Values
no
N/A
a file name
userNameEntryPrompt
A regular expression that matches the prompt produced by the remote host when it requests a user name.
Required
Default Value
Valid Values
no
(?si).*?(login|username):.*?
valid regular expression syntax
passwordEntryPrompt
A regular expression that matches the prompt produced by the remote host when it requests a password.
Required
Default Value
Valid Values
no
(?si)(.*?password(\sfor|:).*?)
valid regular expression syntax
passwordConfirmationPrompt
A regular expression that matches the prompt produced by the remote host when it requests a password be confirmed.
Required
Default Value
Valid Values
no
AIX: (?si).*?new password.*?
All other platforms: (?si).*?password:.*?)
valid regular expression syntax
passwordChangePrompt
A regular expression that matches the prompt produced by the remote host when it requests that a password be changed because it has expired.
Required
Default Value
Valid Values
no
(?si).*?change your password.*?
valid regular expression syntax
Palo Alto Add Target Account External API Attributes
To add a Palo Alto target account that uses the target connector, use the following properties as members of the "attributes" associative array included in the 'body' parameter of the REST call:
useOtherAccountToChangePassword
Specifies whether to use the target account or a different account when updating the target account.
Required
Default Value
Valid Values
yes
false
true, false
otherAccount
Specifies which other account to use when updating the target account.
Required
Default Value
Valid Values
yes if
useOtherAccountToChangePassword
is true.
N/A
a valid target account ID.
protocol
Specifies the protocol to use for communicating with the remote host.
Required
Default Value
Valid Values
yes if
useOtherAccountToChangePassword
is false
SSH2_PASSWORD_AUTH
SSH2_PASSWORD_AUTH
pwType
The credential type; whether it pertains to a user or privileged (or "enable") account.
Required
Default Value
Valid Values
yes
user
user, privileged
useOtherPrivilegedAccount
Required
Default Value
Valid Values
yes
false
true, false
otherPrivilegedAccount
Required
Default Value
Valid Values
no
N/A
a valid target account ID
changeAuxLoginPassword
Required
Default Value
Valid Values
no
N/A
true, false
changeConsoleLoginPassword
Required
Default Value
Valid Values
yes
N/A
true, false
changeVtyLoginPassword
Required
Default Value
Valid Values
no
N/A
true, false
numVTYPorts
Required
Default Value
Valid Values
yes if
changeVtyLoginPassword
is true
N/A
1-15
Palo Alto Target Application External API Example
POST /api.php/v1/devices.json/{deviceId}/targetApplications { "applicationName": "PaloAltoApp", "applicationType": "PaloAlto", "description1": "sample descriptor1", "description2": "sample descriptor2", "attributes": { "sshPort": "", "sshSessionTimeout": "", "instance": "", "passwordEntryPrompt": "", "useVerifyScriptType": "DEFAULT", "passwordChangePrompt": "", "useUpdateScriptType": "DEFAULT", "sslPort": "", "userNameEntryPrompt": "", "scriptTimeout": "", "mbean": "", "port": "", "extensionType": "PaloAlto", "sslEnabled": "", "passwordConfirmationPrompt": "" }, "passwordCompositionPolicyId": null }
Palo Alto Target Account External API Example
PaloAlto Target Account external API example POST /api.php/v1/devices.json/{deviceId}/targetApplications/{applicationId}/targetAccounts { "accountName":"PaloAltoAcc", "attributes": { "pwType": "privileged", "otherAccount": "", "descriptor2": "", "discoveryGlobal": "f", "descriptor1": "", "discoveryAllowed": "f", "useOtherAccountToChangePassword": "f" }, "cacheBehavior":"useCacheFirst", "cacheDuration":"30", "password":"sample", "passwordViewPolicyId":1000, "privileged":"t", "synchronize":"f", "useAliasNameParameter":"f" }