Palo Alto Target Connector External API Configuration
capam344
This topic describes the required and supported Attributes used when adding or updating a Palo Alto Target Application using the External API.
2
Palo Alto Add Target Application External API Attributes
To add or update a Palo Alto Target application using the External API, use the following properties as members of the "attributes" associative array included in the 'body' parameter of the REST call:
sshPort
Indicates the port that is used to connect to the host using SSH.
Required | Default Value | Valid Values |
no | 22 | 0-65535 |
sshSessionTimeout
When using an SSH connection, specifies the amount of time in milliseconds that Credential Manager waits for the remote host to respond.
Required | Default Value | Valid Values |
no | 5000 | 1000-99999 |
scriptTimeout
Specifies the amount of time in milliseconds that Credential Manager waits to receive some expected input from the remote host.
Required | Default Value | Valid Values |
no | 5000 | 5000-59999 |
useUpdateScriptType
Specifies whether the default, revised, or replacement update script should be used. If you require a revised or replacement script, use the default script and contact CA Services.
Required | Default Value | Valid Values |
no | 'DEFAULT' | 'DEFAULT', 'REVISED' or 'REPLACEMENT' |
revisedUpdateScriptFilename
Specifies the name of the file containing the revised update script. The contents of the file is used as the revised script. We recommend that you use the default script and contact CA Services if you require a revised or replacement script.
Required | Default Value | Valid Values |
no | N/A | a file name |
useVerifyScriptType
Verifies whether the default, revised, or replacement script gets used. If you require a revised or replacement script, use the default script and contact CA Services.
Required | Default Value | Valid Values |
no | 'DEFAULT' | 'DEFAULT', 'REVISED' or 'REPLACEMENT' |
revisedVerifyScriptFilename
Specifies the name of the file containing the revised verify script. The contents of the file is used as the revised script. We recommend that you use the default script and contact CA Services if you require a revised or replacement script.
Required | Default Value | Valid Values |
no | N/A | a file name |
userNameEntryPrompt
A regular expression that matches the prompt produced by the remote host when it requests a user name.
Required | Default Value | Valid Values |
no | (?si).*?(login|username):.*? | valid regular expression syntax |
passwordEntryPrompt
A regular expression that matches the prompt produced by the remote host when it requests a password.
Required | Default Value | Valid Values |
no | (?si)(.*?password(\sfor|:).*?) | valid regular expression syntax |
passwordConfirmationPrompt
A regular expression that matches the prompt produced by the remote host when it requests a password be confirmed.
Required | Default Value | Valid Values |
no | AIX: (?si).*?new password.*? All other platforms: (?si).*?password:.*?) | valid regular expression syntax |
passwordChangePrompt
A regular expression that matches the prompt produced by the remote host when it requests that a password be changed because it has expired.
Required | Default Value | Valid Values |
no | (?si).*?change your password.*? | valid regular expression syntax |
Palo Alto Add Target Account External API Attributes
To add a Palo Alto target account that uses the target connector, use the following properties as members of the "attributes" associative array included in the 'body' parameter of the REST call:
useOtherAccountToChangePassword
Specifies whether to use the target account or a different account when updating the target account.
Required | Default Value | Valid Values |
yes | false | true, false |
otherAccount
Specifies which other account to use when updating the target account.
Required | Default Value | Valid Values |
yes if useOtherAccountToChangePassword is true. | N/A | a valid target account ID. |
protocol
Specifies the protocol to use for communicating with the remote host.
Required | Default Value | Valid Values |
yes if useOtherAccountToChangePassword is false | SSH2_PASSWORD_AUTH | SSH2_PASSWORD_AUTH |
pwType
The credential type; whether it pertains to a user or privileged (or "enable") account.
Required | Default Value | Valid Values |
yes | user | user, privileged |
useOtherPrivilegedAccount
Required | Default Value | Valid Values |
yes | false | true, false |
otherPrivilegedAccount
Required | Default Value | Valid Values |
no | N/A | a valid target account ID |
changeAuxLoginPassword
Required | Default Value | Valid Values |
no | N/A | true, false |
changeConsoleLoginPassword
Required | Default Value | Valid Values |
yes | N/A | true, false |
changeVtyLoginPassword
Required | Default Value | Valid Values |
no | N/A | true, false |
numVTYPorts
Required | Default Value | Valid Values |
yes if changeVtyLoginPassword is true | N/A | 1-15 |
Palo Alto Target Application External API Example
POST /api.php/v1/devices.json/{deviceId}/targetApplications { "applicationName": "PaloAltoApp", "applicationType": "PaloAlto", "description1": "sample descriptor1", "description2": "sample descriptor2", "attributes": { "sshPort": "", "sshSessionTimeout": "", "instance": "", "passwordEntryPrompt": "", "useVerifyScriptType": "DEFAULT", "passwordChangePrompt": "", "useUpdateScriptType": "DEFAULT", "sslPort": "", "userNameEntryPrompt": "", "scriptTimeout": "", "mbean": "", "port": "", "extensionType": "PaloAlto", "sslEnabled": "", "passwordConfirmationPrompt": "" }, "passwordCompositionPolicyId": null }
Palo Alto Target Account External API Example
PaloAlto Target Account external API example POST /api.php/v1/devices.json/{deviceId}/targetApplications/{applicationId}/targetAccounts { "accountName":"PaloAltoAcc", "attributes": { "pwType": "privileged", "otherAccount": "", "descriptor2": "", "discoveryGlobal": "f", "descriptor1": "", "discoveryAllowed": "f", "useOtherAccountToChangePassword": "f" }, "cacheBehavior":"useCacheFirst", "cacheDuration":"30", "password":"sample", "passwordViewPolicyId":1000, "privileged":"t", "synchronize":"f", "useAliasNameParameter":"f" }