├── .gitignore ├── CONTRIBUTING.md ├── Collection_Runner ├── Bulk_Add_Cloud_Accounts │ ├── AWS │ │ ├── Bulk_Add_AWS_Accounts_CSV_CollectionRunner.postman_collection.json │ │ ├── README.md │ │ └── example_aws_accounts_input.csv │ └── Azure │ │ ├── Bulk_Add_Azure_Subscriptions_CSV_CollectionRunner.postman_collection.json │ │ ├── README.md │ │ └── example_azure_subscriptions_input.csv ├── Bulk_Add_User_CSV │ ├── Bulk_Add_User_CSV_CollectionRunner.postman_collection.json │ ├── README.md │ └── example_user_input.csv ├── Bulk_Alerts_Download │ └── Bulk_Alerts_Download.postman_collection.json ├── Bulk_Archive_Compute_Incidents │ ├── Bulk_Archive_Compute_Incidents.postman_collection.json │ ├── README.md │ └── example_event_archive.csv └── README.md ├── Compute Console.postman_collection.json ├── Identity based Microsegmentation.postman_collection.json ├── Images ├── Env1.png ├── Env2.png ├── Env3.png ├── Import1.png ├── Import2.png ├── Import3-ori.png ├── import3.png ├── userpassafter.png └── userpassbefore.png ├── LICENSE ├── Prisma Cloud.postman_collection.json ├── Prisma Cloud.postman_environment.json ├── README.md └── SUPPORT.md /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | .DS_Store 3 | Images/.DS_Store 4 | Images/.DS_Store 5 | Images/.DS_Store 6 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # How to contribute 2 | 3 | :+1::tada: First off, thanks for taking the time to contribute! :tada::+1: 4 | 5 | It's people like you that make security open source such a force in preventing 6 | successful cyber-attacks. Following these guidelines helps keep the project 7 | maintainable, easy to contribute to, and more secure. Thank you for taking the 8 | time to follow this guide. 9 | 10 | ## Where to start 11 | 12 | There are many ways to contribute. You can fix a bug, improve the documentation, 13 | submit bug reports and feature requests, or take a first shot at a feature you 14 | need for yourself. 15 | 16 | Pull requests are necessary for all contributions of code or documentation. 17 | 18 | ## New to open source? 19 | 20 | If you're **new to open source** and not sure what a pull request is, welcome!! 21 | We're glad to have you! All of us once had a contribution to make and didn't 22 | know where to start. 23 | 24 | Even if you don't write code for your job, don't worry, the skills you learn 25 | during your first contribution to open source can be applied in so many ways, 26 | you'll wonder what you ever did before you had this knowledge. It's worth 27 | learning. 28 | 29 | [Learn how to make a pull request](https://github.com/PaloAltoNetworks/.github/blob/master/Learn-GitHub.md#learn-how-to-make-a-pull-request) 30 | 31 | ## Fixing a typo, or a one or two line fix 32 | 33 | Many fixes require little effort or review, such as: 34 | 35 | > - Spelling / grammar, typos, white space and formatting changes 36 | > - Comment clean up 37 | > - Change logging messages or debugging output 38 | 39 | These small changes can be made directly in GitHub if you like. 40 | 41 | Click the pencil icon in GitHub above the file to edit the file directly in 42 | GitHub. This will automatically create a fork and pull request with the change. 43 | See: 44 | [Make a small change with a Pull Request](https://www.freecodecamp.org/news/how-to-make-your-first-pull-request-on-github/) 45 | 46 | ## Bug fixes and features 47 | 48 | For something that is bigger than a one or two line fix, go through the process 49 | of making a fork and pull request yourself: 50 | 51 | > 1. Create your own fork of the code 52 | > 2. Clone the fork locally 53 | > 3. Make the changes in your local clone 54 | > 4. Push the changes from local to your fork 55 | > 5. Create a pull request to pull the changes from your fork back into the 56 | > upstream repository 57 | 58 | Please use clear commit messages so we can understand what each commit does. 59 | We'll review every PR and might offer feedback or request changes before 60 | merging. 61 | -------------------------------------------------------------------------------- /Collection_Runner/Bulk_Add_Cloud_Accounts/AWS/Bulk_Add_AWS_Accounts_CSV_CollectionRunner.postman_collection.json: -------------------------------------------------------------------------------- 1 | { 2 | "info": { 3 | "_postman_id": "49a06be7-a911-4a76-92e2-233465bc2f2a", 4 | "name": "Bulk_Add_Cloud_Account_AWS", 5 | "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" 6 | }, 7 | "item": [ 8 | { 9 | "name": "Login Generate Token", 10 | "event": [ 11 | { 12 | "listen": "test", 13 | "script": { 14 | "exec": [ 15 | "var jsonData = JSON.parse(responseBody);", 16 | "postman.setEnvironmentVariable(\"token\", jsonData.token);" 17 | ], 18 | "type": "text/javascript" 19 | } 20 | } 21 | ], 22 | "request": { 23 | "method": "POST", 24 | "header": [ 25 | { 26 | "key": "accept", 27 | "value": "application/json; charset=UTF-8" 28 | }, 29 | { 30 | "key": "content-type", 31 | "value": "application/json" 32 | } 33 | ], 34 | "body": { 35 | "mode": "raw", 36 | "raw": "{\n \"username\": \"ACCESS KEY\",\n \"password\": \"SECRET KEY\"\n}" 37 | }, 38 | "url": { 39 | "raw": "https://{{api-endpoint}}/login", 40 | "protocol": "https", 41 | "host": [ 42 | "{{api-endpoint}}" 43 | ], 44 | "path": [ 45 | "login" 46 | ] 47 | }, 48 | "description": "Returns a JWT auth token for accessing the Prisma Cloud APIs. To generate a token, you must have an access key and include the following values in the request body parameter — access key ID as the username and your secret key as the password. Prisma Cloud requires this JWT in the request header to authorize API access." 49 | }, 50 | "response": [] 51 | }, 52 | { 53 | "name": "List Account Groups IDs", 54 | "request": { 55 | "method": "GET", 56 | "header": [ 57 | { 58 | "key": "accept", 59 | "type": "text", 60 | "value": "application/json; charset=UTF-8" 61 | }, 62 | { 63 | "key": "content-type", 64 | "type": "text", 65 | "value": "application/json" 66 | }, 67 | { 68 | "key": "x-redlock-auth", 69 | "type": "text", 70 | "value": "{{token}}" 71 | } 72 | ], 73 | "url": { 74 | "raw": "https://{{api-endpoint}}/cloud/group", 75 | "protocol": "https", 76 | "host": [ 77 | "{{api-endpoint}}" 78 | ], 79 | "path": [ 80 | "cloud", 81 | "group" 82 | ] 83 | }, 84 | "description": "Lists all accounts groups and cloud accounts in the current Prisma Cloud tenant. " 85 | }, 86 | "response": [] 87 | }, 88 | { 89 | "name": "Add Cloud Account (AWS)", 90 | "request": { 91 | "method": "POST", 92 | "header": [ 93 | { 94 | "key": "accept", 95 | "type": "text", 96 | "value": "application/json; charset=UTF-8" 97 | }, 98 | { 99 | "key": "content-type", 100 | "type": "text", 101 | "value": "application/json" 102 | }, 103 | { 104 | "key": "x-redlock-auth", 105 | "type": "text", 106 | "value": "{{token}}" 107 | } 108 | ], 109 | "body": { 110 | "mode": "raw", 111 | "raw": "{\n\t\"accountId\":\"{{ACCOUNTID}}\",\n\t\"enabled\":true,\n\t\"externalId\":\"{{EXTERNALID}}\",\n\t\"groupIds\": [\"ACCOUNT_GROUP_ID_1\", \"ACCOUNT_GROUP_ID_2\"],\n\t\"name\":\"{{AWSACCOUNTNAME}}\",\n\t\"roleArn\":\"{{AWSROLEARN}}\",\n \"protectionMode\": \"MONITOR_AND_PROTECT\"\n}" 112 | }, 113 | "url": { 114 | "raw": "https://{{api-endpoint}}/cloud/aws", 115 | "protocol": "https", 116 | "host": [ 117 | "{{api-endpoint}}" 118 | ], 119 | "path": [ 120 | "cloud", 121 | "aws" 122 | ] 123 | }, 124 | "description": "Adds a new AWS Cloud Account from the body parameters" 125 | }, 126 | "response": [] 127 | } 128 | ] 129 | } -------------------------------------------------------------------------------- /Collection_Runner/Bulk_Add_Cloud_Accounts/AWS/README.md: -------------------------------------------------------------------------------- 1 | # This Collection Runner example is to add AWS Accounts from the input CSV 2 | 3 | For all examples here, it is assumed you are using the existing **Postman environment** from [the main repo here](https://github.com/PaloAltoNetworks/pcs-postman) 4 | 5 | ## Setup 6 | 7 | 1. Within the attached Collection, go to the **Login Generate Token** POST request, and on the Body tab, enter a valid ACCESS and SECRET key to generate your JWT token. [More info can be found here if required](https://github.com/PaloAltoNetworks/pcs-postman#set-your-access-and-secret-key-in-the-username-and-password-fields-in-the-body-of-the-login-and-authenticate-requests) 8 | 9 | 2. Looking at the CSV of accounts, the input file needs to match the data like below: 10 | 11 | (Note, there are a few other options and inputs you can pass, on the to-do list to update that here) 12 | 13 | | ACCOUNTID | EXTERNALID | AWSACCOUNTNAME | AWSROLEARN | 14 | |------------|------------------|-----------------|-------------------------------------------------------| 15 | | 1234567890 | abcdef-ghijklmno | AWS Account 123 | arn:aws:iam::1234567890:role/PrismaCloudReadWriteRole | 16 | | 0987654321 | pqrstu-vwxyzabcd | AWS Account 789 | arn:aws:iam::0987654321:role/PrismaCloudReadWriteRole | 17 | 18 | ### There are also other fields in the CSV you could add. A *GROUPID*, *PROTECTIONMODE*, etc 19 | 20 | The **groupIds** field directly correlates to the **groupIds** in the Body of **Add Cloud Account** POST, since you can pass more than one Account Group based on the structure of the subscriptions. 21 | 22 | The easiest way to get these ID(s) is to run the included **List Account Groups** GET request, see which Group or Group IDs you want to assign, and get the corresponding *id* from there. 23 | 24 | **ProtectionMode** could be either *MONITOR* or *MONITOR_AND_PROTECT* 25 | 26 | ## Steps to iterate the CSV using the Collection Runner 27 | 28 | 1. After you have the above Collection imported and your Access/Secret key setup, click the main collection folder on the left, and then click the **"Run"** tab at the top-right of Postman. 29 | 30 | * **Environment** 31 | 32 | Choose the existing **Prisma Cloud** environment imported for the [main repo](https://github.com/PaloAltoNetworks/pcs-postman/blob/main/Prisma%20Cloud.postman_environment.json) 33 | 34 | * **Data** 35 | 36 | Upload the completed CSV here, and you are then able to see the number of *Iterations* (basically the amount of cloud accounts to be added) as well as view the *Preview* of what data Postman sees within your CSV. This is also where you should double-check the formatting of the CSV to make sure everything looks correct. 37 | 38 | ## That should be it! 39 | 40 | You should see the Collection Runner "Run Results" iterate through all of the rows of your CSV and add all the cloud accounts. 41 | 42 | * Quick Troubleshooting 43 | 44 | If getting any errors, check this: 45 | 46 | | Error | Did you check? | 47 | |------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| 48 | | POST Error | Make sure you imported the Prisma Cloud Postman Environment, and you set the correct [API endpoint](https://github.com/PaloAltoNetworks/pcs-postman#instructions-on-how-to-setup-the-postman-collections-and-environments-relating-to-prisma-cloud-including-compute-console-api-requests) | 49 | | 400 Bad Request | If you are getting 200s for the Login POST and List Account Groups GET, and only a 400 for the actual Add User POST, check your CSV format | 50 | | 401 Unauthorized | Make sure you set the proper Access/Secret key in the /BODY of the Login request | 51 | 52 | _As always, if anything is incorrect or needs updated, please submit a PR and we will take a look._ -------------------------------------------------------------------------------- /Collection_Runner/Bulk_Add_Cloud_Accounts/AWS/example_aws_accounts_input.csv: -------------------------------------------------------------------------------- 1 | ACCOUNTID,EXTERNALID,AWSACCOUNTNAME,AWSROLEARN 2 | 1234567890,abcdef-ghijklmno,AWS Account 123,arn:aws:iam::1234567890:role/PrismaCloudReadWriteRole 3 | 0987654321,pqrstu-vwxyzabcd,AWS Account 789,arn:aws:iam::0987654321:role/PrismaCloudReadWriteRole -------------------------------------------------------------------------------- /Collection_Runner/Bulk_Add_Cloud_Accounts/Azure/Bulk_Add_Azure_Subscriptions_CSV_CollectionRunner.postman_collection.json: -------------------------------------------------------------------------------- 1 | { 2 | "info": { 3 | "_postman_id": "a444b129-1e59-42c7-b3c8-237d7cb9bb40", 4 | "name": "Bulk_Add_Cloud_Account_Azure", 5 | "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" 6 | }, 7 | "item": [ 8 | { 9 | "name": "Login Generate Token", 10 | "event": [ 11 | { 12 | "listen": "test", 13 | "script": { 14 | "exec": [ 15 | "var jsonData = JSON.parse(responseBody);", 16 | "postman.setEnvironmentVariable(\"token\", jsonData.token);" 17 | ], 18 | "type": "text/javascript" 19 | } 20 | } 21 | ], 22 | "request": { 23 | "method": "POST", 24 | "header": [ 25 | { 26 | "key": "accept", 27 | "value": "application/json; charset=UTF-8" 28 | }, 29 | { 30 | "key": "content-type", 31 | "value": "application/json" 32 | } 33 | ], 34 | "body": { 35 | "mode": "raw", 36 | "raw": "{\n \"username\": \"ACCESS KEY\",\n \"password\": \"SECRET KEY\"\n}" 37 | }, 38 | "url": { 39 | "raw": "https://{{api-endpoint}}/login", 40 | "protocol": "https", 41 | "host": [ 42 | "{{api-endpoint}}" 43 | ], 44 | "path": [ 45 | "login" 46 | ] 47 | }, 48 | "description": "Returns a JWT auth token for accessing the Prisma Cloud APIs. To generate a token, you must have an access key and include the following values in the request body parameter — access key ID as the username and your secret key as the password. Prisma Cloud requires this JWT in the request header to authorize API access." 49 | }, 50 | "response": [] 51 | }, 52 | { 53 | "name": "List Account Groups IDs", 54 | "request": { 55 | "method": "GET", 56 | "header": [ 57 | { 58 | "key": "accept", 59 | "type": "text", 60 | "value": "application/json; charset=UTF-8" 61 | }, 62 | { 63 | "key": "content-type", 64 | "type": "text", 65 | "value": "application/json" 66 | }, 67 | { 68 | "key": "x-redlock-auth", 69 | "type": "text", 70 | "value": "{{token}}" 71 | } 72 | ], 73 | "url": { 74 | "raw": "https://{{api-endpoint}}/cloud/group", 75 | "protocol": "https", 76 | "host": [ 77 | "{{api-endpoint}}" 78 | ], 79 | "path": [ 80 | "cloud", 81 | "group" 82 | ] 83 | }, 84 | "description": "Lists all accounts groups and cloud accounts in the current Prisma Cloud tenant. " 85 | }, 86 | "response": [] 87 | }, 88 | { 89 | "name": "Add Cloud Account (Azure)", 90 | "request": { 91 | "method": "POST", 92 | "header": [ 93 | { 94 | "key": "accept", 95 | "type": "text", 96 | "value": "application/json; charset=UTF-8" 97 | }, 98 | { 99 | "key": "content-type", 100 | "type": "text", 101 | "value": "application/json" 102 | }, 103 | { 104 | "key": "x-redlock-auth", 105 | "type": "text", 106 | "value": "{{token}}" 107 | } 108 | ], 109 | "body": { 110 | "mode": "raw", 111 | "raw": "{\n \"cloudAccount\": \n {\n \"accountId\": \"{{SUBID}}\",\n \"enabled\": true,\n \"groupIds\": [\"GROUP_ID_HERE\"],\n \"name\": \"{{SUBNAME}}\",\n \"accountType\": \"account\",\n \"protectionMode\": \"MONITOR\"\n },\n \"clientId\": \"APPLICATION_ID_HERE\",\n \"key\": \"CLIENT_SECRET_HERE\",\n \"monitorFlowLogs\": true,\n \"tenantId\": \"AZURE_TENANT_ID_HERE\",\n \"servicePrincipalId\": \"ENTERPRISE_OBJECT_ID_HERE\"\n}" 112 | }, 113 | "url": { 114 | "raw": "https://{{api-endpoint}}/cloud/azure", 115 | "protocol": "https", 116 | "host": [ 117 | "{{api-endpoint}}" 118 | ], 119 | "path": [ 120 | "cloud", 121 | "azure" 122 | ] 123 | }, 124 | "description": "Adds a new Azure Cloud Account from the body parameters" 125 | }, 126 | "response": [] 127 | } 128 | ] 129 | } -------------------------------------------------------------------------------- /Collection_Runner/Bulk_Add_Cloud_Accounts/Azure/README.md: -------------------------------------------------------------------------------- 1 | # This Collection Runner example is to add Azure Subscriptions from the input CSV 2 | 3 | For all examples here, it is assumed you are using the existing **Postman environment** from [the main repo here](https://github.com/PaloAltoNetworks/pcs-postman) 4 | 5 | ## Setup 6 | 7 | 1. Within the attached Collection, go to the **Login Generate Token** POST request, and on the Body tab, enter a valid ACCESS and SECRET key to generate your JWT token. [More info can be found here if required](https://github.com/PaloAltoNetworks/pcs-postman#set-your-access-and-secret-key-in-the-username-and-password-fields-in-the-body-of-the-login-and-authenticate-requests) 8 | 9 | 10 | 1. Looking at the CSV of subscriptions, the input file needs to match the data like below: 11 | 12 | (Note, there are a few other options and inputs you can pass, on the to-do list to update that here) 13 | 14 | 15 | SUBID | SUBNAME 16 | ------------ | ------------- 17 | 1234-567890-abcdefg | Subscription-name-example1 18 | gfedcba-098765-4321 | Example2-subscription-name 19 | 20 | ### There is also one other field in the CSV you could add, a *GROUPID* field. 21 | 22 | This field directly correlates to the **groupIds** in the Body of **Add Cloud Account** POST, since you can pass more than one Account Group based on the structure of the subscriptions. 23 | 24 | The easiest way to get these ID(s) is to run the included **List Account Groups** GET request, see which Group or Group IDs you want to assign, and get the corresponding *id* from there. 25 | 26 | ## Steps to iterate the CSV using the Collection Runner 27 | 28 | 1. After you have the above Collection imported and your Access/Secret key setup, click the main collection folder on the left, and then click the **"Run"** tab at the top-right of Postman. 29 | 30 | * **Environment** 31 | 32 | Choose the existing **Prisma Cloud** environmented imported for the [main repo](https://github.com/PaloAltoNetworks/pcs-postman/blob/main/Prisma%20Cloud.postman_environment.json) 33 | 34 | * **Data** 35 | 36 | Upload the completed CSV here, and you are then able to see the number of *Iterations* (basically the amount of cloud accounts to be added) as well as view the *Preview* of what data Postman sees within your CSV. This is also where you should double-check the formatting of the CSV to make sure everything looks correct. 37 | 38 | ## That should be it! 39 | 40 | You should see the Collection Runner "Run Results" iterate through all of the rows of your CSV and add all the cloud accounts. 41 | 42 | * Quick Troubleshooting 43 | 44 | If getting any errors, check this: 45 | 46 | Error | Did you check? 47 | ------------ | ------------- 48 | POST Error | Make sure you imported the Prisma Cloud Postman Environment, and you set the correct [API endpoint](https://github.com/PaloAltoNetworks/pcs-postman#instructions-on-how-to-setup-the-postman-collections-and-environments-relating-to-prisma-cloud-including-compute-console-api-requests) 49 | 400 Bad Request | If you are getting 200s for the Login POST and List Account Groups GET, and only a 400 for the actual Add User POST, check your CSV format 50 | 401 Unauthorized | Make sure you set the proper Access/Secret key in the /BODY of the Login request 51 | 52 | As always, if anything is incorrect or needs updated, please submit a PR and will take a look. -------------------------------------------------------------------------------- /Collection_Runner/Bulk_Add_Cloud_Accounts/Azure/example_azure_subscriptions_input.csv: -------------------------------------------------------------------------------- 1 | SUBID,SUBNAME 2 | 1234-567890-abcdefg,Subscription-name-example1 3 | gfedcba-098765-4321,Example2-subscription-name -------------------------------------------------------------------------------- /Collection_Runner/Bulk_Add_User_CSV/Bulk_Add_User_CSV_CollectionRunner.postman_collection.json: -------------------------------------------------------------------------------- 1 | { 2 | "info": { 3 | "_postman_id": "c650416e-58dc-4342-aeb9-ba644dfd10f8", 4 | "name": "Bulk_Add_User_CSV_CollectionRunner", 5 | "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" 6 | }, 7 | "item": [ 8 | { 9 | "name": "Login Generate Token", 10 | "event": [ 11 | { 12 | "listen": "test", 13 | "script": { 14 | "id": "02eac0e0-b896-4d47-a017-0973cf99867e", 15 | "exec": [ 16 | "var jsonData = JSON.parse(responseBody);", 17 | "postman.setEnvironmentVariable(\"token\", jsonData.token);" 18 | ], 19 | "type": "text/javascript" 20 | } 21 | } 22 | ], 23 | "request": { 24 | "method": "POST", 25 | "header": [ 26 | { 27 | "key": "accept", 28 | "value": "application/json; charset=UTF-8" 29 | }, 30 | { 31 | "key": "content-type", 32 | "value": "application/json" 33 | } 34 | ], 35 | "body": { 36 | "mode": "raw", 37 | "raw": "{\n \"username\": \"ACCESS KEY\",\n \"password\": \"SECRET KEY\"\n}" 38 | }, 39 | "url": { 40 | "raw": "https://{{api-endpoint}}/login", 41 | "protocol": "https", 42 | "host": [ 43 | "{{api-endpoint}}" 44 | ], 45 | "path": [ 46 | "login" 47 | ] 48 | }, 49 | "description": "Returns a JWT auth token for accessing the Prisma Cloud APIs. To generate a token, you must have an access key and include the following values in the request body parameter — access key ID as the username and your secret key as the password. Prisma Cloud requires this JWT in the request header to authorize API access." 50 | }, 51 | "response": [] 52 | }, 53 | { 54 | "name": "List User Roles", 55 | "request": { 56 | "method": "GET", 57 | "header": [ 58 | { 59 | "key": "accept", 60 | "type": "text", 61 | "value": "application/json; charset=UTF-8" 62 | }, 63 | { 64 | "key": "content-type", 65 | "type": "text", 66 | "value": "application/json" 67 | }, 68 | { 69 | "key": "x-redlock-auth", 70 | "type": "text", 71 | "value": "{{token}}" 72 | } 73 | ], 74 | "url": { 75 | "raw": "https://{{api-endpoint}}/user/role", 76 | "protocol": "https", 77 | "host": [ 78 | "{{api-endpoint}}" 79 | ], 80 | "path": [ 81 | "user", 82 | "role" 83 | ] 84 | }, 85 | "description": "Lists all accounts and associated Roles in the current Prisma Cloud tenant. " 86 | }, 87 | "response": [] 88 | }, 89 | { 90 | "name": "Add New User Profile v2", 91 | "event": [ 92 | { 93 | "listen": "test", 94 | "script": { 95 | "id": "7d1c2415-1091-4a95-9f65-991b5a6371c6", 96 | "exec": [ 97 | "" 98 | ], 99 | "type": "text/javascript" 100 | } 101 | } 102 | ], 103 | "request": { 104 | "method": "POST", 105 | "header": [ 106 | { 107 | "key": "accept", 108 | "type": "text", 109 | "value": "application/json; charset=UTF-8" 110 | }, 111 | { 112 | "key": "content-type", 113 | "type": "text", 114 | "value": "application/json" 115 | }, 116 | { 117 | "key": "x-redlock-auth", 118 | "type": "text", 119 | "value": "{{token}}" 120 | } 121 | ], 122 | "body": { 123 | "mode": "raw", 124 | "raw": "{\n \"roleIds\":[\"{{defaultRoleId}}\"],\n \"email\":\"{{email}}\",\n \"firstName\":\"{{firstName}}\",\n \"lastName\":\"{{lastName}}\",\n \"timeZone\":\"{{timeZone}}\",\n \"accessKeysAllowed\":{{accessKeysAllowed}},\n \"defaultRoleId\":\"{{defaultRoleId}}\"\n}" 125 | }, 126 | "url": { 127 | "raw": "https://{{api-endpoint}}/v2/user", 128 | "protocol": "https", 129 | "host": [ 130 | "{{api-endpoint}}" 131 | ], 132 | "path": [ 133 | "v2", 134 | "user" 135 | ] 136 | }, 137 | "description": "Creates a new users profile. You need to query a valid ROLE_ID before executing here with a List User Roles GET call. " 138 | }, 139 | "response": [] 140 | } 141 | ], 142 | "protocolProfileBehavior": {} 143 | } -------------------------------------------------------------------------------- /Collection_Runner/Bulk_Add_User_CSV/README.md: -------------------------------------------------------------------------------- 1 | # This Collection Runner example is to add users from the input CSV 2 | 3 | For all examples here, it is assumed you are using the existing **Postman environment** from [the main repo here](https://github.com/PaloAltoNetworks/pcs-postman) 4 | 5 | ## Setup 6 | 7 | 1. Within the attached Collection, go to the **Login Generate Token** POST request, and on the Body tab, enter a valid ACCESS and SECRET key to generate your JWT token. [More info can be found here if required](https://github.com/PaloAltoNetworks/pcs-postman#set-your-access-and-secret-key-in-the-username-and-password-fields-in-the-body-of-the-login-and-authenticate-requests) 8 | 9 | 10 | 1. Looking at the CSV of users, the input file needs to match the data like below: 11 | 12 | (Note, there are a few other options and inputs you can pass, on the to-do list to update that here) 13 | 14 | 15 | | email | firstName | lastName | timeZone | accessKeysAllowed | defaultRoleId | 16 | |-----------------|-----------|----------|------------------|-------------------|-------------------------------| 17 | | user01@test.com | Test01 | User01 | GMT | false | role-id-from-ROLE-GET-request | 18 | | user05@test.com | Test05 | User05 | America/New_York | true | role-id-from-ROLE-GET-request | 19 | 20 | ### There is also one other field in the CSV you need more information for, the *roleId* field. 21 | 22 | This field directly correlates to the **Default Role** and **Assigned Role** these users will get added to during account creation. 23 | 24 | The easiest way to get these IDs is to run the included **List User Roles** GET request, see which Role you want to assign, and get the corresponding *roleId* from there. 25 | 26 | ## Steps to iterate the CSV using the Collection Runner 27 | 28 | 1. After you have the above Collection imported and your Access/Secret key setup, click the main collection folder on the left, and then click the **"Run"** tab at the top-right of Postman. 29 | 30 | * **Environment** 31 | 32 | Choose the existing **Prisma Cloud** environmented imported for the [main repo](https://github.com/PaloAltoNetworks/pcs-postman/blob/main/Prisma%20Cloud.postman_environment.json) 33 | 34 | * **Data** 35 | 36 | Upload the completed CSV, and you are then able to see the number of *Iterations* (basically the amount of users to be added) as well as view the *Preview* of what data Postman sees within your CSV. This is also where you should double-check the formatting of the CSV to make sure everything looks correct. 37 | 38 | ## That should be it! 39 | 40 | You should see the Collection Runner "Run Results" iterate through all of the rows of your CSV and add all the users. 41 | 42 | ## Troubleshooting 43 | 44 | If getting any errors, check this: 45 | 46 | | Error | Did you check? | 47 | |------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| 48 | | POST Error | Make sure you imported the Prisma Cloud Postman Environment, and you set the correct [API endpoint](https://github.com/PaloAltoNetworks/pcs-postman#instructions-on-how-to-setup-the-postman-collections-and-environments-relating-to-prisma-cloud-including-compute-console-api-requests) | 49 | | 400 Bad Request | If you are getting 200s for the Login POST and List Roles GET, and only a 400 for the actual Add User POST, check your CSV format | 50 | | 401 Unauthorized | Make sure you set the proper Access/Secret key in the /BODY of the Login request | 51 | 52 | 53 | _As always, if anything is incorrect or needs updated, please submit a PR and we will take a look._ -------------------------------------------------------------------------------- /Collection_Runner/Bulk_Add_User_CSV/example_user_input.csv: -------------------------------------------------------------------------------- 1 | email,firstName,lastName,timeZone,accessKeysAllowed,defaultRoleId 2 | user01@test.com,Test01,User01,GMT,false,role-id-from-ROLE-GET-request 3 | user05@test.com,Test05,User05,America/New_York,true,role-id-from-ROLE-GET-request 4 | -------------------------------------------------------------------------------- /Collection_Runner/Bulk_Alerts_Download/Bulk_Alerts_Download.postman_collection.json: -------------------------------------------------------------------------------- 1 | { 2 | "info": { 3 | "_postman_id": "efd9839b-b0f2-4137-b014-a7e2e6513b9e", 4 | "name": "Bulk_Download_Alerts", 5 | "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", 6 | "_exporter_id": "17817753" 7 | }, 8 | "item": [ 9 | { 10 | "name": "Login", 11 | "event": [ 12 | { 13 | "listen": "test", 14 | "script": { 15 | "exec": [ 16 | "var jsonData = JSON.parse(responseBody);", 17 | "postman.setEnvironmentVariable(\"token\", jsonData.token);" 18 | ], 19 | "type": "text/javascript" 20 | } 21 | } 22 | ], 23 | "request": { 24 | "method": "POST", 25 | "header": [ 26 | { 27 | "key": "accept", 28 | "value": "application/json; charset=UTF-8" 29 | }, 30 | { 31 | "key": "content-type", 32 | "value": "application/json" 33 | } 34 | ], 35 | "body": { 36 | "mode": "raw", 37 | "raw": "{\n \"username\": \"{{ACCESS_KEY}}\",\n \"password\": \"{{SECRET_KEY}}\"\n}" 38 | }, 39 | "url": { 40 | "raw": "https://{{api-endpoint}}/login", 41 | "protocol": "https", 42 | "host": [ 43 | "{{api-endpoint}}" 44 | ], 45 | "path": [ 46 | "login" 47 | ] 48 | }, 49 | "description": "Returns a JWT auth token for accessing the Prisma Cloud APIs. To generate a token, you must have an access key and include the following values in the request body parameter — access key ID as the username and your secret key as the password. Prisma Cloud requires this JWT in the request header to authorize API access." 50 | }, 51 | "response": [] 52 | }, 53 | { 54 | "name": "Submit Job to List Alerts - JSON", 55 | "event": [ 56 | { 57 | "listen": "test", 58 | "script": { 59 | "exec": [ 60 | "var jsonData = JSON.parse(responseBody);", 61 | "postman.setEnvironmentVariable(\"statusUri\", jsonData.statusUri);" 62 | ], 63 | "type": "text/javascript" 64 | } 65 | } 66 | ], 67 | "request": { 68 | "auth": { 69 | "type": "noauth" 70 | }, 71 | "method": "POST", 72 | "header": [ 73 | { 74 | "key": "Content-Type", 75 | "name": "Content-Type", 76 | "type": "text", 77 | "value": "application/json" 78 | }, 79 | { 80 | "key": "x-redlock-auth", 81 | "type": "text", 82 | "value": "{{token}}" 83 | } 84 | ], 85 | "body": { 86 | "mode": "raw", 87 | "raw": "{\n \"timeRange\": {\n \"value\": {\n \"unit\": \"day\",\n \"amount\": 1\n },\n \"type\": \"relative\"\n },\n \"filters\": [\n {\n \"name\": \"alert.status\",\n \"value\": \"open\",\n \"operator\": \"=\"\n }\n ],\n \"fields\": [\n \"alert.id\",\n \"alert.status\",\n \"alert.time\",\n \"cloud.account\",\n \"cloud.accountId\",\n \"cloud.region\",\n \"resource.id\",\n \"resource.name\",\n \"policy.name\",\n \"policy.type\",\n \"policy.severity\"\n ]\n}" 88 | }, 89 | "url": { 90 | "raw": "https://{{api-endpoint}}/alert/jobs", 91 | "protocol": "https", 92 | "host": [ 93 | "{{api-endpoint}}" 94 | ], 95 | "path": [ 96 | "alert", 97 | "jobs" 98 | ] 99 | }, 100 | "description": "Returns an object whose keys are the available policy filters. The corresponding values are default or recently set filter options" 101 | }, 102 | "response": [] 103 | }, 104 | { 105 | "name": "Submit Job to List Alerts - CSV", 106 | "event": [ 107 | { 108 | "listen": "test", 109 | "script": { 110 | "exec": [ 111 | "var jsonData = JSON.parse(responseBody);", 112 | "postman.setEnvironmentVariable(\"statusUri\", jsonData.statusUri);" 113 | ], 114 | "type": "text/javascript" 115 | } 116 | } 117 | ], 118 | "request": { 119 | "auth": { 120 | "type": "noauth" 121 | }, 122 | "method": "POST", 123 | "header": [ 124 | { 125 | "key": "Content-Type", 126 | "name": "Content-Type", 127 | "type": "text", 128 | "value": "application/json" 129 | }, 130 | { 131 | "key": "x-redlock-auth", 132 | "type": "text", 133 | "value": "{{token}}" 134 | } 135 | ], 136 | "body": { 137 | "mode": "raw", 138 | "raw": "{\n \"timeRange\": {\n \"value\": {\n \"unit\": \"day\",\n \"amount\": 1\n },\n \"type\": \"relative\"\n },\n \"filters\": [\n {\n \"name\": \"alert.status\",\n \"value\": \"open\",\n \"operator\": \"=\"\n }\n ],\n \"fields\": [\n \"alert.id\",\n \"alert.status\",\n \"alert.time\",\n \"cloud.account\",\n \"cloud.accountId\",\n \"cloud.region\",\n \"resource.id\",\n \"resource.name\",\n \"policy.name\",\n \"policy.type\",\n \"policy.severity\"\n ]\n}" 139 | }, 140 | "url": { 141 | "raw": "https://{{api-endpoint}}/alert/csv", 142 | "protocol": "https", 143 | "host": [ 144 | "{{api-endpoint}}" 145 | ], 146 | "path": [ 147 | "alert", 148 | "csv" 149 | ] 150 | }, 151 | "description": "Returns an object whose keys are the available policy filters. The corresponding values are default or recently set filter options" 152 | }, 153 | "response": [] 154 | }, 155 | { 156 | "name": "Get Alerts List Job Status", 157 | "event": [ 158 | { 159 | "listen": "test", 160 | "script": { 161 | "exec": [ 162 | "var jsonData = JSON.parse(responseBody);", 163 | "if (jsonData.status == \"READY_TO_DOWNLOAD\") {", 164 | " postman.setEnvironmentVariable(\"downloadUri\", jsonData.downloadUri);", 165 | " postman.setEnvironmentVariable(\"statusUri\", \"\");", 166 | "}", 167 | "else {", 168 | " postman.setEnvironmentVariable(\"downloadUri\", \"\");", 169 | "}" 170 | ], 171 | "type": "text/javascript" 172 | } 173 | } 174 | ], 175 | "protocolProfileBehavior": { 176 | "disableBodyPruning": true 177 | }, 178 | "request": { 179 | "auth": { 180 | "type": "noauth" 181 | }, 182 | "method": "GET", 183 | "header": [ 184 | { 185 | "key": "Content-Type", 186 | "name": "Content-Type", 187 | "value": "application/json", 188 | "type": "text" 189 | }, 190 | { 191 | "key": "x-redlock-auth", 192 | "value": "{{token}}", 193 | "type": "text" 194 | } 195 | ], 196 | "body": { 197 | "mode": "raw", 198 | "raw": "{\r\n\t\"detailed\": true,\r\n\t\"filters\": [\r\n {\r\n \"operator\": \"=\",\r\n \"name\": \"account.group\",\r\n \"value\": \"{{ACCOUNT_GROUP}}\"\r\n }\r\n\t\t{\r\n\t\t\t\"operator\": \"=\",\r\n\t\t\t\"name\": \"alert.status\",\r\n\t\t\t\"value\": \"open\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"operator\": \"=\",\r\n\t\t\t\"name\": \"alert.status\",\r\n\t\t\t\"value\": \"dismissed\"\r\n\t\t},\r\n {\r\n\t\t\t\"operator\": \"=\",\r\n\t\t\t\"name\": \"alert.status\",\r\n\t\t\t\"value\": \"snoozed\"\r\n\t\t},\r\n {\r\n\t\t\t\"operator\": \"=\",\r\n\t\t\t\"name\": \"alert.status\",\r\n\t\t\t\"value\": \"resolved\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"operator\": \"=\",\r\n\t\t\t\"name\": \"policy.type\",\r\n\t\t\t\"value\": \"config\"\r\n\t\t}\r\n\t\t],\r\n\t\t\"timeRange\": {\r\n\t\t\t\"type\": \"relative\",\r\n\t\t\t\"value\": {\r\n\t\t\t\t\"amount\": 1, \r\n\t\t\t\t\"unit\": \"day\"\r\n\t\t\t}\r\n\t\t},\r\n\t\t\"sortBy\": [\"id:asc\"],\r\n\t\t\"offset\": 0,\r\n\t\t\"limit\": 5000\r\n}\r\n" 199 | }, 200 | "url": { 201 | "raw": "https://{{api-endpoint}}{{statusUri}}", 202 | "protocol": "https", 203 | "host": [ 204 | "{{api-endpoint}}{{statusUri}}" 205 | ] 206 | }, 207 | "description": "Returns a paginated list of alerts from the Prisma Cloud platform.\n\n" 208 | }, 209 | "response": [] 210 | }, 211 | { 212 | "name": "Download Alerts List", 213 | "event": [ 214 | { 215 | "listen": "test", 216 | "script": { 217 | "exec": [ 218 | "" 219 | ], 220 | "type": "text/javascript" 221 | } 222 | } 223 | ], 224 | "protocolProfileBehavior": { 225 | "disableBodyPruning": true 226 | }, 227 | "request": { 228 | "auth": { 229 | "type": "noauth" 230 | }, 231 | "method": "GET", 232 | "header": [ 233 | { 234 | "key": "Content-Type", 235 | "name": "Content-Type", 236 | "value": "application/json", 237 | "type": "text" 238 | }, 239 | { 240 | "key": "x-redlock-auth", 241 | "value": "{{token}}", 242 | "type": "text" 243 | } 244 | ], 245 | "body": { 246 | "mode": "raw", 247 | "raw": "{\r\n\t\"detailed\": true,\r\n\t\"filters\": [\r\n {\r\n \"operator\": \"=\",\r\n \"name\": \"account.group\",\r\n \"value\": \"{{ACCOUNT_GROUP}}\"\r\n }\r\n\t\t{\r\n\t\t\t\"operator\": \"=\",\r\n\t\t\t\"name\": \"alert.status\",\r\n\t\t\t\"value\": \"open\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"operator\": \"=\",\r\n\t\t\t\"name\": \"alert.status\",\r\n\t\t\t\"value\": \"dismissed\"\r\n\t\t},\r\n {\r\n\t\t\t\"operator\": \"=\",\r\n\t\t\t\"name\": \"alert.status\",\r\n\t\t\t\"value\": \"snoozed\"\r\n\t\t},\r\n {\r\n\t\t\t\"operator\": \"=\",\r\n\t\t\t\"name\": \"alert.status\",\r\n\t\t\t\"value\": \"resolved\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"operator\": \"=\",\r\n\t\t\t\"name\": \"policy.type\",\r\n\t\t\t\"value\": \"config\"\r\n\t\t}\r\n\t\t],\r\n\t\t\"timeRange\": {\r\n\t\t\t\"type\": \"relative\",\r\n\t\t\t\"value\": {\r\n\t\t\t\t\"amount\": 1, \r\n\t\t\t\t\"unit\": \"day\"\r\n\t\t\t}\r\n\t\t},\r\n\t\t\"sortBy\": [\"id:asc\"],\r\n\t\t\"offset\": 0,\r\n\t\t\"limit\": 5000\r\n}\r\n" 248 | }, 249 | "url": { 250 | "raw": "https://{{api-endpoint}}{{downloadUri}}", 251 | "protocol": "https", 252 | "host": [ 253 | "{{api-endpoint}}{{downloadUri}}" 254 | ] 255 | }, 256 | "description": "Returns a paginated list of alerts from the Prisma Cloud platform.\n\n" 257 | }, 258 | "response": [] 259 | } 260 | ] 261 | } -------------------------------------------------------------------------------- /Collection_Runner/Bulk_Archive_Compute_Incidents/Bulk_Archive_Compute_Incidents.postman_collection.json: -------------------------------------------------------------------------------- 1 | { 2 | "info": { 3 | "_postman_id": "4a878165-87b9-4744-8fa4-ec8b2b6bf5a5", 4 | "name": "Bulk_Archive_Compute_Incidents", 5 | "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", 6 | "_exporter_id": "7204263" 7 | }, 8 | "item": [ 9 | { 10 | "name": "Login Generate Token", 11 | "event": [ 12 | { 13 | "listen": "test", 14 | "script": { 15 | "exec": [ 16 | "var jsonData = JSON.parse(responseBody);", 17 | "postman.setEnvironmentVariable(\"token\", jsonData.token);" 18 | ], 19 | "type": "text/javascript" 20 | } 21 | } 22 | ], 23 | "request": { 24 | "method": "POST", 25 | "header": [ 26 | { 27 | "key": "accept", 28 | "value": "application/json; charset=UTF-8" 29 | }, 30 | { 31 | "key": "content-type", 32 | "value": "application/json" 33 | } 34 | ], 35 | "body": { 36 | "mode": "raw", 37 | "raw": "{\n \"username\": \"ACCESS_KEY\",\n \"password\": \"SECRET_KEY\"\n}" 38 | }, 39 | "url": { 40 | "raw": "https://{{api-endpoint}}/login", 41 | "protocol": "https", 42 | "host": [ 43 | "{{api-endpoint}}" 44 | ], 45 | "path": [ 46 | "login" 47 | ] 48 | }, 49 | "description": "Returns a JWT auth token for accessing the Prisma Cloud APIs. To generate a token, you must have an access key and include the following values in the request body parameter — access key ID as the username and your secret key as the password. Prisma Cloud requires this JWT in the request header to authorize API access." 50 | }, 51 | "response": [] 52 | }, 53 | { 54 | "name": "List Active Incidents", 55 | "request": { 56 | "method": "GET", 57 | "header": [ 58 | { 59 | "key": "accept", 60 | "type": "text", 61 | "value": "application/json; charset=UTF-8" 62 | }, 63 | { 64 | "key": "content-type", 65 | "type": "text", 66 | "value": "application/json" 67 | }, 68 | { 69 | "key": "x-redlock-auth", 70 | "type": "text", 71 | "value": "{{token}}" 72 | } 73 | ], 74 | "url": { 75 | "raw": "{{compute-api-endpoint}}/api/v1/audits/incidents?acknowledged=false&limit=0&offset=0&project=Central+Console&reverse=false", 76 | "host": [ 77 | "{{compute-api-endpoint}}" 78 | ], 79 | "path": [ 80 | "api", 81 | "v1", 82 | "audits", 83 | "incidents" 84 | ], 85 | "query": [ 86 | { 87 | "key": "acknowledged", 88 | "value": "false" 89 | }, 90 | { 91 | "key": "limit", 92 | "value": "0" 93 | }, 94 | { 95 | "key": "offset", 96 | "value": "0" 97 | }, 98 | { 99 | "key": "project", 100 | "value": "Central+Console" 101 | }, 102 | { 103 | "key": "reverse", 104 | "value": "false" 105 | } 106 | ] 107 | }, 108 | "description": "Lists all accounts and associated Roles in the current Prisma Cloud tenant. " 109 | }, 110 | "response": [] 111 | }, 112 | { 113 | "name": "Archive Incidents", 114 | "request": { 115 | "method": "PATCH", 116 | "header": [ 117 | { 118 | "key": "accept", 119 | "type": "text", 120 | "value": "application/json; charset=UTF-8" 121 | }, 122 | { 123 | "key": "content-type", 124 | "type": "text", 125 | "value": "application/json" 126 | }, 127 | { 128 | "key": "x-redlock-auth", 129 | "type": "text", 130 | "value": "{{token}}" 131 | } 132 | ], 133 | "body": { 134 | "mode": "raw", 135 | "raw": "{\"acknowledged\":true}" 136 | }, 137 | "url": { 138 | "raw": "{{compute-api-endpoint}}/api/v1/audits/incidents/acknowledge/{{_id}}?project=Central+Console", 139 | "host": [ 140 | "{{compute-api-endpoint}}" 141 | ], 142 | "path": [ 143 | "api", 144 | "v1", 145 | "audits", 146 | "incidents", 147 | "acknowledge", 148 | "{{_id}}" 149 | ], 150 | "query": [ 151 | { 152 | "key": "project", 153 | "value": "Central+Console" 154 | } 155 | ] 156 | }, 157 | "description": "Lists all accounts and associated Roles in the current Prisma Cloud tenant. " 158 | }, 159 | "response": [] 160 | } 161 | ] 162 | } -------------------------------------------------------------------------------- /Collection_Runner/Bulk_Archive_Compute_Incidents/README.md: -------------------------------------------------------------------------------- 1 | # This Collection Runner example is to archive Active Compute events 2 | 3 | For all examples here, it is assumed you are using the existing **Postman environment** from [the main repo](https://github.com/PaloAltoNetworks/pcs-postman). 4 | 5 | ## Setup 6 | 7 | 1. Within the Bulk Archive Compute Incidents collection find the **POST Login Generate Token** request. 8 | 2. Enter a valid `ACCESS_KEY` and `SECRET_KEY` value in the `Body` tab. 9 | 3. Submit the request to generate your JWT token. 10 | 4. Create the list of Incident IDs to archive by using the **GET List Active Incidents** request. 11 | 12 | | **_id** | 13 | |--------------------------| 14 | | 6299af31b714e5bfd23728df | 15 | | 6299ae7804891ec0812b4fd1 | 16 | | 604aa3b4bfbb730c0e3bf98b | 17 | 18 | ## Steps to iterate the CSV using the Collection Runner 19 | 20 | - Click the main Collection folder on the left sidebar. 21 | - Click the **Run Collection** option for the Collection. 22 | - Ensure the **Environment** **Prisma Cloud** is selected from the dropdown in the upper right. 23 | - In the **Functional** tab, select the `Run manually` radio button. 24 | - In the **Run configuration** section, click the **Data** `Select File` button. 25 | - Find the CSV file you created from the Active Incident List and click `Open`. 26 | - Click the `Preview` button to double-check the format and content. 27 | - Click the `Run...` button. 28 | 29 | ## That should be it! 30 | 31 | You should see the Collection Runner "Run Results" 32 | 33 | 34 | ## Troubleshooting 35 | 36 | | Error | Did you check? | 37 | |------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| 38 | | POST Error | Make sure you imported the **Prisma Cloud Postman Environment**, and you set the correct [API endpoint](https://github.com/PaloAltoNetworks/pcs-postman#instructions-on-how-to-setup-the-postman-collections-and-environments-relating-to-prisma-cloud-including-compute-console-api-requests) | 39 | | 400 Bad Request | If you are getting 200s for the Login POST and List Incidents GET, and only a 400 for the actual Archive Incident POST, check your CSV format | 40 | | 401 Unauthorized | Make sure you set the proper Access/Secret key in the Body of the Login request | 41 | 42 | _As always, if anything is incorrect or needs to be updated, please submit a PR and we will take a look._ -------------------------------------------------------------------------------- /Collection_Runner/Bulk_Archive_Compute_Incidents/example_event_archive.csv: -------------------------------------------------------------------------------- 1 | _id 2 | 604aa3dabfbb730c0e3bf98d 3 | 604aa3b4bfbb730c0e3bf98c 4 | 604aa3b4bfbb730c0e3bf98b -------------------------------------------------------------------------------- /Collection_Runner/README.md: -------------------------------------------------------------------------------- 1 | # Collection Runner 2 | This feature within Postman is a simple way to loop or create iterations for different API calls, with the ability to use an input file (a CSV of users in our example here) 3 | 4 | For all examples here, it is assumed you are using the existing **Postman environment** from [the main repo here](https://github.com/PaloAltoNetworks/pcs-postman). 5 | 6 | There are also 2 docs directly from Postman that outline similar scenarios of how to generically use Collection Runner to loop through iterations. 7 | 8 | 1. [Looping through a Data File](https://blog.postman.com/looping-through-a-data-file-in-the-postman-collection-runner/) 9 | 10 | 2. [Working with data files, ramen example](https://documenter.getpostman.com/view/1559645/RVu4GVAs) 11 | 12 | ## Notes 13 | There is a separate Collection specific to each use-case, but almost (if not all) will just be leveraging existing API calls from [the main repo here](https://github.com/PaloAltoNetworks/pcs-postman) -------------------------------------------------------------------------------- /Compute Console.postman_collection.json: -------------------------------------------------------------------------------- 1 | { 2 | "info": { 3 | "_postman_id": "d00c281c-8bfc-43dd-8f87-d76e90c7ffec", 4 | "name": "Compute Console", 5 | "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", 6 | "_exporter_id": "3309461" 7 | }, 8 | "item": [ 9 | { 10 | "name": "Authenticate (Login)", 11 | "item": [ 12 | { 13 | "name": "Login Generate Token", 14 | "event": [ 15 | { 16 | "listen": "test", 17 | "script": { 18 | "exec": [ 19 | "var jsonData = JSON.parse(responseBody);", 20 | "postman.setEnvironmentVariable(\"compute-token\", jsonData.token);" 21 | ], 22 | "type": "text/javascript" 23 | } 24 | } 25 | ], 26 | "request": { 27 | "method": "POST", 28 | "header": [ 29 | { 30 | "key": "content-type", 31 | "value": "application/json" 32 | } 33 | ], 34 | "body": { 35 | "mode": "raw", 36 | "raw": "{\n \"username\":\"{{ACCESS_KEY}}\",\n \"password\":\"{{SECRET_KEY}}\"\n}" 37 | }, 38 | "url": { 39 | "raw": "{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/authenticate", 40 | "host": [ 41 | "{{compute-api-endpoint}}{{console-port}}" 42 | ], 43 | "path": [ 44 | "api", 45 | "{{api-version}}", 46 | "authenticate" 47 | ] 48 | }, 49 | "description": "Returns a JWT auth token for accessing the Prisma Cloud Compute APIs. To generate a token, you must have an access key and include the following values in the request body parameter — access key ID as the username and your secret key as the password. Prisma Cloud Compute requires this JWT in the request header to authorize API access." 50 | }, 51 | "response": [] 52 | } 53 | ], 54 | "event": [ 55 | { 56 | "listen": "prerequest", 57 | "script": { 58 | "type": "text/javascript", 59 | "exec": [ 60 | "" 61 | ] 62 | } 63 | }, 64 | { 65 | "listen": "test", 66 | "script": { 67 | "type": "text/javascript", 68 | "exec": [ 69 | "" 70 | ] 71 | } 72 | } 73 | ] 74 | }, 75 | { 76 | "name": "Ping", 77 | "item": [ 78 | { 79 | "name": "Ping or Health Check", 80 | "event": [ 81 | { 82 | "listen": "test", 83 | "script": { 84 | "exec": [ 85 | "" 86 | ], 87 | "type": "text/javascript" 88 | } 89 | } 90 | ], 91 | "protocolProfileBehavior": { 92 | "disableBodyPruning": true 93 | }, 94 | "request": { 95 | "method": "GET", 96 | "header": [ 97 | { 98 | "key": "Authorization", 99 | "value": "Bearer {{compute-token}}", 100 | "disabled": true 101 | }, 102 | { 103 | "key": "Content-Type", 104 | "value": "application/json" 105 | } 106 | ], 107 | "body": { 108 | "mode": "raw", 109 | "raw": "" 110 | }, 111 | "url": { 112 | "raw": "{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/_ping", 113 | "host": [ 114 | "{{compute-api-endpoint}}{{console-port}}" 115 | ], 116 | "path": [ 117 | "api", 118 | "{{api-version}}", 119 | "_ping" 120 | ] 121 | }, 122 | "description": "Checks if Console is reachable over the network from the host where you call the endpoint. If you get a response code of 200, the request succeeded, and Console is both alive and reachable." 123 | }, 124 | "response": [] 125 | } 126 | ] 127 | }, 128 | { 129 | "name": "Alert Profiles", 130 | "item": [ 131 | { 132 | "name": "Alert Profiles", 133 | "event": [ 134 | { 135 | "listen": "test", 136 | "script": { 137 | "exec": [ 138 | "" 139 | ], 140 | "type": "text/javascript" 141 | } 142 | } 143 | ], 144 | "protocolProfileBehavior": { 145 | "disableBodyPruning": true 146 | }, 147 | "request": { 148 | "method": "GET", 149 | "header": [ 150 | { 151 | "key": "Authorization", 152 | "value": "Bearer {{compute-token}}" 153 | }, 154 | { 155 | "key": "Content-Type", 156 | "value": "application/json" 157 | } 158 | ], 159 | "body": { 160 | "mode": "raw", 161 | "raw": "" 162 | }, 163 | "url": { 164 | "raw": "{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/alert-profiles", 165 | "host": [ 166 | "{{compute-api-endpoint}}{{console-port}}" 167 | ], 168 | "path": [ 169 | "api", 170 | "{{api-version}}", 171 | "alert-profiles" 172 | ] 173 | }, 174 | "description": "Retrieve a list of all alert profiles created in the system." 175 | }, 176 | "response": [] 177 | }, 178 | { 179 | "name": "Add Alert Profile", 180 | "event": [ 181 | { 182 | "listen": "test", 183 | "script": { 184 | "exec": [ 185 | "" 186 | ], 187 | "type": "text/javascript" 188 | } 189 | } 190 | ], 191 | "request": { 192 | "method": "POST", 193 | "header": [ 194 | { 195 | "key": "Authorization", 196 | "value": "Bearer {{compute-token}}" 197 | }, 198 | { 199 | "key": "Content-Type", 200 | "value": "application/json" 201 | } 202 | ], 203 | "body": { 204 | "mode": "raw", 205 | "raw": "{\n \"name\": \"jira\",\n \"_id\": \"jira\",\n \"jira\": {\n \"enabled\": true,\n \"projectKey\": \"TWIS\",\n \"issueType\": \"Task\",\n \"priority\": \"High\",\n \"labels\": [],\n \"assignee\": \"\"\n }\n}" 206 | }, 207 | "url": { 208 | "raw": "{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/alert-profiles", 209 | "host": [ 210 | "{{compute-api-endpoint}}{{console-port}}" 211 | ], 212 | "path": [ 213 | "api", 214 | "{{api-version}}", 215 | "alert-profiles" 216 | ] 217 | }, 218 | "description": "The following example curl command uses basic auth to add a Jira Alert profile:\n\nBody\nMedia type: application/json\n\nType: object\n\nProperties\n-: (string)\nConsoleAddress is the console address used by the admin to access the console, used for redirecting to the Console container\n\n_id: (string)\nID is the alert profile ID\n\ndemisto: (object)\nDemistoSettings contains the Demisto alert profile settings\n\nenabled: (boolean)\nEnabled is the Demisto provider enabled/disabled indicator\n\ndisabled: (boolean)\nDisabled states if the rule is currently disabled\n\nemail: (object)\nEmailSettings contains the email alert profile settings\n\ncredentialId: (string)\nCredentialID is the Email authentication credentials id\n\nenabled: (boolean)\nfrom: (string)\nFrom is the from address of the mail\n\nlabels: (string)\nLabels are custom label names from which the mail recipients are extracted, allowing to dynamically extract the target of the alerts\n\nport: (integer)\nrecipients: (string)\nsmtpAddress: (string)\nssl: (boolean)\ngcpPubsub: (object)\nGcpPubsubSettings contains the GCP Pub/Sub alert profile settings\n\ncredentialId: (string)\nCredentialID is the GCP Pub/Sub authentication credentials id\n\nenabled: (boolean)\nEnabled indicates whether the GCP Pub/Sub settings are enabled\n\ntopic: (string)\nTopic is the GCP Pub/Sub topic (used by subscribers to listen for messages)\n\njira: (object)\nJIRASettings contains the JIRA alert profile settings\n\nassignee: (object)\nAssignee is the assignee of the issue\n\nlabels: (string)\nLabels are the dynamic labels of which the value is based on\n\nname: (string)\nName is the static string field\n\nbaseUrl: (string)\nBaseURL is the JIRA address\n\ncaCert: (string)\nCACert is the certificate used to verify the server\n\ncredentialId: (string)\nCredentialID is the JIRA authentication credentials id\n\nenabled: (boolean)\nEnabled controls whether the rule is enabled\n\nissueType: (string)\nIssueType is the type of the JIRA issue\n\nlabels: (object)\nLabels is the labels added to the created issue\n\nlabels: (string)\nLabels are the dynamic labels of which JIRA labels are based on\n\nnames: (string)\nNames are the static strings field\n\npriority: (string)\nPriority is the issue priority\n\nprojectKey: (object)\nProjectKey is the key of the project in which the issue will be created\n\nlabels: (string)\nLabels are the dynamic labels of which the value is based on\n\nname: (string)\nName is the static string field\n\nlastError: (string)\nLastError represents the last error when sending the profile\n\nmodified: (datetime)\nname: (string)\nnotes: (string)\nNotes are the rule's user notes\n\nowner: (string)\npagerduty: (object)\nPagerDutySettings contains the PagerDuty alert profile settings\n\nenabled: (boolean)\nEnabled is PagerDuty provider enabled/disabled indicator\n\nroutingKey: (object)\nRoutingKey is the unique PagerDuty service id\n\nencrypted: (string)\nplain: (string)\nPlain is the plain text value (remark: marshalling to JSON will be converted to encrypted value)\n\nseverity: (object)\nSeverity is the PagerDuty's event severity\n\nsummary: (string)\nSummary is the PagerDuty's event summary\n\npreviousName: (string)\nPreviousName is the rule previous name, required for rule renaming\n\nsecurityAdvisor: (object)\nSecurityAdvisor contains the IBM security advisor alert profile settings\n\nauto: (boolean)\nAutomatic means the configuration was automatically provisioned by security advisor, and only notes should be created\n\ncredentialID: (string)\nCredentialID is the IBM security advisor credential\n\nenabled: (boolean)\nEnabled indicates whether the overbridge settings are enabled\n\nfindingsURL: (string)\nFindingsURL is the URL to which findings should be sent\n\nproviderId: (string)\nProviderID is the configured providerID (default twistlock)\n\ntokenURL: (string)\nTokenURL is the url from which security tokens should be fetched\n\nsecurityCenter: (object)\nSecurityCenterSettings contains the security center alert profile settings\n\ncredentialId: (string)\nCredentialID is the Security Center authentication credentials id\n\nenabled: (boolean)\nsourceID: (string)\nSourceID is the google cloud security center organization source ID (used to construct security advisor findings)\n\nsecurityHub: (object)\nSecurityHub contains the AWS security hub alert profile settings\n\naccountID: (string)\nAccountID is the AWS account ID\n\ncredentialId: (string)\nCredentialID is the SecurityHub authentication credentials id\n\nenabled: (boolean)\nEnabled indicates whether the overbridge settings are enabled\n\nregion: (string)\nRegion is the overbridge region\n\nroleArn: (string)\nRoleARN is the Amazon Resource Name (ARN) of the role to assume\n\nuseAWSRole: (boolean)\nUseAWSRole is a flag indicates if local IAM role should be used for authentication (username and password would are ignored)\n\nslack: (object)\nSlackSettings contains the slack alert profile settings\n\nchannels: (string)\nenabled: (boolean)\nusers: (string)\nwebhookUrl: (string)\nwebhook: (object)\nWebhookSettings contains the Webhook alert profile settings\n\ncaCert: (string)\nCACert is the certificate used to verify the server\n\ncredentialId: (string)\nCredentialID is the id of the basic authentication credential\n\nenabled: (boolean)\nEnabled is Webhook provider enabled/disabled indicator\n\njson: (string)\nJson is the custom json we send to the url\n\nurl: (string)\nURL is the Webhook address" 219 | }, 220 | "response": [] 221 | }, 222 | { 223 | "name": "Alert Profiles Names", 224 | "event": [ 225 | { 226 | "listen": "test", 227 | "script": { 228 | "exec": [ 229 | "" 230 | ], 231 | "type": "text/javascript" 232 | } 233 | } 234 | ], 235 | "protocolProfileBehavior": { 236 | "disableBodyPruning": true 237 | }, 238 | "request": { 239 | "method": "GET", 240 | "header": [ 241 | { 242 | "key": "Authorization", 243 | "value": "Bearer {{compute-token}}" 244 | }, 245 | { 246 | "key": "Content-Type", 247 | "value": "application/json" 248 | } 249 | ], 250 | "body": { 251 | "mode": "raw", 252 | "raw": "" 253 | }, 254 | "url": { 255 | "raw": "{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/alert-profiles/names", 256 | "host": [ 257 | "{{compute-api-endpoint}}{{console-port}}" 258 | ], 259 | "path": [ 260 | "api", 261 | "{{api-version}}", 262 | "alert-profiles", 263 | "names" 264 | ] 265 | }, 266 | "description": "Retrieve a list of only the names of all alert profiles created in the system." 267 | }, 268 | "response": [] 269 | }, 270 | { 271 | "name": "Alert Profile Test", 272 | "event": [ 273 | { 274 | "listen": "test", 275 | "script": { 276 | "exec": [ 277 | "" 278 | ], 279 | "type": "text/javascript" 280 | } 281 | } 282 | ], 283 | "request": { 284 | "method": "POST", 285 | "header": [ 286 | { 287 | "key": "Authorization", 288 | "value": "Bearer {{compute-token}}" 289 | }, 290 | { 291 | "key": "Content-Type", 292 | "value": "application/json" 293 | } 294 | ], 295 | "body": { 296 | "mode": "raw", 297 | "raw": "##This is from the GET Alert Profiles API call##\n" 298 | }, 299 | "url": { 300 | "raw": "{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/alert-profiles/test", 301 | "host": [ 302 | "{{compute-api-endpoint}}{{console-port}}" 303 | ], 304 | "path": [ 305 | "api", 306 | "{{api-version}}", 307 | "alert-profiles", 308 | "test" 309 | ] 310 | }, 311 | "description": "Sends a test alert to verify successful configuration of the alert profile settings." 312 | }, 313 | "response": [] 314 | }, 315 | { 316 | "name": "Alert Profile DELETE", 317 | "event": [ 318 | { 319 | "listen": "test", 320 | "script": { 321 | "exec": [ 322 | "" 323 | ], 324 | "type": "text/javascript" 325 | } 326 | } 327 | ], 328 | "request": { 329 | "method": "DELETE", 330 | "header": [ 331 | { 332 | "key": "Authorization", 333 | "value": "Bearer {{compute-token}}" 334 | }, 335 | { 336 | "key": "Content-Type", 337 | "value": "application/json" 338 | } 339 | ], 340 | "body": { 341 | "mode": "raw", 342 | "raw": "##This is from the GET Alert Profiles API call##\n" 343 | }, 344 | "url": { 345 | "raw": "{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/alert-profiles/ID", 346 | "host": [ 347 | "{{compute-api-endpoint}}{{console-port}}" 348 | ], 349 | "path": [ 350 | "api", 351 | "{{api-version}}", 352 | "alert-profiles", 353 | "ID" 354 | ] 355 | }, 356 | "description": "Deletes an alert profile entry by name. In the request payload, specify the alert profile name. This method has no response data." 357 | }, 358 | "response": [] 359 | } 360 | ] 361 | }, 362 | { 363 | "name": "Audits", 364 | "item": [ 365 | { 366 | "name": "Get Audit Access Logs", 367 | "event": [ 368 | { 369 | "listen": "test", 370 | "script": { 371 | "exec": [ 372 | "" 373 | ], 374 | "type": "text/javascript" 375 | } 376 | } 377 | ], 378 | "protocolProfileBehavior": { 379 | "disableBodyPruning": true 380 | }, 381 | "request": { 382 | "method": "GET", 383 | "header": [ 384 | { 385 | "key": "Authorization", 386 | "value": "Bearer {{compute-token}}" 387 | }, 388 | { 389 | "key": "Content-Type", 390 | "value": "application/json" 391 | } 392 | ], 393 | "body": { 394 | "mode": "raw", 395 | "raw": "" 396 | }, 397 | "url": { 398 | "raw": "{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/audits/access", 399 | "host": [ 400 | "{{compute-api-endpoint}}{{console-port}}" 401 | ], 402 | "path": [ 403 | "api", 404 | "{{api-version}}", 405 | "audits", 406 | "access" 407 | ] 408 | }, 409 | "description": "Query Parameters\nallow: (string)\nAllow indicated whether allowed requests should be shown\n\napi: (string)\nAPIs are apis to filter by\n\nhostname: (string)\nHosts are hosts to filter by\n\nruleName: (string)\nRuleNames are the rules names to filter by\n\ntype: (string)\nType is the audit type\n\nuser: (string)\nUsers are users to filter by\n\nBody\nMedia type: application/json\n\nType: object\n\nProperties\n_id: (object)\nID is id representation\n\naccountID: (string)\nAccountID is the cloud account ID where the audit was created\n\nallow: (boolean)\nAllow indicates whether the command was allowe or denied\n\napi: (string)\nAPI is the api that is being audited\n\ncollections: (string)\nCollections are collections to which this audit applies\n\ncontainerName: (string)\nContainerName is the name of the container\n\nfqdn: (string)\nFQDN is the fully qualified domain name from which the audit originated\n\nhostname: (string)\nHostname is the hostname from which the audit originated\n\nimageName: (string)\nImageName is the name of the image\n\nmsg: (string)\nMsg is the message explaining the audit\n\nruleName: (string)\nRulesName is contains the name of the rule that was applied, when blocked\n\nsourceIP: (string)\nSourceIP is the remote agent's source IP\n\ntime: (datetime)\nTime is the UTC time of the audit event\n\ntype: (string)\nType is the audit type\n\nuser: (string)\nUser is the user that run the command" 410 | }, 411 | "response": [] 412 | }, 413 | { 414 | "name": "DELETE Audit Access Logs", 415 | "event": [ 416 | { 417 | "listen": "test", 418 | "script": { 419 | "exec": [ 420 | "" 421 | ], 422 | "type": "text/javascript" 423 | } 424 | } 425 | ], 426 | "request": { 427 | "method": "DELETE", 428 | "header": [ 429 | { 430 | "key": "Authorization", 431 | "value": "Bearer {{compute-token}}" 432 | }, 433 | { 434 | "key": "Content-Type", 435 | "value": "application/json" 436 | } 437 | ], 438 | "body": { 439 | "mode": "raw", 440 | "raw": "" 441 | }, 442 | "url": { 443 | "raw": "{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/audits/access", 444 | "host": [ 445 | "{{compute-api-endpoint}}{{console-port}}" 446 | ], 447 | "path": [ 448 | "api", 449 | "{{api-version}}", 450 | "audits", 451 | "access" 452 | ] 453 | }, 454 | "description": "Deletes all access audits. This deletion cannot be undone." 455 | }, 456 | "response": [] 457 | }, 458 | { 459 | "name": "Get Audit Access Download Logs", 460 | "event": [ 461 | { 462 | "listen": "test", 463 | "script": { 464 | "exec": [ 465 | "" 466 | ], 467 | "type": "text/javascript" 468 | } 469 | } 470 | ], 471 | "protocolProfileBehavior": { 472 | "disableBodyPruning": true 473 | }, 474 | "request": { 475 | "method": "GET", 476 | "header": [ 477 | { 478 | "key": "Authorization", 479 | "value": "Bearer {{compute-token}}" 480 | }, 481 | { 482 | "key": "Content-Type", 483 | "value": "application/json" 484 | } 485 | ], 486 | "body": { 487 | "mode": "raw", 488 | "raw": "" 489 | }, 490 | "url": { 491 | "raw": "{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/audits/access/download?type=docker > audits.csv", 492 | "host": [ 493 | "{{compute-api-endpoint}}{{console-port}}" 494 | ], 495 | "path": [ 496 | "api", 497 | "{{api-version}}", 498 | "audits", 499 | "access", 500 | "download" 501 | ], 502 | "query": [ 503 | { 504 | "key": "type", 505 | "value": "docker > audits.csv" 506 | } 507 | ] 508 | }, 509 | "description": "Query Parameters\nallow: (string)\nAllow indicated whether allowed requests should be shown\n\napi: (string)\nAPIs are apis to filter by\n\nhostname: (string)\nHosts are hosts to filter by\n\nruleName: (string)\nRuleNames are the rules names to filter by\n\ntype: (string)\nType is the audit type\n\nuser: (string)\nUsers are users to filter by" 510 | }, 511 | "response": [] 512 | }, 513 | { 514 | "name": "Get Audit Admission Logs", 515 | "event": [ 516 | { 517 | "listen": "test", 518 | "script": { 519 | "exec": [ 520 | "" 521 | ], 522 | "type": "text/javascript" 523 | } 524 | } 525 | ], 526 | "protocolProfileBehavior": { 527 | "disableBodyPruning": true 528 | }, 529 | "request": { 530 | "method": "GET", 531 | "header": [ 532 | { 533 | "key": "Authorization", 534 | "value": "Bearer {{compute-token}}" 535 | }, 536 | { 537 | "key": "Content-Type", 538 | "value": "application/json" 539 | } 540 | ], 541 | "body": { 542 | "mode": "raw", 543 | "raw": "" 544 | }, 545 | "url": { 546 | "raw": "{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/audits/admission", 547 | "host": [ 548 | "{{compute-api-endpoint}}{{console-port}}" 549 | ], 550 | "path": [ 551 | "api", 552 | "{{api-version}}", 553 | "audits", 554 | "admission" 555 | ] 556 | }, 557 | "description": "AdmissionAudits returns all admission audits according to the query specification. Minimum role required to access this endpoint: devSecOps.\n\nQuery Parameters\nnamespace: (string)\nNamespaces is the list of namespaces to use for filtering\n\noperation: (string)\nOperations is the list of operations to use for filtering\n\nBody\nMedia type: application/json\n\nType: object\n\nProperties\naccountID: (string)\nAccountID is the cloud account ID\n\ncollections: (string)\nCollections are collections to which this audit applies\n\neffect: (string)\nEffect is the rule effect which was applied to the review which led to this audit\n\nkind: (string)\nKind is the type of object being manipulated. For example: Pod\n\nmessage: (string)\nMessage is the rule user defined message which appears on audit\n\nnamespace: (string)\nNamespace is the namespace associated with the request (if any)\n\noperation: (string)\nOperation is the operation being performed\n\nrawRequest: (string)\nRawRequest is the original review request that caused this audit\n\nresource: (string)\nResource is the name of the resource being requested. This is not the kind. For example: pods\n\nruleName: (string)\nRuleName is the name of the rule which issued this audit\n\ntime: (datetime)\nTime is the time at which the audit was generated\n\nuserGroups: (string)\nUserGroups is the names of groups this user is a part of\n\nuserUid: (string)\nUserUID is a unique value that identifies this user across time. If this user isdeleted and another user by the same name is added, they will havedifferent UIDs\n\nusername: (string)\nUsername is the name that uniquely identifies this user among all active users" 558 | }, 559 | "response": [] 560 | }, 561 | { 562 | "name": "Download Incident Audit Events", 563 | "request": { 564 | "method": "GET", 565 | "header": [ 566 | { 567 | "key": "Accept", 568 | "value": "application/json; charset=UTF-8" 569 | }, 570 | { 571 | "key": "Content-Type", 572 | "value": "application/json" 573 | } 574 | ], 575 | "url": { 576 | "raw": "{{compute-api-endpoint}}/api/{{api-version}}/audits/incidents/download", 577 | "host": [ 578 | "{{compute-api-endpoint}}" 579 | ], 580 | "path": [ 581 | "api", 582 | "{{api-version}}", 583 | "audits", 584 | "incidents", 585 | "download" 586 | ], 587 | "query": [ 588 | { 589 | "key": "id", 590 | "value": "", 591 | "disabled": true 592 | } 593 | ] 594 | } 595 | }, 596 | "response": [] 597 | }, 598 | { 599 | "name": "Get Incident Audit Events", 600 | "request": { 601 | "method": "GET", 602 | "header": [ 603 | { 604 | "key": "Accept", 605 | "value": "application/json; charset=UTF-8" 606 | }, 607 | { 608 | "key": "Content-Type", 609 | "value": "application/json" 610 | } 611 | ], 612 | "url": { 613 | "raw": "{{compute-api-endpoint}}/api/{{api-version}}//audits/incidents", 614 | "host": [ 615 | "{{compute-api-endpoint}}" 616 | ], 617 | "path": [ 618 | "api", 619 | "{{api-version}}", 620 | "", 621 | "audits", 622 | "incidents" 623 | ], 624 | "query": [ 625 | { 626 | "key": "id", 627 | "value": "", 628 | "disabled": true 629 | }, 630 | { 631 | "key": "limit", 632 | "value": "", 633 | "disabled": true 634 | } 635 | ] 636 | } 637 | }, 638 | "response": [] 639 | }, 640 | { 641 | "name": "Download Runtime Container Audit Events", 642 | "request": { 643 | "method": "GET", 644 | "header": [ 645 | { 646 | "key": "Accept", 647 | "value": "application/json; charset=UTF-8" 648 | }, 649 | { 650 | "key": "Content-Type", 651 | "value": "application/json" 652 | } 653 | ], 654 | "url": { 655 | "raw": "{{compute-api-endpoint}}/api/{{api-version}}/audits/runtime/container/download", 656 | "host": [ 657 | "{{compute-api-endpoint}}" 658 | ], 659 | "path": [ 660 | "api", 661 | "{{api-version}}", 662 | "audits", 663 | "runtime", 664 | "container", 665 | "download" 666 | ], 667 | "query": [ 668 | { 669 | "key": "containerID", 670 | "value": "", 671 | "disabled": true 672 | }, 673 | { 674 | "key": "container", 675 | "value": "", 676 | "disabled": true 677 | }, 678 | { 679 | "key": "time", 680 | "value": "", 681 | "disabled": true 682 | } 683 | ] 684 | } 685 | }, 686 | "response": [] 687 | }, 688 | { 689 | "name": "Get Runtime Container Audit Events", 690 | "request": { 691 | "method": "GET", 692 | "header": [ 693 | { 694 | "key": "Accept", 695 | "value": "application/json; charset=UTF-8" 696 | }, 697 | { 698 | "key": "Content-Type", 699 | "value": "application/json" 700 | } 701 | ], 702 | "url": { 703 | "raw": "{{compute-api-endpoint}}/api/{{api-version}}/audits/runtime/container", 704 | "host": [ 705 | "{{compute-api-endpoint}}" 706 | ], 707 | "path": [ 708 | "api", 709 | "{{api-version}}", 710 | "audits", 711 | "runtime", 712 | "container" 713 | ], 714 | "query": [ 715 | { 716 | "key": "containerID", 717 | "value": "", 718 | "disabled": true 719 | }, 720 | { 721 | "key": "container", 722 | "value": "", 723 | "disabled": true 724 | } 725 | ] 726 | } 727 | }, 728 | "response": [] 729 | } 730 | ] 731 | }, 732 | { 733 | "name": "Authenticate Client", 734 | "item": [] 735 | }, 736 | { 737 | "name": "Backups", 738 | "item": [] 739 | }, 740 | { 741 | "name": "Certificates", 742 | "item": [ 743 | { 744 | "name": "Certificate Settings", 745 | "event": [ 746 | { 747 | "listen": "test", 748 | "script": { 749 | "exec": [ 750 | "" 751 | ], 752 | "type": "text/javascript" 753 | } 754 | } 755 | ], 756 | "protocolProfileBehavior": { 757 | "disableBodyPruning": true 758 | }, 759 | "request": { 760 | "method": "GET", 761 | "header": [ 762 | { 763 | "key": "Authorization", 764 | "value": "Bearer {{compute-token}}" 765 | }, 766 | { 767 | "key": "Content-Type", 768 | "value": "application/json" 769 | } 770 | ], 771 | "body": { 772 | "mode": "raw", 773 | "raw": "" 774 | }, 775 | "url": { 776 | "raw": "{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/certs/service-parameter", 777 | "host": [ 778 | "{{compute-api-endpoint}}{{console-port}}" 779 | ], 780 | "path": [ 781 | "api", 782 | "{{api-version}}", 783 | "certs", 784 | "service-parameter" 785 | ] 786 | } 787 | }, 788 | "response": [] 789 | } 790 | ] 791 | }, 792 | { 793 | "name": "Cloud", 794 | "item": [ 795 | { 796 | "name": "Get Cloud Discovery Results", 797 | "event": [ 798 | { 799 | "listen": "test", 800 | "script": { 801 | "exec": [ 802 | "" 803 | ], 804 | "type": "text/javascript" 805 | } 806 | } 807 | ], 808 | "protocolProfileBehavior": { 809 | "disableBodyPruning": true 810 | }, 811 | "request": { 812 | "method": "GET", 813 | "header": [ 814 | { 815 | "key": "Authorization", 816 | "value": "Bearer {{compute-token}}" 817 | }, 818 | { 819 | "key": "Content-Type", 820 | "value": "application/json" 821 | } 822 | ], 823 | "body": { 824 | "mode": "raw", 825 | "raw": "" 826 | }, 827 | "url": { 828 | "raw": "{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/cloud/discovery", 829 | "host": [ 830 | "{{compute-api-endpoint}}{{console-port}}" 831 | ], 832 | "path": [ 833 | "api", 834 | "{{api-version}}", 835 | "cloud", 836 | "discovery" 837 | ] 838 | }, 839 | "description": "Returns a list of all cloud discovery scan results." 840 | }, 841 | "response": [] 842 | } 843 | ] 844 | }, 845 | { 846 | "name": "Collections", 847 | "item": [] 848 | }, 849 | { 850 | "name": "Config", 851 | "item": [] 852 | }, 853 | { 854 | "name": "Containers", 855 | "item": [ 856 | { 857 | "name": "Get Container Scan Results", 858 | "request": { 859 | "method": "GET", 860 | "header": [ 861 | { 862 | "key": "Accept", 863 | "value": "application/json; charset=UTF-8" 864 | }, 865 | { 866 | "key": "Content-Type", 867 | "value": "application/json" 868 | } 869 | ], 870 | "url": { 871 | "raw": "{{compute-api-endpoint}}/api/{{api-version}}/containers", 872 | "host": [ 873 | "{{compute-api-endpoint}}" 874 | ], 875 | "path": [ 876 | "api", 877 | "{{api-version}}", 878 | "containers" 879 | ], 880 | "query": [ 881 | { 882 | "key": "clusters", 883 | "value": "", 884 | "disabled": true 885 | } 886 | ] 887 | } 888 | }, 889 | "response": [] 890 | }, 891 | { 892 | "name": "Download Container Scan Results", 893 | "request": { 894 | "method": "GET", 895 | "header": [ 896 | { 897 | "key": "Accept", 898 | "value": "application/json; charset=UTF-8" 899 | }, 900 | { 901 | "key": "Content-Type", 902 | "value": "application/json" 903 | } 904 | ], 905 | "url": { 906 | "raw": "{{compute-api-endpoint}}/api/{{api-version}}/containers/download", 907 | "host": [ 908 | "{{compute-api-endpoint}}" 909 | ], 910 | "path": [ 911 | "api", 912 | "{{api-version}}", 913 | "containers", 914 | "download" 915 | ], 916 | "query": [ 917 | { 918 | "key": "clusters", 919 | "value": "", 920 | "disabled": true 921 | } 922 | ] 923 | } 924 | }, 925 | "response": [] 926 | }, 927 | { 928 | "name": "Get Container Names", 929 | "request": { 930 | "method": "GET", 931 | "header": [ 932 | { 933 | "key": "Accept", 934 | "value": "application/json; charset=UTF-8" 935 | }, 936 | { 937 | "key": "Content-Type", 938 | "value": "application/json" 939 | } 940 | ], 941 | "url": { 942 | "raw": "{{compute-api-endpoint}}/api/{{api-version}}/containers/names", 943 | "host": [ 944 | "{{compute-api-endpoint}}" 945 | ], 946 | "path": [ 947 | "api", 948 | "{{api-version}}", 949 | "containers", 950 | "names" 951 | ], 952 | "query": [ 953 | { 954 | "key": "clusters", 955 | "value": "", 956 | "disabled": true 957 | } 958 | ] 959 | } 960 | }, 961 | "response": [] 962 | }, 963 | { 964 | "name": "Get Container Count", 965 | "request": { 966 | "method": "GET", 967 | "header": [ 968 | { 969 | "key": "Accept", 970 | "value": "application/json; charset=UTF-8" 971 | }, 972 | { 973 | "key": "Content-Type", 974 | "value": "application/json" 975 | } 976 | ], 977 | "url": { 978 | "raw": "{{compute-api-endpoint}}/api/{{api-version}}/containers/count", 979 | "host": [ 980 | "{{compute-api-endpoint}}" 981 | ], 982 | "path": [ 983 | "api", 984 | "{{api-version}}", 985 | "containers", 986 | "count" 987 | ], 988 | "query": [ 989 | { 990 | "key": "clusters", 991 | "value": "", 992 | "disabled": true 993 | } 994 | ] 995 | } 996 | }, 997 | "response": [] 998 | } 999 | ] 1000 | }, 1001 | { 1002 | "name": "Credentials", 1003 | "item": [] 1004 | }, 1005 | { 1006 | "name": "Custom Compliance Checks", 1007 | "item": [] 1008 | }, 1009 | { 1010 | "name": "CVEs", 1011 | "item": [] 1012 | }, 1013 | { 1014 | "name": "Defenders", 1015 | "item": [ 1016 | { 1017 | "name": "Install Bundle", 1018 | "event": [ 1019 | { 1020 | "listen": "test", 1021 | "script": { 1022 | "exec": [ 1023 | "" 1024 | ], 1025 | "type": "text/javascript" 1026 | } 1027 | } 1028 | ], 1029 | "protocolProfileBehavior": { 1030 | "disableBodyPruning": true 1031 | }, 1032 | "request": { 1033 | "method": "GET", 1034 | "header": [ 1035 | { 1036 | "key": "Authorization", 1037 | "value": "Bearer {{compute-token}}" 1038 | }, 1039 | { 1040 | "key": "Content-Type", 1041 | "value": "application/json" 1042 | } 1043 | ], 1044 | "body": { 1045 | "mode": "raw", 1046 | "raw": "" 1047 | }, 1048 | "url": { 1049 | "raw": "{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/defenders/install-bundle?consoleaddr={{compute-api-endpoint}}&defenderType=appEmbedded", 1050 | "host": [ 1051 | "{{compute-api-endpoint}}{{console-port}}" 1052 | ], 1053 | "path": [ 1054 | "api", 1055 | "{{api-version}}", 1056 | "defenders", 1057 | "install-bundle" 1058 | ], 1059 | "query": [ 1060 | { 1061 | "key": "consoleaddr", 1062 | "value": "{{compute-api-endpoint}}" 1063 | }, 1064 | { 1065 | "key": "defenderType", 1066 | "value": "appEmbedded", 1067 | "description": "Available options: docker, dockerWindows, swarm, daemonset, serverLinux, serverWindows, cri, fargate, appEmbedded, pcf, serverless, dcos" 1068 | } 1069 | ] 1070 | }, 1071 | "description": "Returns the certsBundle that Defender needs to securely connect to Console." 1072 | }, 1073 | "response": [] 1074 | }, 1075 | { 1076 | "name": "Defender Summary", 1077 | "event": [ 1078 | { 1079 | "listen": "test", 1080 | "script": { 1081 | "exec": [ 1082 | "" 1083 | ], 1084 | "type": "text/javascript" 1085 | } 1086 | } 1087 | ], 1088 | "protocolProfileBehavior": { 1089 | "disableBodyPruning": true 1090 | }, 1091 | "request": { 1092 | "method": "GET", 1093 | "header": [ 1094 | { 1095 | "key": "Authorization", 1096 | "value": "Bearer {{compute-token}}" 1097 | }, 1098 | { 1099 | "key": "Content-Type", 1100 | "value": "application/json" 1101 | } 1102 | ], 1103 | "body": { 1104 | "mode": "raw", 1105 | "raw": "" 1106 | }, 1107 | "url": { 1108 | "raw": "https://{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/defenders/summary", 1109 | "protocol": "https", 1110 | "host": [ 1111 | "{{compute-api-endpoint}}{{console-port}}" 1112 | ], 1113 | "path": [ 1114 | "api", 1115 | "{{api-version}}", 1116 | "defenders", 1117 | "summary" 1118 | ] 1119 | }, 1120 | "description": "List the number of Defenders in each defender category." 1121 | }, 1122 | "response": [] 1123 | } 1124 | ] 1125 | }, 1126 | { 1127 | "name": "Demisto Alerts", 1128 | "item": [] 1129 | }, 1130 | { 1131 | "name": "Deployments", 1132 | "item": [] 1133 | }, 1134 | { 1135 | "name": "Custom Feeds", 1136 | "item": [ 1137 | { 1138 | "name": "Customer Feeds Malware ", 1139 | "event": [ 1140 | { 1141 | "listen": "test", 1142 | "script": { 1143 | "exec": [ 1144 | "" 1145 | ], 1146 | "type": "text/javascript" 1147 | } 1148 | } 1149 | ], 1150 | "request": { 1151 | "method": "PUT", 1152 | "header": [ 1153 | { 1154 | "key": "Authorization", 1155 | "value": "Bearer {{compute-token}}" 1156 | }, 1157 | { 1158 | "key": "Content-Type", 1159 | "value": "application/json" 1160 | } 1161 | ], 1162 | "body": { 1163 | "mode": "raw", 1164 | "raw": "{\n\"name\": \"malware-sigs\",\n\"feed\": [\n \n{\"name\": \"rule CORE-2019.4.5220.20574-SolarWinds-Core-v2019.4.5220-Hotfix5.msp\",\"md5\": \"02af7cec58b9a5da1c542b5a32151ba1\"},\n\n{\"name\": \"rule Solarwinds Worldwide, LLC\",\"md5\": \"08e35543d6110ed11fdf558bb093d401\"},\n\n{\"name\": \"rule SolarWinds.Orion.Core.BusinessLayer.dll_1\",\"md5\": \"2c4a910a1299cdae2a4e55988a2f102e\"},\n\n{\"name\": \"rule SolarWinds.Orion.Core.BusinessLayer.dll_2\",\"md5\": \"846e27a652a5e1bfbd0ddd38a16dc865\"},\n\n{\"name\": \"rule SolarWinds.Orion.Core.BusinessLayer.dll_3\",\"md5\": \"b91ce2fa41029f6955bff20079468448\"},\n\n{\"name\": \"rule OrionImprovementBusinessLayer.2.cs\",\"md5\": \"4f2eb62fa529c0283b28d05ddd311fae\"},\n\n{\"name\": \"rule app_web_logoimagehandler.ashx.b6031896.dll\",\"md5\": \"56ceb6d0011d87b6e4d7023d7ef85676\"}\n\n]\n}" 1165 | }, 1166 | "url": { 1167 | "raw": "{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/feeds/custom/malware", 1168 | "host": [ 1169 | "{{compute-api-endpoint}}{{console-port}}" 1170 | ], 1171 | "path": [ 1172 | "api", 1173 | "{{api-version}}", 1174 | "feeds", 1175 | "custom", 1176 | "malware" 1177 | ] 1178 | }, 1179 | "description": "Query Parameters\nallow: (string)\nAllow indicated whether allowed requests should be shown\n\napi: (string)\nAPIs are apis to filter by\n\nhostname: (string)\nHosts are hosts to filter by\n\nruleName: (string)\nRuleNames are the rules names to filter by\n\ntype: (string)\nType is the audit type\n\nuser: (string)\nUsers are users to filter by\n\nBody\nMedia type: application/json\n\nType: object\n\nProperties\n_id: (object)\nID is id representation\n\naccountID: (string)\nAccountID is the cloud account ID where the audit was created\n\nallow: (boolean)\nAllow indicates whether the command was allowe or denied\n\napi: (string)\nAPI is the api that is being audited\n\ncollections: (string)\nCollections are collections to which this audit applies\n\ncontainerName: (string)\nContainerName is the name of the container\n\nfqdn: (string)\nFQDN is the fully qualified domain name from which the audit originated\n\nhostname: (string)\nHostname is the hostname from which the audit originated\n\nimageName: (string)\nImageName is the name of the image\n\nmsg: (string)\nMsg is the message explaining the audit\n\nruleName: (string)\nRulesName is contains the name of the rule that was applied, when blocked\n\nsourceIP: (string)\nSourceIP is the remote agent's source IP\n\ntime: (datetime)\nTime is the UTC time of the audit event\n\ntype: (string)\nType is the audit type\n\nuser: (string)\nUser is the user that run the command" 1180 | }, 1181 | "response": [] 1182 | }, 1183 | { 1184 | "name": "Customer Feeds Malware Copy", 1185 | "event": [ 1186 | { 1187 | "listen": "test", 1188 | "script": { 1189 | "exec": [ 1190 | "" 1191 | ], 1192 | "type": "text/javascript" 1193 | } 1194 | } 1195 | ], 1196 | "protocolProfileBehavior": { 1197 | "disableBodyPruning": true 1198 | }, 1199 | "request": { 1200 | "method": "GET", 1201 | "header": [ 1202 | { 1203 | "key": "Authorization", 1204 | "value": "Bearer {{compute-token}}" 1205 | }, 1206 | { 1207 | "key": "Content-Type", 1208 | "value": "application/json" 1209 | } 1210 | ], 1211 | "body": { 1212 | "mode": "raw", 1213 | "raw": "" 1214 | }, 1215 | "url": { 1216 | "raw": "{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/feeds/custom/malware", 1217 | "host": [ 1218 | "{{compute-api-endpoint}}{{console-port}}" 1219 | ], 1220 | "path": [ 1221 | "api", 1222 | "{{api-version}}", 1223 | "feeds", 1224 | "custom", 1225 | "malware" 1226 | ] 1227 | }, 1228 | "description": "Query Parameters\nallow: (string)\nAllow indicated whether allowed requests should be shown\n\napi: (string)\nAPIs are apis to filter by\n\nhostname: (string)\nHosts are hosts to filter by\n\nruleName: (string)\nRuleNames are the rules names to filter by\n\ntype: (string)\nType is the audit type\n\nuser: (string)\nUsers are users to filter by\n\nBody\nMedia type: application/json\n\nType: object\n\nProperties\n_id: (object)\nID is id representation\n\naccountID: (string)\nAccountID is the cloud account ID where the audit was created\n\nallow: (boolean)\nAllow indicates whether the command was allowe or denied\n\napi: (string)\nAPI is the api that is being audited\n\ncollections: (string)\nCollections are collections to which this audit applies\n\ncontainerName: (string)\nContainerName is the name of the container\n\nfqdn: (string)\nFQDN is the fully qualified domain name from which the audit originated\n\nhostname: (string)\nHostname is the hostname from which the audit originated\n\nimageName: (string)\nImageName is the name of the image\n\nmsg: (string)\nMsg is the message explaining the audit\n\nruleName: (string)\nRulesName is contains the name of the rule that was applied, when blocked\n\nsourceIP: (string)\nSourceIP is the remote agent's source IP\n\ntime: (datetime)\nTime is the UTC time of the audit event\n\ntype: (string)\nType is the audit type\n\nuser: (string)\nUser is the user that run the command" 1229 | }, 1230 | "response": [] 1231 | } 1232 | ] 1233 | }, 1234 | { 1235 | "name": "Forensics", 1236 | "item": [] 1237 | }, 1238 | { 1239 | "name": "Groups", 1240 | "item": [] 1241 | }, 1242 | { 1243 | "name": "High Availability", 1244 | "item": [] 1245 | }, 1246 | { 1247 | "name": "Hosts", 1248 | "item": [ 1249 | { 1250 | "name": "Get Host Scan Results", 1251 | "request": { 1252 | "method": "GET", 1253 | "header": [ 1254 | { 1255 | "key": "Accept", 1256 | "value": "application/json; charset=UTF-8" 1257 | }, 1258 | { 1259 | "key": "Content-Type", 1260 | "value": "application/json" 1261 | } 1262 | ], 1263 | "url": { 1264 | "raw": "{{compute-api-endpoint}}/api/{{api-version}}/hosts", 1265 | "host": [ 1266 | "{{compute-api-endpoint}}" 1267 | ], 1268 | "path": [ 1269 | "api", 1270 | "{{api-version}}", 1271 | "hosts" 1272 | ], 1273 | "query": [ 1274 | { 1275 | "key": "hostname", 1276 | "value": "", 1277 | "disabled": true 1278 | }, 1279 | { 1280 | "key": "fields", 1281 | "value": "", 1282 | "disabled": true 1283 | }, 1284 | { 1285 | "key": "type", 1286 | "value": "", 1287 | "disabled": true 1288 | }, 1289 | { 1290 | "key": "complianceissues", 1291 | "value": "true", 1292 | "disabled": true 1293 | }, 1294 | { 1295 | "key": "binaries", 1296 | "value": "false", 1297 | "disabled": true 1298 | } 1299 | ] 1300 | } 1301 | }, 1302 | "response": [] 1303 | }, 1304 | { 1305 | "name": "Download Host Scan Results", 1306 | "request": { 1307 | "method": "GET", 1308 | "header": [ 1309 | { 1310 | "key": "Accept", 1311 | "value": "application/json; charset=UTF-8" 1312 | }, 1313 | { 1314 | "key": "Content-Type", 1315 | "value": "application/json" 1316 | } 1317 | ], 1318 | "url": { 1319 | "raw": "{{compute-api-endpoint}}/api/{{api-version}}/hosts/download", 1320 | "host": [ 1321 | "{{compute-api-endpoint}}" 1322 | ], 1323 | "path": [ 1324 | "api", 1325 | "{{api-version}}", 1326 | "hosts", 1327 | "download" 1328 | ], 1329 | "query": [ 1330 | { 1331 | "key": "search", 1332 | "value": "", 1333 | "disabled": true 1334 | }, 1335 | { 1336 | "key": "time", 1337 | "value": "", 1338 | "disabled": true 1339 | }, 1340 | { 1341 | "key": "type", 1342 | "value": "", 1343 | "disabled": true 1344 | } 1345 | ] 1346 | } 1347 | }, 1348 | "response": [] 1349 | }, 1350 | { 1351 | "name": "Get Host Information", 1352 | "request": { 1353 | "method": "GET", 1354 | "header": [], 1355 | "url": { 1356 | "raw": "{{compute-api-endpoint}}/api/{{api-version}}/hosts/info", 1357 | "host": [ 1358 | "{{compute-api-endpoint}}" 1359 | ], 1360 | "path": [ 1361 | "api", 1362 | "{{api-version}}", 1363 | "hosts", 1364 | "info" 1365 | ] 1366 | } 1367 | }, 1368 | "response": [] 1369 | } 1370 | ] 1371 | }, 1372 | { 1373 | "name": "Images Scan Reports", 1374 | "item": [] 1375 | }, 1376 | { 1377 | "name": "Kubernetes ", 1378 | "item": [] 1379 | }, 1380 | { 1381 | "name": "Logs", 1382 | "item": [ 1383 | { 1384 | "name": "Console Logs", 1385 | "event": [ 1386 | { 1387 | "listen": "test", 1388 | "script": { 1389 | "exec": [ 1390 | "" 1391 | ], 1392 | "type": "text/javascript" 1393 | } 1394 | } 1395 | ], 1396 | "protocolProfileBehavior": { 1397 | "disableBodyPruning": true 1398 | }, 1399 | "request": { 1400 | "method": "GET", 1401 | "header": [ 1402 | { 1403 | "key": "Authorization", 1404 | "value": "Bearer {{compute-token}}" 1405 | }, 1406 | { 1407 | "key": "Content-Type", 1408 | "value": "application/json" 1409 | } 1410 | ], 1411 | "body": { 1412 | "mode": "raw", 1413 | "raw": "" 1414 | }, 1415 | "url": { 1416 | "raw": "https://{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/logs/console?lines=10", 1417 | "protocol": "https", 1418 | "host": [ 1419 | "{{compute-api-endpoint}}{{console-port}}" 1420 | ], 1421 | "path": [ 1422 | "api", 1423 | "{{api-version}}", 1424 | "logs", 1425 | "console" 1426 | ], 1427 | "query": [ 1428 | { 1429 | "key": "lines", 1430 | "value": "10" 1431 | } 1432 | ] 1433 | }, 1434 | "description": "Retrieves the latest Console log messages by line number" 1435 | }, 1436 | "response": [] 1437 | } 1438 | ] 1439 | }, 1440 | { 1441 | "name": "Pivotal Cloud Foundry (PCF) Droplet Scan Reports", 1442 | "item": [] 1443 | }, 1444 | { 1445 | "name": "Policies", 1446 | "item": [] 1447 | }, 1448 | { 1449 | "name": "Profiles", 1450 | "item": [] 1451 | }, 1452 | { 1453 | "name": "Projects", 1454 | "item": [] 1455 | }, 1456 | { 1457 | "name": "Radar", 1458 | "item": [] 1459 | }, 1460 | { 1461 | "name": "Registry Scan Reports", 1462 | "item": [] 1463 | }, 1464 | { 1465 | "name": "SCAP", 1466 | "item": [] 1467 | }, 1468 | { 1469 | "name": "Scripts", 1470 | "item": [ 1471 | { 1472 | "name": "Defender Install Script", 1473 | "event": [ 1474 | { 1475 | "listen": "test", 1476 | "script": { 1477 | "exec": [ 1478 | "" 1479 | ], 1480 | "type": "text/javascript" 1481 | } 1482 | } 1483 | ], 1484 | "protocolProfileBehavior": { 1485 | "disableBodyPruning": true 1486 | }, 1487 | "request": { 1488 | "method": "GET", 1489 | "header": [ 1490 | { 1491 | "key": "Authorization", 1492 | "value": "Bearer {{compute-token}}" 1493 | }, 1494 | { 1495 | "key": "Content-Type", 1496 | "value": "application/json" 1497 | } 1498 | ], 1499 | "body": { 1500 | "mode": "raw", 1501 | "raw": "" 1502 | }, 1503 | "url": { 1504 | "raw": "https://{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/scripts/defender.sh", 1505 | "protocol": "https", 1506 | "host": [ 1507 | "{{compute-api-endpoint}}{{console-port}}" 1508 | ], 1509 | "path": [ 1510 | "api", 1511 | "{{api-version}}", 1512 | "scripts", 1513 | "defender.sh" 1514 | ] 1515 | }, 1516 | "description": "Download the Defender set up script for Linux hosts." 1517 | }, 1518 | "response": [] 1519 | } 1520 | ] 1521 | }, 1522 | { 1523 | "name": "Serverless Scan Reports", 1524 | "item": [] 1525 | }, 1526 | { 1527 | "name": "Settings", 1528 | "item": [ 1529 | { 1530 | "name": "Serverless Scan Settings", 1531 | "event": [ 1532 | { 1533 | "listen": "test", 1534 | "script": { 1535 | "exec": [ 1536 | "" 1537 | ], 1538 | "type": "text/javascript" 1539 | } 1540 | } 1541 | ], 1542 | "protocolProfileBehavior": { 1543 | "disableBodyPruning": true 1544 | }, 1545 | "request": { 1546 | "method": "GET", 1547 | "header": [ 1548 | { 1549 | "key": "Authorization", 1550 | "value": "Bearer {{compute-token}}" 1551 | }, 1552 | { 1553 | "key": "Content-Type", 1554 | "value": "application/json" 1555 | } 1556 | ], 1557 | "body": { 1558 | "mode": "raw", 1559 | "raw": "" 1560 | }, 1561 | "url": { 1562 | "raw": "https://{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/settings/serverless", 1563 | "protocol": "https", 1564 | "host": [ 1565 | "{{compute-api-endpoint}}{{console-port}}" 1566 | ], 1567 | "path": [ 1568 | "api", 1569 | "{{api-version}}", 1570 | "settings", 1571 | "serverless" 1572 | ] 1573 | }, 1574 | "description": "{\n\t\"cap\":\"integer\",\n\t\"credential\":\"object\",\n\t\"_id\":\"string\",\n\t\"accountGUID\":\"string\",\n\t\"accountID\":\"string\",\n\t\"apiToken\":\"object\",\n\t\"encrypted\":\"string\",\n\t\"plain\":\"string\",\n\t\"caCert\":\"string\",\n\t\"lastModified\":\"datetime\",\n\t\"owner\":\"string\",\n\t\"secret\":\"object\",\n\t\"type\":\"object\",\n\t\"pattern\": \"string\",\n\t\"provider\":\"object\",\n\t\"region\":\"string\",\n\t\"roleArn\":\"string\",\n\t\"useAWSRole\":\"boolean\"\n}" 1575 | }, 1576 | "response": [] 1577 | }, 1578 | { 1579 | "name": "Certificate Settings", 1580 | "event": [ 1581 | { 1582 | "listen": "test", 1583 | "script": { 1584 | "exec": [ 1585 | "" 1586 | ], 1587 | "type": "text/javascript" 1588 | } 1589 | } 1590 | ], 1591 | "protocolProfileBehavior": { 1592 | "disableBodyPruning": true 1593 | }, 1594 | "request": { 1595 | "method": "GET", 1596 | "header": [ 1597 | { 1598 | "key": "Authorization", 1599 | "value": "Bearer {{compute-token}}" 1600 | }, 1601 | { 1602 | "key": "Content-Type", 1603 | "value": "application/json" 1604 | } 1605 | ], 1606 | "body": { 1607 | "mode": "raw", 1608 | "raw": "" 1609 | }, 1610 | "url": { 1611 | "raw": "{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/settings/certs", 1612 | "host": [ 1613 | "{{compute-api-endpoint}}{{console-port}}" 1614 | ], 1615 | "path": [ 1616 | "api", 1617 | "{{api-version}}", 1618 | "settings", 1619 | "certs" 1620 | ] 1621 | } 1622 | }, 1623 | "response": [] 1624 | }, 1625 | { 1626 | "name": "Serverless Scan Settings Add", 1627 | "event": [ 1628 | { 1629 | "listen": "test", 1630 | "script": { 1631 | "exec": [ 1632 | "" 1633 | ], 1634 | "type": "text/javascript" 1635 | } 1636 | } 1637 | ], 1638 | "request": { 1639 | "method": "POST", 1640 | "header": [ 1641 | { 1642 | "key": "Authorization", 1643 | "value": "Bearer {{compute-token}}" 1644 | }, 1645 | { 1646 | "key": "Content-Type", 1647 | "value": "application/json" 1648 | } 1649 | ], 1650 | "body": { 1651 | "mode": "raw", 1652 | "raw": "[\n\t{\n\t\t\"region\": \"us-east-1\",\n\t\t\"provider\": \"aws\",\n \t\"cap\": 5,\n \t\"useAWSRole\": false,\n \t\"credential\": \n {\n \"type\":\"aws\",\n \"_id\": \"CLOUD_ACCOUNT_NAME\"\n }\n }\n]" 1653 | }, 1654 | "url": { 1655 | "raw": "https://{{compute-api-endpoint}}{{console-port}}/api/{{api-version}}/settings/serverless", 1656 | "protocol": "https", 1657 | "host": [ 1658 | "{{compute-api-endpoint}}{{console-port}}" 1659 | ], 1660 | "path": [ 1661 | "api", 1662 | "{{api-version}}", 1663 | "settings", 1664 | "serverless" 1665 | ] 1666 | }, 1667 | "description": "{\n\t\"cap\":\"integer\",\n\t\"credential\":\"object\",\n\t\"_id\":\"string\",\n\t\"accountGUID\":\"string\",\n\t\"accountID\":\"string\",\n\t\"apiToken\":\"object\",\n\t\"encrypted\":\"string\",\n\t\"plain\":\"string\",\n\t\"caCert\":\"string\",\n\t\"lastModified\":\"datetime\",\n\t\"owner\":\"string\",\n\t\"secret\":\"object\",\n\t\"type\":\"object\",\n\t\"pattern\": \"string\",\n\t\"provider\":\"object\",\n\t\"region\":\"string\",\n\t\"roleArn\":\"string\",\n\t\"useAWSRole\":\"boolean\"\n}" 1668 | }, 1669 | "response": [] 1670 | } 1671 | ] 1672 | }, 1673 | { 1674 | "name": "Signup", 1675 | "item": [] 1676 | }, 1677 | { 1678 | "name": "Static", 1679 | "item": [] 1680 | }, 1681 | { 1682 | "name": "Stats", 1683 | "item": [ 1684 | { 1685 | "name": "Get Compliance Stats", 1686 | "request": { 1687 | "method": "GET", 1688 | "header": [ 1689 | { 1690 | "key": "Accept", 1691 | "value": "application/json; charset=UTF-8" 1692 | }, 1693 | { 1694 | "key": "Content-Type", 1695 | "value": "application/json" 1696 | } 1697 | ], 1698 | "url": { 1699 | "raw": "{{compute-api-endpoint}}/api/{{api-version}}/stats/compliance", 1700 | "host": [ 1701 | "{{compute-api-endpoint}}" 1702 | ], 1703 | "path": [ 1704 | "api", 1705 | "{{api-version}}", 1706 | "stats", 1707 | "compliance" 1708 | ], 1709 | "query": [ 1710 | { 1711 | "key": "id", 1712 | "value": "", 1713 | "disabled": true 1714 | }, 1715 | { 1716 | "key": "time", 1717 | "value": "", 1718 | "disabled": true 1719 | } 1720 | ] 1721 | } 1722 | }, 1723 | "response": [] 1724 | }, 1725 | { 1726 | "name": "Get Dashboard Stats", 1727 | "request": { 1728 | "method": "GET", 1729 | "header": [ 1730 | { 1731 | "key": "Accept", 1732 | "value": "application/json; charset=UTF-8" 1733 | }, 1734 | { 1735 | "key": "Content-Type", 1736 | "value": "application/json" 1737 | } 1738 | ], 1739 | "url": { 1740 | "raw": "{{compute-api-endpoint}}/api/{{api-version}}/stats/dashboard", 1741 | "host": [ 1742 | "{{compute-api-endpoint}}" 1743 | ], 1744 | "path": [ 1745 | "api", 1746 | "{{api-version}}", 1747 | "stats", 1748 | "dashboard" 1749 | ], 1750 | "query": [ 1751 | { 1752 | "key": "cluster", 1753 | "value": "", 1754 | "disabled": true 1755 | }, 1756 | { 1757 | "key": "time", 1758 | "value": "", 1759 | "disabled": true 1760 | } 1761 | ] 1762 | } 1763 | }, 1764 | "response": [] 1765 | }, 1766 | { 1767 | "name": "Download Compliance Stats", 1768 | "request": { 1769 | "method": "GET", 1770 | "header": [ 1771 | { 1772 | "key": "Accept", 1773 | "value": "application/json; charset=UTF-8" 1774 | }, 1775 | { 1776 | "key": "Content-Type", 1777 | "value": "application/json" 1778 | } 1779 | ], 1780 | "url": { 1781 | "raw": "{{compute-api-endpoint}}/api/{{api-version}}/stats/compliance/download", 1782 | "host": [ 1783 | "{{compute-api-endpoint}}" 1784 | ], 1785 | "path": [ 1786 | "api", 1787 | "{{api-version}}", 1788 | "stats", 1789 | "compliance", 1790 | "download" 1791 | ], 1792 | "query": [ 1793 | { 1794 | "key": "policyType", 1795 | "value": "", 1796 | "disabled": true 1797 | }, 1798 | { 1799 | "key": "time", 1800 | "value": "", 1801 | "disabled": true 1802 | } 1803 | ] 1804 | } 1805 | }, 1806 | "response": [] 1807 | } 1808 | ] 1809 | }, 1810 | { 1811 | "name": "Status", 1812 | "item": [] 1813 | }, 1814 | { 1815 | "name": "Tags", 1816 | "item": [] 1817 | }, 1818 | { 1819 | "name": "Trusted Images", 1820 | "item": [] 1821 | }, 1822 | { 1823 | "name": "Users", 1824 | "item": [] 1825 | }, 1826 | { 1827 | "name": "Utilities", 1828 | "item": [] 1829 | }, 1830 | { 1831 | "name": "Version", 1832 | "item": [] 1833 | }, 1834 | { 1835 | "name": "VM Image Scan Reports", 1836 | "item": [] 1837 | } 1838 | ], 1839 | "auth": { 1840 | "type": "bearer", 1841 | "bearer": [ 1842 | { 1843 | "key": "token", 1844 | "value": "{{compute-token}}", 1845 | "type": "string" 1846 | } 1847 | ] 1848 | }, 1849 | "event": [ 1850 | { 1851 | "listen": "prerequest", 1852 | "script": { 1853 | "type": "text/javascript", 1854 | "exec": [ 1855 | "" 1856 | ] 1857 | } 1858 | }, 1859 | { 1860 | "listen": "test", 1861 | "script": { 1862 | "type": "text/javascript", 1863 | "exec": [ 1864 | "" 1865 | ] 1866 | } 1867 | } 1868 | ] 1869 | } -------------------------------------------------------------------------------- /Identity based Microsegmentation.postman_collection.json: -------------------------------------------------------------------------------- 1 | { 2 | "info": { 3 | "_postman_id": "7367ee2f-5a3a-4297-9cc0-d516f094ecd7", 4 | "name": "Prisma Cloud - Identity based Microsegmentation", 5 | "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" 6 | }, 7 | "item": [ 8 | { 9 | "name": "Login", 10 | "item": [ 11 | { 12 | "name": "Login", 13 | "event": [ 14 | { 15 | "listen": "test", 16 | "script": { 17 | "exec": [ 18 | "var jsonData = JSON.parse(responseBody);", 19 | "postman.setEnvironmentVariable(\"token\", jsonData.token);" 20 | ], 21 | "type": "text/javascript" 22 | } 23 | } 24 | ], 25 | "request": { 26 | "method": "POST", 27 | "header": [ 28 | { 29 | "key": "accept", 30 | "value": "application/json; charset=UTF-8" 31 | }, 32 | { 33 | "key": "content-type", 34 | "value": "application/json" 35 | } 36 | ], 37 | "body": { 38 | "mode": "raw", 39 | "raw": "{\n \"username\": \"{{ACCESS_KEY}}\",\n \"password\": \"{{SECRET_KEY}}\"\n}" 40 | }, 41 | "url": { 42 | "raw": "https://{{api-endpoint}}/login", 43 | "protocol": "https", 44 | "host": [ 45 | "{{api-endpoint}}" 46 | ], 47 | "path": [ 48 | "login" 49 | ] 50 | }, 51 | "description": "Returns a JWT auth token for accessing the Prisma Cloud APIs. To generate a token, you must have an access key and include the following values in the request body parameter — access key ID as the username and your secret key as the password. Prisma Cloud requires this JWT in the request header to authorize API access." 52 | }, 53 | "response": [] 54 | }, 55 | { 56 | "name": "Exchange Authentication Token", 57 | "request": { 58 | "method": "POST", 59 | "header": [ 60 | { 61 | "key": "authority", 62 | "value": "{{aporeto-api-endpoint}}" 63 | }, 64 | { 65 | "key": "accept", 66 | "value": "application/json, text/plain, */*" 67 | }, 68 | { 69 | "key": "content-type", 70 | "value": "application/json" 71 | }, 72 | { 73 | "key": "cookie", 74 | "value": "x-aporeto-token" 75 | } 76 | ], 77 | "body": { 78 | "mode": "raw", 79 | "raw": "{\"metadata\":{\"token\":\"{{token}}\"},\"realm\":\"PCIdentityToken\",\"validity\":\"720h\"}" 80 | }, 81 | "url": { 82 | "raw": "https://{{aporeto-api-endpoint}}/issue?asCookie=true", 83 | "protocol": "https", 84 | "host": [ 85 | "{{aporeto-api-endpoint}}" 86 | ], 87 | "path": [ 88 | "issue" 89 | ], 90 | "query": [ 91 | { 92 | "key": "asCookie", 93 | "value": "true" 94 | } 95 | ] 96 | } 97 | }, 98 | "response": [] 99 | } 100 | ] 101 | }, 102 | { 103 | "name": "Agent (Enforcers)", 104 | "item": [ 105 | { 106 | "name": "Get Enforcers Information", 107 | "request": { 108 | "method": "GET", 109 | "header": [ 110 | { 111 | "key": "authority", 112 | "value": "{{aporeto-api-endpoint}}" 113 | }, 114 | { 115 | "key": "accept", 116 | "value": "application/json" 117 | }, 118 | { 119 | "key": "accept-language", 120 | "value": "en-US,en;q=0.9" 121 | }, 122 | { 123 | "key": "x-namespace", 124 | "value": "{{namespace}}" 125 | }, 126 | { 127 | "key": "cookie", 128 | "value": "{{aporeto-token}}" 129 | } 130 | ], 131 | "url": { 132 | "raw": "https://{{aporeto-api-endpoint}}/enforcers?limit=100&recursive=true", 133 | "protocol": "https", 134 | "host": [ 135 | "{{aporeto-api-endpoint}}" 136 | ], 137 | "path": [ 138 | "enforcers" 139 | ], 140 | "query": [ 141 | { 142 | "key": "limit", 143 | "value": "100" 144 | }, 145 | { 146 | "key": "recursive", 147 | "value": "true" 148 | }, 149 | { 150 | "key": "q", 151 | "value": "enforcementStatus+%3D%3D+Inactive", 152 | "disabled": true 153 | } 154 | ] 155 | } 156 | }, 157 | "response": [] 158 | }, 159 | { 160 | "name": "List Enforcer Profiles", 161 | "request": { 162 | "method": "GET", 163 | "header": [ 164 | { 165 | "key": "Accept", 166 | "value": "application/json" 167 | }, 168 | { 169 | "key": "X-Namespace", 170 | "value": "{{namespace}}" 171 | }, 172 | { 173 | "key": "Cookie", 174 | "value": "{{aporeto-token}}" 175 | } 176 | ], 177 | "url": { 178 | "raw": "https://{{aporeto-api-endpoint}}/enforcerprofiles?recursive=true&propagated=true", 179 | "protocol": "https", 180 | "host": [ 181 | "{{aporeto-api-endpoint}}" 182 | ], 183 | "path": [ 184 | "enforcerprofiles" 185 | ], 186 | "query": [ 187 | { 188 | "key": "limit", 189 | "value": "100", 190 | "disabled": true 191 | }, 192 | { 193 | "key": "recursive", 194 | "value": "true" 195 | }, 196 | { 197 | "key": "propagated", 198 | "value": "true" 199 | } 200 | ] 201 | } 202 | }, 203 | "response": [] 204 | }, 205 | { 206 | "name": "Create Enforcer Profile", 207 | "request": { 208 | "method": "POST", 209 | "header": [ 210 | { 211 | "key": "Content-Type", 212 | "value": "application/json" 213 | }, 214 | { 215 | "key": "Accept", 216 | "value": "application/json" 217 | }, 218 | { 219 | "key": "X-Namespace", 220 | "value": "{{namespace}}" 221 | }, 222 | { 223 | "key": "Cookie", 224 | "value": "{{aporeto-token}}" 225 | } 226 | ], 227 | "body": { 228 | "mode": "raw", 229 | "raw": "{\"remoteEnforcerEnabled\":true,\"linuxProcessesSupportEnabled\":true,\"name\":\"Enforcer_Profile\",\"targetNetworks\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"],\"excludedNetworks\":[\"127.0.0.1/32\"],\"associatedTags\":[]}" 230 | }, 231 | "url": { 232 | "raw": "https://{{aporeto-api-endpoint}}/enforcerprofiles", 233 | "protocol": "https", 234 | "host": [ 235 | "{{aporeto-api-endpoint}}" 236 | ], 237 | "path": [ 238 | "enforcerprofiles" 239 | ] 240 | } 241 | }, 242 | "response": [] 243 | }, 244 | { 245 | "name": "Delete Enforcer Profile", 246 | "request": { 247 | "method": "DELETE", 248 | "header": [ 249 | { 250 | "key": "authority", 251 | "value": "{{aporeto-api-endpoint}}" 252 | }, 253 | { 254 | "key": "accept", 255 | "value": "application/json" 256 | }, 257 | { 258 | "key": "x-namespace", 259 | "value": "{{namespace}}" 260 | }, 261 | { 262 | "key": "cookie", 263 | "value": "{{aporeto-token}}" 264 | } 265 | ], 266 | "url": { 267 | "raw": "https://{{aporeto-api-endpoint}}/enforcerprofiles/[enforcerprofile-id]", 268 | "protocol": "https", 269 | "host": [ 270 | "{{aporeto-api-endpoint}}" 271 | ], 272 | "path": [ 273 | "enforcerprofiles", 274 | "[enforcerprofile-id]" 275 | ] 276 | } 277 | }, 278 | "response": [] 279 | }, 280 | { 281 | "name": "List Enforcer Profile Mappings", 282 | "request": { 283 | "method": "GET", 284 | "header": [ 285 | { 286 | "key": "Accept", 287 | "value": "application/json" 288 | }, 289 | { 290 | "key": "X-Namespace", 291 | "value": "{{namespace}}" 292 | }, 293 | { 294 | "key": "Cookie", 295 | "value": "{{aporeto-token}}" 296 | } 297 | ], 298 | "url": { 299 | "raw": "https://{{aporeto-api-endpoint}}/enforcerprofilemappingpolicies?limit=100&recursive=true&propagated=true", 300 | "protocol": "https", 301 | "host": [ 302 | "{{aporeto-api-endpoint}}" 303 | ], 304 | "path": [ 305 | "enforcerprofilemappingpolicies" 306 | ], 307 | "query": [ 308 | { 309 | "key": "limit", 310 | "value": "100" 311 | }, 312 | { 313 | "key": "recursive", 314 | "value": "true" 315 | }, 316 | { 317 | "key": "propagated", 318 | "value": "true" 319 | } 320 | ] 321 | } 322 | }, 323 | "response": [] 324 | }, 325 | { 326 | "name": "Create Enforcer Profile Mapping", 327 | "request": { 328 | "method": "POST", 329 | "header": [ 330 | { 331 | "key": "Content-Type", 332 | "value": "application/json" 333 | }, 334 | { 335 | "key": "Accept", 336 | "value": "application/json" 337 | }, 338 | { 339 | "key": "X-Namespace", 340 | "value": "{{namespace}}" 341 | }, 342 | { 343 | "key": "Cookie", 344 | "value": "{{aporeto-token}}" 345 | } 346 | ], 347 | "body": { 348 | "mode": "raw", 349 | "raw": "{\"name\":\"Enforcer Profile\",\"propagate\":true,\"subject\":[[\"@org:group=Anything\",\"@org:cloudaccount=demo-cloud-account\",\"@org:tenant=859809532107743232\"]],\"object\":[[\"enforcerprofile=Anything\"]]}" 350 | }, 351 | "url": { 352 | "raw": "https://{{aporeto-api-endpoint}}/enforcerprofilemappingpolicies", 353 | "protocol": "https", 354 | "host": [ 355 | "{{aporeto-api-endpoint}}" 356 | ], 357 | "path": [ 358 | "enforcerprofilemappingpolicies" 359 | ] 360 | } 361 | }, 362 | "response": [] 363 | }, 364 | { 365 | "name": "Delete Enforcer Profile Mapping", 366 | "request": { 367 | "method": "DELETE", 368 | "header": [ 369 | { 370 | "key": "authority", 371 | "value": "{{aporeto-api-endpoint}}" 372 | }, 373 | { 374 | "key": "accept", 375 | "value": "application/json" 376 | }, 377 | { 378 | "key": "x-namespace", 379 | "value": "{{namespace}}" 380 | }, 381 | { 382 | "key": "cookie", 383 | "value": "{{aporeto-token}}" 384 | } 385 | ], 386 | "url": { 387 | "raw": "https://{{aporeto-api-endpoint}}/enforcerprofilemappingpolicies/[enforcerprofilemapping-id]", 388 | "protocol": "https", 389 | "host": [ 390 | "{{aporeto-api-endpoint}}" 391 | ], 392 | "path": [ 393 | "enforcerprofilemappingpolicies", 394 | "[enforcerprofilemapping-id]" 395 | ] 396 | } 397 | }, 398 | "response": [] 399 | } 400 | ] 401 | }, 402 | { 403 | "name": "Manage", 404 | "item": [ 405 | { 406 | "name": "List Namespaces", 407 | "request": { 408 | "method": "GET", 409 | "header": [ 410 | { 411 | "key": "Accept", 412 | "value": "application/json" 413 | }, 414 | { 415 | "key": "X-Namespace", 416 | "value": "{{namespace}}" 417 | }, 418 | { 419 | "key": "Cookie", 420 | "value": "{{aporeto-token}}" 421 | } 422 | ], 423 | "url": { 424 | "raw": "https://{{aporeto-api-endpoint}}/namespaces", 425 | "protocol": "https", 426 | "host": [ 427 | "{{aporeto-api-endpoint}}" 428 | ], 429 | "path": [ 430 | "namespaces" 431 | ] 432 | } 433 | }, 434 | "response": [] 435 | }, 436 | { 437 | "name": "Create Cloud Account Level Namespace (Inherit)", 438 | "request": { 439 | "method": "POST", 440 | "header": [ 441 | { 442 | "key": "Accept", 443 | "value": "application/json" 444 | }, 445 | { 446 | "key": "Content-Type", 447 | "value": "application/json" 448 | }, 449 | { 450 | "key": "X-Namespace", 451 | "value": "{{namespace}}" 452 | }, 453 | { 454 | "key": "Cookie", 455 | "value": "{{aporeto-token}}" 456 | } 457 | ], 458 | "body": { 459 | "mode": "raw", 460 | "raw": "{\"type\":\"CloudAccount\",\"name\":\"teste\"}" 461 | }, 462 | "url": { 463 | "raw": "https://{{aporeto-api-endpoint}}/namespaces", 464 | "protocol": "https", 465 | "host": [ 466 | "{{aporeto-api-endpoint}}" 467 | ], 468 | "path": [ 469 | "namespaces" 470 | ] 471 | } 472 | }, 473 | "response": [] 474 | }, 475 | { 476 | "name": "Create Group Level Namespace (Default Allow)", 477 | "request": { 478 | "method": "POST", 479 | "header": [ 480 | { 481 | "key": "Accept", 482 | "value": "application/json" 483 | }, 484 | { 485 | "key": "Content-Type", 486 | "value": "application/json" 487 | }, 488 | { 489 | "key": "X-Namespace", 490 | "value": "{{namespace}}" 491 | }, 492 | { 493 | "key": "Cookie", 494 | "value": "{{aporeto-token}}" 495 | } 496 | ], 497 | "body": { 498 | "mode": "raw", 499 | "raw": "{\"type\":\"Group\",\"defaultPUIncomingTrafficAction\":\"Allow\",\"defaultPUOutgoingTrafficAction\":\"Allow\",\"name\":\"teste\"}" 500 | }, 501 | "url": { 502 | "raw": "https://{{aporeto-api-endpoint}}/namespaces", 503 | "protocol": "https", 504 | "host": [ 505 | "{{aporeto-api-endpoint}}" 506 | ], 507 | "path": [ 508 | "namespaces" 509 | ] 510 | } 511 | }, 512 | "response": [] 513 | }, 514 | { 515 | "name": "Delete Namespace", 516 | "request": { 517 | "method": "DELETE", 518 | "header": [ 519 | { 520 | "key": "authority", 521 | "value": "{{aporeto-api-endpoint}}" 522 | }, 523 | { 524 | "key": "accept", 525 | "value": "application/json" 526 | }, 527 | { 528 | "key": "x-namespace", 529 | "value": "{{namespace}}" 530 | }, 531 | { 532 | "key": "cookie", 533 | "value": "{{aporeto-token}}" 534 | } 535 | ], 536 | "url": { 537 | "raw": "https://{{aporeto-api-endpoint}}/namespaces/[namespace-id]", 538 | "protocol": "https", 539 | "host": [ 540 | "{{aporeto-api-endpoint}}" 541 | ], 542 | "path": [ 543 | "namespaces", 544 | "[namespace-id]" 545 | ] 546 | } 547 | }, 548 | "response": [] 549 | }, 550 | { 551 | "name": "List Rulesets", 552 | "request": { 553 | "method": "GET", 554 | "header": [ 555 | { 556 | "key": "Accept", 557 | "value": "application/json" 558 | }, 559 | { 560 | "key": "X-Namespace", 561 | "value": "{{namespace}}" 562 | }, 563 | { 564 | "key": "Cookie", 565 | "value": "{{aporeto-token}}" 566 | } 567 | ], 568 | "url": { 569 | "raw": "https://{{aporeto-api-endpoint}}/networkrulesetpolicies?recursive=true&propagated=true", 570 | "protocol": "https", 571 | "host": [ 572 | "{{aporeto-api-endpoint}}" 573 | ], 574 | "path": [ 575 | "networkrulesetpolicies" 576 | ], 577 | "query": [ 578 | { 579 | "key": "limit", 580 | "value": "100", 581 | "disabled": true 582 | }, 583 | { 584 | "key": "recursive", 585 | "value": "true" 586 | }, 587 | { 588 | "key": "propagated", 589 | "value": "true" 590 | } 591 | ] 592 | } 593 | }, 594 | "response": [] 595 | }, 596 | { 597 | "name": "Create Ruleset", 598 | "request": { 599 | "method": "POST", 600 | "header": [ 601 | { 602 | "key": "Content-Type", 603 | "value": "application/json" 604 | }, 605 | { 606 | "key": "Accept", 607 | "value": "application/json" 608 | }, 609 | { 610 | "key": "Accept-Language", 611 | "value": "en-US,en;q=0.9" 612 | }, 613 | { 614 | "key": "X-Namespace", 615 | "value": "{{namespace}}" 616 | }, 617 | { 618 | "key": "Cookie", 619 | "value": "{{aporeto-token}}" 620 | } 621 | ], 622 | "body": { 623 | "mode": "raw", 624 | "raw": "{\"propagate\":true,\"name\":\"Allow_Internet\",\"subject\":[[\"@org:cloudaccount=\",\"@org:tenant=\"]],\"incomingRules\":[{\"action\":\"Allow\",\"object\":[[\"externalnetwork:name=Internet\"]],\"protocolPorts\":[\"tcp/80\"]}],\"outgoingRules\":[{\"action\":\"Allow\",\"object\":[[\"externalnetwork:name=Internet\"]],\"protocolPorts\":[\"tcp/80\"]}]}" 625 | }, 626 | "url": { 627 | "raw": "https://{{aporeto-api-endpoint}}/networkrulesetpolicies", 628 | "protocol": "https", 629 | "host": [ 630 | "{{aporeto-api-endpoint}}" 631 | ], 632 | "path": [ 633 | "networkrulesetpolicies" 634 | ] 635 | } 636 | }, 637 | "response": [] 638 | }, 639 | { 640 | "name": "Delete Ruleset", 641 | "request": { 642 | "method": "DELETE", 643 | "header": [ 644 | { 645 | "key": "Accept", 646 | "value": "application/json" 647 | }, 648 | { 649 | "key": "Accept-Language", 650 | "value": "en-US,en;q=0.9" 651 | }, 652 | { 653 | "key": "X-Namespace", 654 | "value": "{{namespace}}" 655 | }, 656 | { 657 | "key": "Cookie", 658 | "value": "{{aporeto-token}}" 659 | } 660 | ], 661 | "url": { 662 | "raw": "https://{{aporeto-api-endpoint}}/networkrulesetpolicies/[ruleset-id]", 663 | "protocol": "https", 664 | "host": [ 665 | "{{aporeto-api-endpoint}}" 666 | ], 667 | "path": [ 668 | "networkrulesetpolicies", 669 | "[ruleset-id]" 670 | ] 671 | } 672 | }, 673 | "response": [] 674 | }, 675 | { 676 | "name": "List External Networks", 677 | "request": { 678 | "method": "GET", 679 | "header": [ 680 | { 681 | "key": "Accept", 682 | "value": "application/json" 683 | }, 684 | { 685 | "key": "X-Namespace", 686 | "value": "{{namespace}}" 687 | }, 688 | { 689 | "key": "Cookie", 690 | "value": "{{aporeto-token}}" 691 | } 692 | ], 693 | "url": { 694 | "raw": "https://{{aporeto-api-endpoint}}/externalnetworks", 695 | "protocol": "https", 696 | "host": [ 697 | "{{aporeto-api-endpoint}}" 698 | ], 699 | "path": [ 700 | "externalnetworks" 701 | ], 702 | "query": [ 703 | { 704 | "key": "recursive", 705 | "value": "true", 706 | "disabled": true 707 | }, 708 | { 709 | "key": "propagated", 710 | "value": "true", 711 | "disabled": true 712 | } 713 | ] 714 | } 715 | }, 716 | "response": [] 717 | }, 718 | { 719 | "name": "Create External Network", 720 | "request": { 721 | "method": "POST", 722 | "header": [ 723 | { 724 | "key": "Content-Type", 725 | "value": "application/json" 726 | }, 727 | { 728 | "key": "Accept", 729 | "value": "application/json" 730 | }, 731 | { 732 | "key": "X-Namespace", 733 | "value": "{{namespace}}" 734 | }, 735 | { 736 | "key": "Cookie", 737 | "value": "{{aporeto-token}}" 738 | } 739 | ], 740 | "body": { 741 | "mode": "raw", 742 | "raw": "{\"propagate\":true,\"name\":\"Teste\",\"entries\":[\"0.0.0.0/0\"],\"associatedTags\":[\"externalnetwork:name=Teste\"]}" 743 | }, 744 | "url": { 745 | "raw": "https://{{aporeto-api-endpoint}}/externalnetworks", 746 | "protocol": "https", 747 | "host": [ 748 | "{{aporeto-api-endpoint}}" 749 | ], 750 | "path": [ 751 | "externalnetworks" 752 | ] 753 | } 754 | }, 755 | "response": [] 756 | }, 757 | { 758 | "name": "Delete External Network", 759 | "request": { 760 | "method": "DELETE", 761 | "header": [ 762 | { 763 | "key": "Accept", 764 | "value": "application/json" 765 | }, 766 | { 767 | "key": "Accept-Language", 768 | "value": "en-US,en;q=0.9" 769 | }, 770 | { 771 | "key": "X-Namespace", 772 | "value": "{{namespace}}" 773 | }, 774 | { 775 | "key": "Cookie", 776 | "value": "{{aporeto-token}}" 777 | } 778 | ], 779 | "url": { 780 | "raw": "https://{{aporeto-api-endpoint}}/externalnetworks/[externalnetworks-id]", 781 | "protocol": "https", 782 | "host": [ 783 | "{{aporeto-api-endpoint}}" 784 | ], 785 | "path": [ 786 | "externalnetworks", 787 | "[externalnetworks-id]" 788 | ] 789 | } 790 | }, 791 | "response": [] 792 | } 793 | ] 794 | }, 795 | { 796 | "name": "Processing Units", 797 | "item": [ 798 | { 799 | "name": "List Processing Units", 800 | "request": { 801 | "method": "GET", 802 | "header": [ 803 | { 804 | "key": "Accept", 805 | "value": "*/*" 806 | }, 807 | { 808 | "key": "X-Namespace", 809 | "value": "{{namespace}}", 810 | "type": "text" 811 | } 812 | ], 813 | "url": { 814 | "raw": "https://{{aporeto-api-endpoint}}/processingunits?limit=100&recursive=true", 815 | "protocol": "https", 816 | "host": [ 817 | "{{aporeto-api-endpoint}}" 818 | ], 819 | "path": [ 820 | "processingunits" 821 | ], 822 | "query": [ 823 | { 824 | "key": "limit", 825 | "value": "100" 826 | }, 827 | { 828 | "key": "q", 829 | "value": "operationalStatus+%3D%3D+Running", 830 | "disabled": true 831 | }, 832 | { 833 | "key": "recursive", 834 | "value": "true" 835 | } 836 | ] 837 | } 838 | }, 839 | "response": [] 840 | }, 841 | { 842 | "name": "Processing Units affected by a ruleset", 843 | "request": { 844 | "method": "GET", 845 | "header": [ 846 | { 847 | "key": "Accept", 848 | "value": "*/*", 849 | "type": "text" 850 | }, 851 | { 852 | "key": "X-Namespace", 853 | "value": "{{namespace}}", 854 | "type": "text" 855 | } 856 | ], 857 | "url": { 858 | "raw": "https://{{aporeto-api-endpoint}}/networkrulesetpolicies/[ruleset-id]/processingunits", 859 | "protocol": "https", 860 | "host": [ 861 | "{{aporeto-api-endpoint}}" 862 | ], 863 | "path": [ 864 | "networkrulesetpolicies", 865 | "[ruleset-id]", 866 | "processingunits" 867 | ], 868 | "query": [ 869 | { 870 | "key": "recursive", 871 | "value": "true", 872 | "disabled": true 873 | } 874 | ] 875 | } 876 | }, 877 | "response": [] 878 | } 879 | ] 880 | }, 881 | { 882 | "name": "Monitoring", 883 | "item": [ 884 | { 885 | "name": "List Activities (audit logs)", 886 | "request": { 887 | "method": "GET", 888 | "header": [ 889 | { 890 | "key": "Accept", 891 | "value": "application/json" 892 | }, 893 | { 894 | "key": "X-Namespace", 895 | "value": "{{namespace}}" 896 | }, 897 | { 898 | "key": "Cookie", 899 | "value": "{{aporeto-token}}" 900 | } 901 | ], 902 | "url": { 903 | "raw": "https://{{aporeto-api-endpoint}}/activities?limit=100&order=-date&recursive=true", 904 | "protocol": "https", 905 | "host": [ 906 | "{{aporeto-api-endpoint}}" 907 | ], 908 | "path": [ 909 | "activities" 910 | ], 911 | "query": [ 912 | { 913 | "key": "limit", 914 | "value": "100" 915 | }, 916 | { 917 | "key": "order", 918 | "value": "-date" 919 | }, 920 | { 921 | "key": "recursive", 922 | "value": "true" 923 | } 924 | ] 925 | } 926 | }, 927 | "response": [] 928 | }, 929 | { 930 | "name": "List Alarms", 931 | "request": { 932 | "method": "GET", 933 | "header": [ 934 | { 935 | "key": "Accept", 936 | "value": "application/json" 937 | }, 938 | { 939 | "key": "X-Namespace", 940 | "value": "{{namespace}}" 941 | }, 942 | { 943 | "key": "Cookie", 944 | "value": "{{aporeto-token}}" 945 | } 946 | ], 947 | "url": { 948 | "raw": "https://{{aporeto-api-endpoint}}/alarms?limit=100&recursive=true", 949 | "protocol": "https", 950 | "host": [ 951 | "{{aporeto-api-endpoint}}" 952 | ], 953 | "path": [ 954 | "alarms" 955 | ], 956 | "query": [ 957 | { 958 | "key": "limit", 959 | "value": "100" 960 | }, 961 | { 962 | "key": "recursive", 963 | "value": "true" 964 | } 965 | ] 966 | } 967 | }, 968 | "response": [] 969 | } 970 | ] 971 | }, 972 | { 973 | "name": "Credentials", 974 | "item": [ 975 | { 976 | "name": "List App Credentials", 977 | "request": { 978 | "method": "GET", 979 | "header": [ 980 | { 981 | "key": "Accept", 982 | "value": "application/json" 983 | }, 984 | { 985 | "key": "X-Namespace", 986 | "value": "{{namespace}}" 987 | }, 988 | { 989 | "key": "Cookie", 990 | "value": "{{aporeto-token}}" 991 | } 992 | ], 993 | "url": { 994 | "raw": "https://{{aporeto-api-endpoint}}/appcredentials?limit=100&recursive=true", 995 | "protocol": "https", 996 | "host": [ 997 | "{{aporeto-api-endpoint}}" 998 | ], 999 | "path": [ 1000 | "appcredentials" 1001 | ], 1002 | "query": [ 1003 | { 1004 | "key": "limit", 1005 | "value": "100" 1006 | }, 1007 | { 1008 | "key": "recursive", 1009 | "value": "true" 1010 | } 1011 | ] 1012 | } 1013 | }, 1014 | "response": [] 1015 | }, 1016 | { 1017 | "name": "Create App Credential", 1018 | "request": { 1019 | "method": "POST", 1020 | "header": [ 1021 | { 1022 | "key": "Content-Type", 1023 | "value": "application/json" 1024 | }, 1025 | { 1026 | "key": "Accept", 1027 | "value": "application/json" 1028 | }, 1029 | { 1030 | "key": "X-Namespace", 1031 | "value": "{{namespace}}" 1032 | }, 1033 | { 1034 | "key": "Cookie", 1035 | "value": "{{aporeto-token}}" 1036 | } 1037 | ], 1038 | "body": { 1039 | "mode": "raw", 1040 | "raw": "{\"name\":\"AppCred\",\"roles\":[\"@auth:role=namespace.administrator\"],\"CSR\":\"\"}" 1041 | }, 1042 | "url": { 1043 | "raw": "https://api.east-01.network.prismacloud.io/appcredentials", 1044 | "protocol": "https", 1045 | "host": [ 1046 | "api", 1047 | "east-01", 1048 | "network", 1049 | "prismacloud", 1050 | "io" 1051 | ], 1052 | "path": [ 1053 | "appcredentials" 1054 | ] 1055 | } 1056 | }, 1057 | "response": [] 1058 | }, 1059 | { 1060 | "name": "Delete App Credential", 1061 | "request": { 1062 | "method": "DELETE", 1063 | "header": [ 1064 | { 1065 | "key": "Accept", 1066 | "value": "application/json" 1067 | }, 1068 | { 1069 | "key": "X-Namespace", 1070 | "value": "/859809532107743232/demo-cloud-account/GKE_Demo" 1071 | }, 1072 | { 1073 | "key": "Cookie", 1074 | "value": "{{aporeto-token}}" 1075 | } 1076 | ], 1077 | "url": { 1078 | "raw": "https://{{aporeto-api-endpoint}}/appcredentials/[appcredential-id]", 1079 | "protocol": "https", 1080 | "host": [ 1081 | "{{aporeto-api-endpoint}}" 1082 | ], 1083 | "path": [ 1084 | "appcredentials", 1085 | "[appcredential-id]" 1086 | ] 1087 | } 1088 | }, 1089 | "response": [] 1090 | } 1091 | ] 1092 | }, 1093 | { 1094 | "name": "Logs", 1095 | "item": [ 1096 | { 1097 | "name": "Export Flow Logs", 1098 | "request": { 1099 | "method": "POST", 1100 | "header": [ 1101 | { 1102 | "key": "authority", 1103 | "value": "{{aporeto-api-endpoint}}" 1104 | }, 1105 | { 1106 | "key": "content-type", 1107 | "value": "application/json" 1108 | }, 1109 | { 1110 | "key": "accept", 1111 | "value": "application/json" 1112 | }, 1113 | { 1114 | "key": "accept-language", 1115 | "value": "en-US,en;q=0.9" 1116 | }, 1117 | { 1118 | "key": "x-namespace", 1119 | "value": "{{namespace}}" 1120 | }, 1121 | { 1122 | "key": "cookie", 1123 | "value": "{{aporeto-token}}" 1124 | } 1125 | ], 1126 | "body": { 1127 | "mode": "raw", 1128 | "raw": "{\"report\":\"Flows\"}" 1129 | }, 1130 | "url": { 1131 | "raw": "https://{{aporeto-api-endpoint}}/reportsqueries?recursive=true&order=-timestamp&startRelative=1h", 1132 | "protocol": "https", 1133 | "host": [ 1134 | "{{aporeto-api-endpoint}}" 1135 | ], 1136 | "path": [ 1137 | "reportsqueries" 1138 | ], 1139 | "query": [ 1140 | { 1141 | "key": "recursive", 1142 | "value": "true" 1143 | }, 1144 | { 1145 | "key": "limit", 1146 | "value": "100", 1147 | "disabled": true 1148 | }, 1149 | { 1150 | "key": "order", 1151 | "value": "-timestamp" 1152 | }, 1153 | { 1154 | "key": "startRelative", 1155 | "value": "1h" 1156 | } 1157 | ] 1158 | } 1159 | }, 1160 | "response": [] 1161 | }, 1162 | { 1163 | "name": "Export Event Logs", 1164 | "request": { 1165 | "method": "POST", 1166 | "header": [ 1167 | { 1168 | "key": "authority", 1169 | "value": "{{aporeto-api-endpoint}}" 1170 | }, 1171 | { 1172 | "key": "content-type", 1173 | "value": "application/json" 1174 | }, 1175 | { 1176 | "key": "accept", 1177 | "value": "application/json" 1178 | }, 1179 | { 1180 | "key": "accept-language", 1181 | "value": "en-US,en;q=0.9" 1182 | }, 1183 | { 1184 | "key": "x-namespace", 1185 | "value": "{{namespace}}" 1186 | }, 1187 | { 1188 | "key": "cookie", 1189 | "value": "{{aporeto-token}}" 1190 | } 1191 | ], 1192 | "body": { 1193 | "mode": "raw", 1194 | "raw": "{\"report\":\"EventLogs\"}" 1195 | }, 1196 | "url": { 1197 | "raw": "https://{{aporeto-api-endpoint}}/reportsqueries?recursive=true&order=-timestamp&startRelative=1h", 1198 | "protocol": "https", 1199 | "host": [ 1200 | "{{aporeto-api-endpoint}}" 1201 | ], 1202 | "path": [ 1203 | "reportsqueries" 1204 | ], 1205 | "query": [ 1206 | { 1207 | "key": "recursive", 1208 | "value": "true" 1209 | }, 1210 | { 1211 | "key": "limit", 1212 | "value": "100", 1213 | "disabled": true 1214 | }, 1215 | { 1216 | "key": "order", 1217 | "value": "-timestamp" 1218 | }, 1219 | { 1220 | "key": "startRelative", 1221 | "value": "1h" 1222 | } 1223 | ] 1224 | } 1225 | }, 1226 | "response": [] 1227 | }, 1228 | { 1229 | "name": "Export Enforcer Logs", 1230 | "request": { 1231 | "method": "POST", 1232 | "header": [ 1233 | { 1234 | "key": "authority", 1235 | "value": "{{aporeto-api-endpoint}}" 1236 | }, 1237 | { 1238 | "key": "content-type", 1239 | "value": "application/json" 1240 | }, 1241 | { 1242 | "key": "accept", 1243 | "value": "application/json" 1244 | }, 1245 | { 1246 | "key": "accept-language", 1247 | "value": "en-US,en;q=0.9" 1248 | }, 1249 | { 1250 | "key": "x-namespace", 1251 | "value": "{{namespace}}" 1252 | }, 1253 | { 1254 | "key": "cookie", 1255 | "value": "{{aporeto-token}}" 1256 | } 1257 | ], 1258 | "body": { 1259 | "mode": "raw", 1260 | "raw": "{\"report\":\"Enforcers\"}" 1261 | }, 1262 | "url": { 1263 | "raw": "https://{{aporeto-api-endpoint}}/reportsqueries?recursive=true&order=-timestamp&startRelative=1h", 1264 | "protocol": "https", 1265 | "host": [ 1266 | "{{aporeto-api-endpoint}}" 1267 | ], 1268 | "path": [ 1269 | "reportsqueries" 1270 | ], 1271 | "query": [ 1272 | { 1273 | "key": "recursive", 1274 | "value": "true" 1275 | }, 1276 | { 1277 | "key": "limit", 1278 | "value": "100", 1279 | "disabled": true 1280 | }, 1281 | { 1282 | "key": "order", 1283 | "value": "-timestamp" 1284 | }, 1285 | { 1286 | "key": "startRelative", 1287 | "value": "1h" 1288 | } 1289 | ] 1290 | } 1291 | }, 1292 | "response": [] 1293 | } 1294 | ] 1295 | }, 1296 | { 1297 | "name": "Backup", 1298 | "item": [ 1299 | { 1300 | "name": "Export Configuration", 1301 | "request": { 1302 | "method": "POST", 1303 | "header": [ 1304 | { 1305 | "key": "Content-Type", 1306 | "value": "application/json" 1307 | }, 1308 | { 1309 | "key": "Accept", 1310 | "value": "application/json" 1311 | }, 1312 | { 1313 | "key": "X-Namespace", 1314 | "value": "{{namespace}}" 1315 | }, 1316 | { 1317 | "key": "Cookie", 1318 | "value": "{{aporeto-token}}" 1319 | } 1320 | ], 1321 | "body": { 1322 | "mode": "raw", 1323 | "raw": "{\"identities\":[\"networkrulesetpolicy\",\"enforcerprofile\",\"enforcerprofilemappingpolicy\",\"apiauthorizationpolicy\",\"externalnetwork\"],\"label\": \"Backup\"}" 1324 | }, 1325 | "url": { 1326 | "raw": "https://{{aporeto-api-endpoint}}/export", 1327 | "protocol": "https", 1328 | "host": [ 1329 | "{{aporeto-api-endpoint}}" 1330 | ], 1331 | "path": [ 1332 | "export" 1333 | ] 1334 | } 1335 | }, 1336 | "response": [] 1337 | }, 1338 | { 1339 | "name": "Import Configuration", 1340 | "request": { 1341 | "method": "POST", 1342 | "header": [ 1343 | { 1344 | "key": "Content-Type", 1345 | "value": "application/json" 1346 | }, 1347 | { 1348 | "key": "Accept", 1349 | "value": "application/json" 1350 | }, 1351 | { 1352 | "key": "X-Namespace", 1353 | "value": "{{namespace}}" 1354 | }, 1355 | { 1356 | "key": "Cookie", 1357 | "value": "{{aporeto-token}}" 1358 | } 1359 | ], 1360 | "body": { 1361 | "mode": "raw", 1362 | "raw": "{\"data\":{Exported file content}}" 1363 | }, 1364 | "url": { 1365 | "raw": "https://{{aporeto-api-endpoint}}/import", 1366 | "protocol": "https", 1367 | "host": [ 1368 | "{{aporeto-api-endpoint}}" 1369 | ], 1370 | "path": [ 1371 | "import" 1372 | ] 1373 | } 1374 | }, 1375 | "response": [] 1376 | } 1377 | ] 1378 | } 1379 | ] 1380 | } -------------------------------------------------------------------------------- /Images/Env1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/pcs-postman/713991d7984f266e49abeb35e5826211d3075a85/Images/Env1.png -------------------------------------------------------------------------------- /Images/Env2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/pcs-postman/713991d7984f266e49abeb35e5826211d3075a85/Images/Env2.png -------------------------------------------------------------------------------- /Images/Env3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/pcs-postman/713991d7984f266e49abeb35e5826211d3075a85/Images/Env3.png -------------------------------------------------------------------------------- /Images/Import1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/pcs-postman/713991d7984f266e49abeb35e5826211d3075a85/Images/Import1.png -------------------------------------------------------------------------------- /Images/Import2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/pcs-postman/713991d7984f266e49abeb35e5826211d3075a85/Images/Import2.png -------------------------------------------------------------------------------- /Images/Import3-ori.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/pcs-postman/713991d7984f266e49abeb35e5826211d3075a85/Images/Import3-ori.png -------------------------------------------------------------------------------- /Images/import3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/pcs-postman/713991d7984f266e49abeb35e5826211d3075a85/Images/import3.png -------------------------------------------------------------------------------- /Images/userpassafter.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/pcs-postman/713991d7984f266e49abeb35e5826211d3075a85/Images/userpassafter.png -------------------------------------------------------------------------------- /Images/userpassbefore.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/pcs-postman/713991d7984f266e49abeb35e5826211d3075a85/Images/userpassbefore.png -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | ISC License 2 | 3 | Copyright (c) 2020, Palo Alto Networks Inc. 4 | 5 | Permission to use, copy, modify, and/or distribute this software for any 6 | purpose with or without fee is hereby granted, provided that the above 7 | copyright notice and this permission notice appear in all copies. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | -------------------------------------------------------------------------------- /Prisma Cloud.postman_environment.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "1cbc93ae-a7f5-4d05-8dcf-873069179b59", 3 | "name": "Prisma Cloud", 4 | "values": [ 5 | { 6 | "key": "api-endpoint", 7 | "value": "api.prismacloud.io", 8 | "enabled": true 9 | }, 10 | { 11 | "key": "token", 12 | "value": "", 13 | "enabled": true 14 | }, 15 | { 16 | "key": "compute-api-endpoint", 17 | "value": "https://us-east1.cloud.twistlock.com/us-1-123456789", 18 | "enabled": true 19 | }, 20 | { 21 | "key": "compute-token", 22 | "value": "", 23 | "enabled": true 24 | }, 25 | { 26 | "key": "api-version", 27 | "value": "v1", 28 | "enabled": true 29 | }, 30 | { 31 | "key": "console-port", 32 | "value": "", 33 | "enabled": true 34 | }, 35 | { 36 | "key": "aporeto-api-endpoint", 37 | "value": "api.east-01.network.prismacloud.io", 38 | "enabled": true 39 | }, 40 | { 41 | "key": "namespace", 42 | "value": "", 43 | "enabled": true 44 | }, 45 | { 46 | "key": "aporeto-token", 47 | "value": "", 48 | "enabled": true 49 | }, 50 | { 51 | "key": "ACCESS_KEY", 52 | "value": "", 53 | "enabled": true 54 | }, 55 | { 56 | "key": "SECRET_KEY", 57 | "value": "", 58 | "enabled": true 59 | }, 60 | { 61 | "key": "PRISMA_ID", 62 | "value": "", 63 | "type": "default", 64 | "enabled": true 65 | }, 66 | { 67 | "key": "user-email", 68 | "value": "", 69 | "type": "default", 70 | "enabled": true 71 | }, 72 | { 73 | "key": "ACCOUNT_GROUP", 74 | "value": "", 75 | "type": "default", 76 | "enabled": true 77 | }, 78 | { 79 | "key": "statusUri", 80 | "value": "", 81 | "type": "default", 82 | "enabled": true 83 | }, 84 | { 85 | "key": "downloadUri", 86 | "value": "", 87 | "type": "default", 88 | "enabled": true 89 | } 90 | ], 91 | "_postman_variable_scope": "environment", 92 | "_postman_exported_at": "2021-08-06T17:08:02.133Z", 93 | "_postman_exported_using": "Postman/8.10.0" 94 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Instructions 2 | 3 | The following paragraphs detail how to setup the manually maintained Postman Collections and required Environment Variables for Prisma Cloud API requests. 4 | 5 | ## Setup steps 6 | - [Import the 4 files](https://learning.postman.com/docs/getting-started/importing-and-exporting-data/) in root of this repo (3 Collections and 1 Environment) into Postman. 7 | ![Import](./Images/Import1.png) 8 | ![Drop folders](./Images/Import2.png) 9 | ![Select files](./Images/import3.png) 10 | 11 | 12 | - Set the [Postman Environment variables](https://learning.postman.com/docs/sending-requests/variables/). You will need to set: 13 | - api-endpoint 14 | - compute-api-endpoint 15 | - aporeto-api-endpoint 16 | - namespace 17 | - ACCESS_KEY 18 | - SECRET_KEY 19 | 20 | 21 | ![1](./Images/Env1.png) 22 | 23 | ![2](./Images/Env2.png) 24 | 25 | ![3](./Images/Env3.png) 26 | 27 | - Populate the `compute-api-endpoint` environment variable. 28 | - Go to *Compute > Manage > System > Utilities*, and copy the string under **Path to Console** 29 | - The URL will look something like: 30 | `https://us-east1.cloud.twistlock.com/us-1-123456789` 31 | 32 | 33 | - Populate the `aporeto-api-endpoint` environment variable. 34 | - Click on the key icon at the bottom of any page on _Cloud Network Security_ 35 | - The URL will look something like : 36 | `https://api.east-01.network.prismacloud.io' 37 | 38 | 39 | - Populate the `api-enpoint` environment variable. 40 | - The Admin console you see when you log in determines the the API Endpoint. 41 | - The value that corresponds to your Admin console below should replace the **api-endpoint** variable. 42 | 43 | | Prisma Cloud Admin Console | `api-endpoint` | 44 | |--------------------------------|------------------------| 45 | | https://app.prismacloud.io | api.prismacloud.io | 46 | | https://app2.prismacloud.io | api2.prismacloud.io | 47 | | https://app3.prismacloud.io | api3.prismacloud.io | 48 | | https://app4.prismacloud.io | api4.prismacloud.io | 49 | | https://app.anz.prismacloud.io | api.anz.prismacloud.io | 50 | | https://app.eu.prismacloud.io | api.eu.prismacloud.io | 51 | | https://app2.eu.prismacloud.io | api2.eu.prismacloud.io | 52 | | https://app.gov.prismacloud.io | api.gov.prismacloud.io | 53 | | https://app.prismacloud.cn | api.prismacloud.cn | 54 | | https://app.ca.prismacloud.io | api.ca.prismacloud.io | 55 | | https://app.sg.prismacloud.io | api.sg.prismacloud.io | 56 | 57 | *The rest of the variables shouldn't need to be altered, and are either auto-generated or for future or other scenarios* 58 | 59 | 60 | - A sample populated Environment **before** generating any JWT tokens might look like as follows: 61 | 62 | | Postman Variable | Use | Value/Example | 63 | |--------------------------|---------------------------------------------------------------------|-------------------------------------------------------| 64 | | `api-endpoint` | Main API endpoint for Prisma Cloud requests | api.prismacloud.io | 65 | | `token` | JWT token auto-generated after the /login request | | 66 | | `compute-api-endpoint` | API endpoint for all things within the Compute tab | `https://us-east1.cloud.twistlock.com/us-1-123456789` | 67 | | `compute-token` | JWT token auto-generated after the Compute /authenticate request | | 68 | | `api-version` | Used only for the Compute collection for future API versions | v1 | 69 | | `console-port` | Used only for self-hosted versions of the Compute Console | | 70 | | `aporeto-api-endpoint` | API endpoint for all things within the Microsegmentation tab | `https://api.east-01.network.prismacloud.io` | 71 | | `aporeto-token` | JWT token auto-generated after the Microsegmentation /issue request | | 72 | | `namespace` | The namespace on CNS where you will be operating | /859889522116745232/my-cloud-account/Application | 73 | 74 | ## Advanced Postman scenarios using Collection Runner 75 | 76 | In the **Collection_Runner** folder, there are specific examples for use-cases where using Postman's Collection Runner makes sense. These runners provide an easy way to iterate through files and perform bulk API calls. More instructions can be found in in the README within [this folder](https://github.com/PaloAltoNetworks/pcs-postman/tree/main/Collection_Runner). 77 | 78 | **That's it!** 79 | 80 | The Collections are not fully complete, so if you find a request that hasn't been created (or needs to be updated) please feel free to submit a PR. 81 | 82 | ## Notes 83 | ### Accessing Multiple Tenants 84 | You can easily switch between Prisma Cloud Tenants by creating multiple Environments. To do this just import the `Prisma Cloud.postman_environment.json` file again and set the new api endpoints and credentials. Be sure to change the environment name so you can tell your environments apart! 85 | -------------------------------------------------------------------------------- /SUPPORT.md: -------------------------------------------------------------------------------- 1 | # Community Supported 2 | This template/solution is released under an as-is, best effort, support policy. These scripts should be seen as community supported and Palo Alto Networks will contribute our expertise as and when possible. We do not provide technical support or help in using or troubleshooting the components of the project through our normal support options such as Palo Alto Networks support teams, or ASC (Authorized Support Centers) partners and backline support options. The underlying product used (Prisma Cloud) by the scripts or templates are still supported, but the support is only for the product functionality and not for help in deploying or using the template or script itself. 3 | 4 | Unless explicitly tagged, all projects or work posted in our GitHub repository (at https://github.com/PaloAltoNetworks) or sites other than our official Downloads page on https://support.paloaltonetworks.com are provided under the best effort policy. 5 | --------------------------------------------------------------------------------