Saucepan

User Tools

Site Tools

Trace: linux_networking user_id_group_mapping url_testing
paloaltonetworks:api:url_testing

This is an old revision of the document!

Table of Contents

PAN-OS API Test URL Category

Prefix all commands with 

https://10.1.1.1/api/?key=API_KEY

Check URL Category

&type=op&cmd=<test><url>URL_TO_BE_TESTED.COM</url></test>

If you want to process the URL category example, you can use the following. It produces the format <CATEOGORY> <URL> 

cat output.txt | grep Cloud | awk -F " " '{ print $2 " " $1 }' > processed-data.txt

Check URL Category from File List

Run the following file called 'evalutedomains.sh' as 

./evaluatedomains.sh listofdomains.txt

It will output to cleandata.csv 

#!/bin/bash

Counter=0

NameOfOutput=cleandata.csv

TotalLines=`wc -l $1 | awk -F " " '{print $1}'`

StartTime=`date`

echo " "
echo "Writing $TotalLines lines to $NameOfOutput"
echo "Starting at $StartTime"
echo " "

while IFS='' read -r LinefromFile || [[ -n "${LinefromFile}" ]]; do
  ((Counter++))

  KEY="asdfasdfasdfasdfSFBlaUUycjRCa3d0UFBqb289RUNkQS9JZEppRjRXYW82Z3ZQVlJ5VlFxanBWNEZjNXN3MmdZcGY1VUduasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfPQ=="

  CMD="<test><url>${LinefromFile}</url></test>"

  URL="https://10.1.1.1/api/?key=$KEY&type=op&cmd=$CMD"

  echo "Processing line $Counter of $TotalLines"
  curl --insecure -g -s -X GET $URL | grep Cloud | sed 's/(Cloud db)//g' | sed 's/\ /,/g' | sed 's/,,/,/g' |  sed 's/,$//g' >> $NameOfOutput

done < "$1"

echo " "
echo "************************************************************"
echo "Finished writing $TotalLines lines to $NameOfOutput"
echo "Start time  : $StartTime"
echo "Finish time : `date`"

Check DNS From File List

#!/bin/bash

Counter=0

NameOfOutput=cleandns.csv

TotalLines=`wc -l $1 | awk -F " " '{print $1}'`

StartTime=`date`

echo " "
echo "Writing $TotalLines lines to $NameOfOutput"
echo "Starting at $StartTime"
echo " "

while IFS='' read -r LinefromFile || [[ -n "${LinefromFile}" ]]; do
  ((Counter++))

  KEY="asdfasdfasdfasdfppRjRXYW82Z3ZQVlJ5VasdfasdfasdfasdfXN3MmdZcGY1VUduTUUxT2xRellOak9BUCtNV21UV0xTWWovUzBKMktasdfasdfasdfasdf=="

  CMD="<test><dns-proxy><dns-signature><fqdn>${LinefromFile}</fqdn></dns-signature></dns-proxy></test>"

  URL="https://192.168.99.10/api/?key=$KEY&type=op&cmd=$CMD"

  echo "Processing line $Counter of $TotalLines"
  curl --insecure -g -s -X GET $URL | grep result | sed s/\"//g | sed s/'{dns-signature: \[ {fqdn: '//g | sed s/'category: '//g | sed s/'ttl: '//g | sed s/}]}//g | sed s/"<\/result><\/response>"//g | sed s/"<response status=success><result>"//g >> $NameOfOutput

done < "$1"

echo " "
echo "************************************************************"
echo "Finished writing $TotalLines lines to $NameOfOutput"
echo "Start time  : $StartTime"
echo "Finish time : `date`"

#output
#{dns-signature: [ {fqdn: againforwardweek.top,category: 3,ttl: 300}]}
#categoriess
#0=benign
#1=malware
#2=c2
#3=phishing
#4=dynamic
#5=new
#6=grayware
#7=parked
#8=proxy
paloaltonetworks/api/url_testing.1644693221.txt.gz · Last modified: (external edit)