From ff199f6d05e0db9d83fcaf15c61672338feff2a5 Mon Sep 17 00:00:00 2001 From: michalbil Date: Thu, 24 Oct 2024 15:03:05 +0200 Subject: [PATCH 1/4] feat(specs): Add antivirus security profile --- .../profiles/security-profile-antivirus.yaml | 413 ++++++++++++++++++ 1 file changed, 413 insertions(+) create mode 100644 specs/objects/profiles/security-profile-antivirus.yaml diff --git a/specs/objects/profiles/security-profile-antivirus.yaml b/specs/objects/profiles/security-profile-antivirus.yaml new file mode 100644 index 00000000..f9e6ef12 --- /dev/null +++ b/specs/objects/profiles/security-profile-antivirus.yaml @@ -0,0 +1,413 @@ +name: "Antivirus security profile" +terraform_provider_config: + suffix: "security_profile_antivirus" +go_sdk_config: + package: + - "objects" + - "profiles" + - "antivirus" +xpath_suffix: + - "virus" +locations: + - name: "shared" + description: "Shared object." + devices: + - panorama + - ngfw + xpath: + path: ["config", "shared"] + - name: "vsys" + description: "Located in a specific vsys." + devices: + - panorama + - ngfw + xpath: + path: + - "config" + - "devices" + - "$ngfw_device" + - "vsys" + - "$vsys" + vars: + - name: "ngfw_device" + description: "The NGFW device." + default: "localhost.localdomain" + - name: "vsys" + description: "The vsys." + default: "vsys1" + validators: + - type: not-values + spec: + values: + - value: "shared" + error: 'The vsys cannot be "shared". Use the "shared" path instead.' + - name: "from_panorama_shared" + description: "Shared object in the config pushed from Panorama." + read_only: true + devices: + - ngfw + xpath: + path: + - "config" + - "panorama" + - "shared" + - name: "from_panorama_vsys" + description: "Located in a specific vsys in the config pushed from Panorama." + read_only: true + devices: + - ngfw + xpath: + path: + - "config" + - "panorama" + - "vsys" + - "$vsys" + vars: + - name: "vsys" + description: "The vsys." + default: "vsys1" + validators: + - type: not-values + spec: + values: + - value: "shared" + error: 'The vsys cannot be "shared". Use the "shared" path instead.' + - name: "device_group" + description: "Located in a specific device group." + devices: + - panorama + xpath: + path: + - "config" + - "devices" + - "$panorama_device" + - "device-group" + - "$device_group" + vars: + - name: "panorama_device" + description: "The panorama device." + default: "localhost.localdomain" + - name: "device_group" + description: "The device group." + required: true + validators: + - type: not-values + spec: + values: + - value: "shared" + error: 'The device group cannot be "shared". Use the "shared" path instead.' +entries: + - name: name + description: "The name of the antivirus profile." + validators: + - type: length + spec: + min: 1 + max: 31 + - type: regexp + spec: + expr: "^[ 0-9a-zA-Z._-]$" +version: "10.1.0" +spec: + params: + - name: description + description: "Profile description." + type: string + profiles: + - xpath: ["description"] + validators: + - type: length + spec: + # min: 0 + max: 255 + - name: packet-capture + description: "Enable packet capture." + type: bool + profiles: + - xpath: ["packet-capture"] + - name: mlav-engine-filebased-enabled + description: "Machine learining models." + codegen_overrides: + terraform: + name: machine-learning-models + type: list + profiles: + - xpath: ["mlav-engine-filebased-enabled"] + type: entry + spec: + items: + type: object + spec: + params: + # - name: name + # description: "Model name." + # required: true + # type: string + # profiles: + # - xpath: ["name"] + # validators: + # - type: length + # spec: + # # min: 1 + # max: 128 + - name: mlav-policy-action + description: "Action setting. Valid values are: `enable`, `enable(alert-only)`, `disable`." + codegen_overrides: + terraform: + name: action + type: enum + profiles: + - xpath: ["mlav-policy-action"] + validators: + - type: values + spec: + values: ["enable", "enable(alert-only)", "disable",] + spec: + values: + [ + { value: "enable" }, + { value: "enable(alert-only)" }, + { value: "disable" }, + ] + - name: decoder + description: "Protocol decoders." + codegen_overrides: + terraform: + name: decoders + type: list + profiles: + - xpath: ["decoder"] + type: entry + spec: + items: + type: object + spec: + params: + # - name: name + # description: "Protocol name." + # required: true + # type: string + # validators: + # - type: length + # spec: + # # min: 1 + # max: 31 + # - type: regexp + # spec: + # expr: "^[ 0-9a-zA-Z._-]$" + - name: action + description: "Action for standard antivirus signatures. Valid values are: `default` (default), `allow`, `alert`, `drop`, `reset-client`, `reset-server`, or `reset-both`." + type: enum + profiles: + - xpath: ["action"] + validators: + - type: values + spec: + values: + [ + "default", + "allow", + "alert", + "drop", + "reset-client", + "reset-server", + "reset-both", + ] + spec: + default: "default" + values: + [ + { value: default }, + { value: allow }, + { value: alert }, + { value: drop }, + { value: reset-client }, + { value: reset-server }, + { value: reset-both }, + ] + - name: wildfire-action + description: "Action for signatures generated by the WildFire system. Valid values are: `default` (default), `allow`, `alert`, `drop`, `reset-client`, `reset-server`, or `reset-both`." + type: enum + profiles: + - xpath: ["wildfire-action"] + validators: + - type: values + spec: + values: + [ + "default", + "allow", + "alert", + "drop", + "reset-client", + "reset-server", + "reset-both", + ] + spec: + default: "default" + values: + [ + { value: default }, + { value: allow }, + { value: alert }, + { value: drop }, + { value: reset-client }, + { value: reset-server }, + { value: reset-both }, + ] + - name: mlav-action + description: "Action for malicious threats detected in real-time by the WildFire Inline ML models. Valid values are: `default` (default), `allow`, `alert`, `drop`, `reset-client`, `reset-server`, or `reset-both`." + codegen_overrides: + terraform: + name: ml-action + type: enum + profiles: + - xpath: ["mlav-action"] + validators: + - type: values + spec: + values: + [ + "default", + "allow", + "alert", + "drop", + "reset-client", + "reset-server", + "reset-both", + ] + spec: + default: "default" + values: + [ + { value: default }, + { value: allow }, + { value: alert }, + { value: drop }, + { value: reset-client }, + { value: reset-server }, + { value: reset-both }, + ] + - name: application + description: "Application exceptions." + codegen_overrides: + terraform: + name: application-exceptions + type: list + profiles: + - xpath: ["application"] + type: entry + spec: + items: + type: object + spec: + params: + # - name: name + # description: "Application name." + # required: true + # type: string + # profiles: + # - xpath: ["name"] + # validators: + # - type: length + # spec: + # # min: 1 + # max: 31 + # - type: regexp + # spec: + # expr: "^[ 0-9a-zA-Z._-]$" + - name: action + description: "Action for application exception. Valid values are: `default` (default), `allow`, `alert`, `drop`, `reset-client`, `reset-server`, or `reset-both`." + type: enum + profiles: + - xpath: ["action"] + validators: + - type: values + spec: + values: + [ + "default", + "allow", + "alert", + "drop", + "reset-client", + "reset-server", + "reset-both", + ] + spec: + default: "default" + values: + [ + { value: default }, + { value: allow }, + { value: alert }, + { value: drop }, + { value: reset-client }, + { value: reset-server }, + { value: reset-both }, + ] + - name: threat-exception + description: "Exceptions for specific threats." + codegen_overrides: + terraform: + name: threat-exceptions + type: list + profiles: + - xpath: ["threat-exception"] + type: entry + validators: + - type: count + spec: + max: 99 + spec: + items: + type: string + validators: + - type: regexp + spec: + expr: "^[0-9]+$" + profiles: + - type: member + xpath: ["name"] + - name: mlav-exception + description: "Exceptions for ML based" + codegen_overrides: + terraform: + name: machine-learning-exceptions + type: list + profiles: + - xpath: ["mlav-exception"] + type: entry + validators: + - type: count + spec: + max: 999 + spec: + items: + type: object + spec: + params: + # - name: name + # description: "Partial hash." + # required: true + # type: string + - name: filename + description: "Name of the file." + type: string + validators: + - type: length + spec: + min: 0 + max: 255 + profiles: + - xpath: ["filename"] + - name: description + description: "Exception description." + type: string + validators: + - type: length + spec: + min: 0 + max: 255 + profiles: + - xpath: ["description"] From 6dc6220c36a19eeeaf91f50b6c2f8fc11c73670a Mon Sep 17 00:00:00 2001 From: Krzysztof Klimonda Date: Thu, 24 Oct 2024 17:28:16 +0200 Subject: [PATCH 2/4] Fix codegen for overridden list names From e8e0ee05a57b118938898832c48c152d3e672625 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Bilski?= Date: Tue, 17 Dec 2024 03:24:57 +0100 Subject: [PATCH 3/4] Update spec with autogenerated one --- .../profiles/security-profile-antivirus.yaml | 802 +++++++++--------- specs/objects/security-profile-antivirus.yaml | 333 -------- 2 files changed, 404 insertions(+), 731 deletions(-) delete mode 100644 specs/objects/security-profile-antivirus.yaml diff --git a/specs/objects/profiles/security-profile-antivirus.yaml b/specs/objects/profiles/security-profile-antivirus.yaml index f9e6ef12..0de0f55e 100644 --- a/specs/objects/profiles/security-profile-antivirus.yaml +++ b/specs/objects/profiles/security-profile-antivirus.yaml @@ -1,413 +1,419 @@ -name: "Antivirus security profile" +name: security-profile-antivirus terraform_provider_config: - suffix: "security_profile_antivirus" + description: Antivirus security profile + skip_resource: false + skip_datasource: false + resource_type: entry + resource_variants: + - singular + suffix: security_profile_antivirus + plural_suffix: '' + plural_name: '' + plural_description: '' go_sdk_config: + skip: false package: - - "objects" - - "profiles" - - "antivirus" + - objects + - profiles + - antivirus xpath_suffix: - - "virus" +- virus locations: - - name: "shared" - description: "Shared object." - devices: - - panorama - - ngfw - xpath: - path: ["config", "shared"] - - name: "vsys" - description: "Located in a specific vsys." - devices: - - panorama - - ngfw - xpath: - path: - - "config" - - "devices" - - "$ngfw_device" - - "vsys" - - "$vsys" - vars: - - name: "ngfw_device" - description: "The NGFW device." - default: "localhost.localdomain" - - name: "vsys" - description: "The vsys." - default: "vsys1" - validators: - - type: not-values +- name: shared + xpath: + path: + - config + - shared + vars: [] + description: Panorama shared object + devices: + - panorama + - ngfw + validators: [] + required: false + read_only: false +- name: vsys + xpath: + path: + - config + - devices + - $ngfw_device + - vsys + - $vsys + vars: + - name: ngfw_device + description: The NGFW device name + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: vsys + description: The Virtual System name + required: false + default: vsys1 + validators: + - type: not-values + spec: + values: + - value: shared + error: The vsys name cannot be "shared". Use the "shared" location instead + type: entry + description: Located in a specific Virtual System + devices: + - ngfw + - panorama + validators: [] + required: false + read_only: false +- name: device-group + xpath: + path: + - config + - devices + - $panorama_device + - device-group + - $device_group + vars: + - name: panorama_device + description: Panorama device name + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: device_group + description: Device Group name + required: true + validators: + - type: not-values + spec: + values: + - value: shared + error: The device group name cannot be "shared". Use the "shared" location + instead + type: entry + description: Located in a specific Device Group + devices: + - panorama + validators: [] + required: false + read_only: false +entries: +- name: name + description: '' + validators: [] +imports: [] +spec: + params: + - name: application + type: list + profiles: + - xpath: + - application + - entry + type: entry + validators: [] + spec: + type: object + items: + type: object + spec: + params: + - name: action + type: enum + profiles: + - xpath: + - action + validators: + - type: values spec: values: - - value: "shared" - error: 'The vsys cannot be "shared". Use the "shared" path instead.' - - name: "from_panorama_shared" - description: "Shared object in the config pushed from Panorama." - read_only: true - devices: - - ngfw - xpath: - path: - - "config" - - "panorama" - - "shared" - - name: "from_panorama_vsys" - description: "Located in a specific vsys in the config pushed from Panorama." - read_only: true - devices: - - ngfw - xpath: - path: - - "config" - - "panorama" - - "vsys" - - "$vsys" - vars: - - name: "vsys" - description: "The vsys." - default: "vsys1" - validators: - - type: not-values + - default + - allow + - alert + - drop + - reset-client + - reset-server + - reset-both + spec: + default: default + values: + - value: default + - value: allow + - value: alert + - value: drop + - value: reset-client + - value: reset-server + - value: reset-both + description: '' + required: false + variants: [] + description: Application exceptions. + required: false + codegen_overrides: + terraform: + name: application-exceptions + - name: decoder + type: list + profiles: + - xpath: + - decoder + - entry + type: entry + validators: [] + spec: + type: object + items: + type: object + spec: + params: + - name: action + type: enum + profiles: + - xpath: + - action + validators: + - type: values spec: values: - - value: "shared" - error: 'The vsys cannot be "shared". Use the "shared" path instead.' - - name: "device_group" - description: "Located in a specific device group." - devices: - - panorama - xpath: - path: - - "config" - - "devices" - - "$panorama_device" - - "device-group" - - "$device_group" - vars: - - name: "panorama_device" - description: "The panorama device." - default: "localhost.localdomain" - - name: "device_group" - description: "The device group." - required: true - validators: - - type: not-values + - default + - allow + - alert + - drop + - reset-client + - reset-server + - reset-both + spec: + default: default + values: + - value: default + - value: allow + - value: alert + - value: drop + - value: reset-client + - value: reset-server + - value: reset-both + description: '' + required: false + - name: wildfire-action + type: enum + profiles: + - xpath: + - wildfire-action + validators: + - type: values spec: values: - - value: "shared" - error: 'The device group cannot be "shared". Use the "shared" path instead.' -entries: - - name: name - description: "The name of the antivirus profile." + - default + - allow + - alert + - drop + - reset-client + - reset-server + - reset-both + spec: + default: default + values: + - value: default + - value: allow + - value: alert + - value: drop + - value: reset-client + - value: reset-server + - value: reset-both + description: '' + required: false + - name: mlav-action + type: enum + profiles: + - xpath: + - mlav-action + validators: + - type: values + spec: + values: + - default + - allow + - alert + - drop + - reset-client + - reset-server + - reset-both + spec: + default: default + values: + - value: default + - value: allow + - value: alert + - value: drop + - value: reset-client + - value: reset-server + - value: reset-both + description: '' + required: false + codegen_overrides: + terraform: + name: ml-action + variants: [] + description: Protocol decoders. + required: false + codegen_overrides: + terraform: + name: decoders + - name: description + type: string + profiles: + - xpath: + - description validators: - - type: length - spec: - min: 1 - max: 31 - - type: regexp - spec: - expr: "^[ 0-9a-zA-Z._-]$" -version: "10.1.0" -spec: - params: - - name: description - description: "Profile description." - type: string - profiles: - - xpath: ["description"] - validators: - - type: length - spec: - # min: 0 - max: 255 - - name: packet-capture - description: "Enable packet capture." - type: bool - profiles: - - xpath: ["packet-capture"] - - name: mlav-engine-filebased-enabled - description: "Machine learining models." - codegen_overrides: - terraform: - name: machine-learning-models - type: list - profiles: - - xpath: ["mlav-engine-filebased-enabled"] - type: entry - spec: - items: - type: object - spec: - params: - # - name: name - # description: "Model name." - # required: true - # type: string - # profiles: - # - xpath: ["name"] - # validators: - # - type: length - # spec: - # # min: 1 - # max: 128 - - name: mlav-policy-action - description: "Action setting. Valid values are: `enable`, `enable(alert-only)`, `disable`." - codegen_overrides: - terraform: - name: action - type: enum - profiles: - - xpath: ["mlav-policy-action"] - validators: - - type: values - spec: - values: ["enable", "enable(alert-only)", "disable",] - spec: - values: - [ - { value: "enable" }, - { value: "enable(alert-only)" }, - { value: "disable" }, - ] - - name: decoder - description: "Protocol decoders." - codegen_overrides: - terraform: - name: decoders - type: list - profiles: - - xpath: ["decoder"] - type: entry - spec: - items: - type: object - spec: - params: - # - name: name - # description: "Protocol name." - # required: true - # type: string - # validators: - # - type: length - # spec: - # # min: 1 - # max: 31 - # - type: regexp - # spec: - # expr: "^[ 0-9a-zA-Z._-]$" - - name: action - description: "Action for standard antivirus signatures. Valid values are: `default` (default), `allow`, `alert`, `drop`, `reset-client`, `reset-server`, or `reset-both`." - type: enum - profiles: - - xpath: ["action"] - validators: - - type: values - spec: - values: - [ - "default", - "allow", - "alert", - "drop", - "reset-client", - "reset-server", - "reset-both", - ] - spec: - default: "default" - values: - [ - { value: default }, - { value: allow }, - { value: alert }, - { value: drop }, - { value: reset-client }, - { value: reset-server }, - { value: reset-both }, - ] - - name: wildfire-action - description: "Action for signatures generated by the WildFire system. Valid values are: `default` (default), `allow`, `alert`, `drop`, `reset-client`, `reset-server`, or `reset-both`." - type: enum - profiles: - - xpath: ["wildfire-action"] - validators: - - type: values - spec: - values: - [ - "default", - "allow", - "alert", - "drop", - "reset-client", - "reset-server", - "reset-both", - ] - spec: - default: "default" - values: - [ - { value: default }, - { value: allow }, - { value: alert }, - { value: drop }, - { value: reset-client }, - { value: reset-server }, - { value: reset-both }, - ] - - name: mlav-action - description: "Action for malicious threats detected in real-time by the WildFire Inline ML models. Valid values are: `default` (default), `allow`, `alert`, `drop`, `reset-client`, `reset-server`, or `reset-both`." - codegen_overrides: - terraform: - name: ml-action - type: enum - profiles: - - xpath: ["mlav-action"] - validators: - - type: values - spec: - values: - [ - "default", - "allow", - "alert", - "drop", - "reset-client", - "reset-server", - "reset-both", - ] - spec: - default: "default" - values: - [ - { value: default }, - { value: allow }, - { value: alert }, - { value: drop }, - { value: reset-client }, - { value: reset-server }, - { value: reset-both }, - ] - - name: application - description: "Application exceptions." - codegen_overrides: - terraform: - name: application-exceptions - type: list - profiles: - - xpath: ["application"] - type: entry + - type: length spec: - items: - type: object - spec: - params: - # - name: name - # description: "Application name." - # required: true - # type: string - # profiles: - # - xpath: ["name"] - # validators: - # - type: length - # spec: - # # min: 1 - # max: 31 - # - type: regexp - # spec: - # expr: "^[ 0-9a-zA-Z._-]$" - - name: action - description: "Action for application exception. Valid values are: `default` (default), `allow`, `alert`, `drop`, `reset-client`, `reset-server`, or `reset-both`." - type: enum - profiles: - - xpath: ["action"] - validators: - - type: values - spec: - values: - [ - "default", - "allow", - "alert", - "drop", - "reset-client", - "reset-server", - "reset-both", - ] - spec: - default: "default" - values: - [ - { value: default }, - { value: allow }, - { value: alert }, - { value: drop }, - { value: reset-client }, - { value: reset-server }, - { value: reset-both }, - ] - - name: threat-exception - description: "Exceptions for specific threats." - codegen_overrides: - terraform: - name: threat-exceptions - type: list - profiles: - - xpath: ["threat-exception"] - type: entry - validators: - - type: count - spec: - max: 99 + min: 0 + max: 255 + spec: {} + description: Profile description. + required: false + - name: disable-override + type: enum + profiles: + - xpath: + - disable-override + validators: + - type: values spec: - items: - type: string - validators: - - type: regexp + values: + - 'yes' + - 'no' + spec: + default: 'no' + values: + - value: 'yes' + - value: 'no' + description: disable object override in child device groups + required: false + - name: mlav-engine-filebased-enabled + type: list + profiles: + - xpath: + - mlav-engine-filebased-enabled + - entry + type: entry + validators: [] + spec: + type: object + items: + type: object + spec: + params: + - name: mlav-policy-action + type: enum + profiles: + - xpath: + - mlav-policy-action + validators: + - type: values spec: - expr: "^[0-9]+$" - profiles: - - type: member - xpath: ["name"] - - name: mlav-exception - description: "Exceptions for ML based" - codegen_overrides: - terraform: - name: machine-learning-exceptions - type: list - profiles: - - xpath: ["mlav-exception"] - type: entry - validators: - - type: count - spec: - max: 999 - spec: - items: - type: object - spec: - params: - # - name: name - # description: "Partial hash." - # required: true - # type: string - - name: filename - description: "Name of the file." - type: string - validators: - - type: length - spec: - min: 0 - max: 255 - profiles: - - xpath: ["filename"] - - name: description - description: "Exception description." - type: string - validators: - - type: length - spec: - min: 0 - max: 255 - profiles: - - xpath: ["description"] + values: + - enable + - enable(alert-only) + - disable + spec: + values: + - value: enable + - value: enable(alert-only) + - value: disable + description: '' + required: false + codegen_overrides: + terraform: + name: action + variants: [] + description: Machine learining models. + required: false + codegen_overrides: + terraform: + name: machine-learning-models + - name: mlav-exception + type: list + profiles: + - xpath: + - mlav-exception + - entry + type: entry + validators: [] + spec: + type: object + items: + type: object + spec: + params: + - name: filename + type: string + profiles: + - xpath: + - filename + validators: + - type: length + spec: + min: 0 + max: 255 + spec: {} + description: '' + required: false + - name: description + type: string + profiles: + - xpath: + - description + validators: + - type: length + spec: + min: 0 + max: 255 + spec: {} + description: Profile description. + required: false + variants: [] + description: Exceptions for ML based file scans. + required: false + codegen_overrides: + terraform: + name: machine-learning-exceptions + - name: packet-capture + type: bool + profiles: + - xpath: + - packet-capture + validators: [] + spec: {} + description: Enable packet capture. + required: false + - name: threat-exception + type: list + profiles: + - xpath: + - threat-exception + - entry + type: entry + validators: [] + spec: + type: object + items: + type: object + spec: + params: [] + variants: [] + description: Exceptions for specific threats. + required: false + codegen_overrides: + terraform: + name: threat-exceptions + - name: wfrt-hold-mode + type: bool + profiles: + - xpath: + - wfrt-hold-mode + validators: [] + spec: {} + description: '' + required: false + variants: [] diff --git a/specs/objects/security-profile-antivirus.yaml b/specs/objects/security-profile-antivirus.yaml deleted file mode 100644 index a0cfc252..00000000 --- a/specs/objects/security-profile-antivirus.yaml +++ /dev/null @@ -1,333 +0,0 @@ -name: security-profile-antivirus -terraform_provider_config: - description: Antivirus security profile - skip_resource: false - skip_datasource: false - resource_type: entry - resource_variants: - - singular - suffix: security_profile_antivirus - plural_suffix: '' - plural_name: '' - plural_description: '' -go_sdk_config: - skip: false - package: - - objects - - profiles - - antivirus -xpath_suffix: -- virus -locations: -- name: shared - xpath: - path: - - config - - shared - vars: [] - description: Location in Shared Panorama - devices: - - panorama - - ngfw - validators: [] - required: false - read_only: false -entries: -- name: name - description: '' - validators: [] -imports: [] -spec: - params: - - name: application - type: list - profiles: - - xpath: - - application - - entry - type: entry - validators: [] - spec: - type: object - items: - type: object - spec: - params: - - name: action - type: enum - profiles: - - xpath: - - action - validators: - - type: values - spec: - values: - - default - - allow - - alert - - drop - - reset-client - - reset-server - - reset-both - spec: - default: default - values: - - value: default - - value: allow - - value: alert - - value: drop - - value: reset-client - - value: reset-server - - value: reset-both - description: '' - required: false - variants: [] - description: Application exceptions. - required: false - - name: decoder - type: list - profiles: - - xpath: - - decoder - - entry - type: entry - validators: [] - spec: - type: object - items: - type: object - spec: - params: - - name: action - type: enum - profiles: - - xpath: - - action - validators: - - type: values - spec: - values: - - default - - allow - - alert - - drop - - reset-client - - reset-server - - reset-both - spec: - default: default - values: - - value: default - - value: allow - - value: alert - - value: drop - - value: reset-client - - value: reset-server - - value: reset-both - description: '' - required: false - - name: wildfire-action - type: enum - profiles: - - xpath: - - wildfire-action - validators: - - type: values - spec: - values: - - default - - allow - - alert - - drop - - reset-client - - reset-server - - reset-both - spec: - default: default - values: - - value: default - - value: allow - - value: alert - - value: drop - - value: reset-client - - value: reset-server - - value: reset-both - description: '' - required: false - - name: mlav-action - type: enum - profiles: - - xpath: - - mlav-action - validators: - - type: values - spec: - values: - - default - - allow - - alert - - drop - - reset-client - - reset-server - - reset-both - spec: - default: default - values: - - value: default - - value: allow - - value: alert - - value: drop - - value: reset-client - - value: reset-server - - value: reset-both - description: '' - required: false - variants: [] - description: Protocol decoders. - required: false - - name: description - type: string - profiles: - - xpath: - - description - validators: - - type: length - spec: - min: 0 - max: 255 - spec: {} - description: Profile description. - required: false - - name: disable-override - type: enum - profiles: - - xpath: - - disable-override - validators: - - type: values - spec: - values: - - 'no' - spec: - default: 'no' - values: - - value: 'no' - description: disable object override in child device groups - required: false - - name: mlav-engine-filebased-enabled - type: list - profiles: - - xpath: - - mlav-engine-filebased-enabled - - entry - type: entry - validators: [] - spec: - type: object - items: - type: object - spec: - params: - - name: mlav-policy-action - type: enum - profiles: - - xpath: - - mlav-policy-action - validators: - - type: values - spec: - values: - - enable - - enable(alert-only) - - disable - spec: - values: - - value: enable - - value: enable(alert-only) - - value: disable - description: '' - required: false - variants: [] - description: Machine learining models. - required: false - - name: mlav-exception - type: list - profiles: - - xpath: - - mlav-exception - - entry - type: entry - validators: [] - spec: - type: object - items: - type: object - spec: - params: - - name: filename - type: string - profiles: - - xpath: - - filename - validators: - - type: length - spec: - min: 0 - max: 255 - spec: {} - description: '' - required: false - - name: description - type: string - profiles: - - xpath: - - description - validators: - - type: length - spec: - min: 0 - max: 255 - spec: {} - description: Profile description. - required: false - variants: [] - description: Exceptions for ML based - required: false - - name: packet-capture - type: bool - profiles: - - xpath: - - packet-capture - validators: [] - spec: {} - description: Enable packet capture. - required: false - - name: threat-exception - type: list - profiles: - - xpath: - - threat-exception - - entry - type: entry - validators: [] - spec: - type: object - items: - type: object - spec: - params: [] - variants: [] - description: Exceptions for specific threats. - required: false - - name: wfrt-hold-mode - type: bool - profiles: - - xpath: - - wfrt-hold-mode - min_version: 11.0.2 - max_version: 11.0.3 - validators: [] - spec: {} - description: '' - required: false - variants: [] From 4be8eb20a5919dfc7b6c49ce8a9e341d379effba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Bilski?= Date: Thu, 16 Jan 2025 02:26:32 +0100 Subject: [PATCH 4/4] Update spec descriptions --- .../antivirus.yaml} | 89 ++++++++++--------- 1 file changed, 49 insertions(+), 40 deletions(-) rename specs/objects/profiles/{security-profile-antivirus.yaml => security/antivirus.yaml} (85%) diff --git a/specs/objects/profiles/security-profile-antivirus.yaml b/specs/objects/profiles/security/antivirus.yaml similarity index 85% rename from specs/objects/profiles/security-profile-antivirus.yaml rename to specs/objects/profiles/security/antivirus.yaml index 0de0f55e..d834c9db 100644 --- a/specs/objects/profiles/security-profile-antivirus.yaml +++ b/specs/objects/profiles/security/antivirus.yaml @@ -32,67 +32,67 @@ locations: validators: [] required: false read_only: false -- name: vsys +- name: device-group xpath: path: - config - devices - - $ngfw_device - - vsys - - $vsys + - $panorama_device + - device-group + - $device_group vars: - - name: ngfw_device - description: The NGFW device name + - name: panorama_device + description: Panorama device name required: false default: localhost.localdomain validators: [] type: entry - - name: vsys - description: The Virtual System name - required: false - default: vsys1 + - name: device_group + description: Device Group name + required: true validators: - type: not-values spec: values: - value: shared - error: The vsys name cannot be "shared". Use the "shared" location instead + error: The device group name cannot be "shared". Use the "shared" location + instead type: entry - description: Located in a specific Virtual System + description: Located in a specific Device Group devices: - - ngfw - panorama validators: [] required: false read_only: false -- name: device-group +- name: vsys xpath: path: - config - devices - - $panorama_device - - device-group - - $device_group + - $ngfw_device + - vsys + - $vsys vars: - - name: panorama_device - description: Panorama device name + - name: ngfw_device + description: The NGFW device name required: false default: localhost.localdomain validators: [] type: entry - - name: device_group - description: Device Group name - required: true + - name: vsys + description: The Virtual System name + required: false + default: vsys1 validators: - type: not-values spec: values: - value: shared - error: The device group name cannot be "shared". Use the "shared" location - instead + error: The vsys name cannot be "shared". Use the "shared" location instead type: entry - description: Located in a specific Device Group + description: Located in a specific Virtual System devices: + - ngfw - panorama validators: [] required: false @@ -144,10 +144,12 @@ spec: - value: reset-client - value: reset-server - value: reset-both - description: '' + description: 'Action for application exception. Valid values are: `default` + (default), `allow`, `alert`, `drop`, `reset-client`, `reset-server`, + or `reset-both`' required: false variants: [] - description: Application exceptions. + description: Application exceptions required: false codegen_overrides: terraform: @@ -192,7 +194,9 @@ spec: - value: reset-client - value: reset-server - value: reset-both - description: '' + description: 'Action for standard antivirus signatures. Valid values are: + `default` (default), `allow`, `alert`, `drop`, `reset-client`, `reset-server`, + or `reset-both`' required: false - name: wildfire-action type: enum @@ -220,7 +224,9 @@ spec: - value: reset-client - value: reset-server - value: reset-both - description: '' + description: 'Action for signatures generated by the WildFire system. + Valid values are: `default` (default), `allow`, `alert`, `drop`, `reset-client`, + `reset-server`, or `reset-both`' required: false - name: mlav-action type: enum @@ -248,13 +254,15 @@ spec: - value: reset-client - value: reset-server - value: reset-both - description: '' + description: 'Action for malicious threats detected in real-time by the + WildFire Inline ML models. Valid values are: `default` (default), `allow`, + `alert`, `drop`, `reset-client`, `reset-server`, or `reset-both`' required: false codegen_overrides: terraform: name: ml-action variants: [] - description: Protocol decoders. + description: Protocol decoders required: false codegen_overrides: terraform: @@ -270,7 +278,7 @@ spec: min: 0 max: 255 spec: {} - description: Profile description. + description: Profile description required: false - name: disable-override type: enum @@ -288,7 +296,7 @@ spec: values: - value: 'yes' - value: 'no' - description: disable object override in child device groups + description: Disable object override in child device groups required: false - name: mlav-engine-filebased-enabled type: list @@ -321,13 +329,14 @@ spec: - value: enable - value: enable(alert-only) - value: disable - description: '' + description: 'Action for ML model antivirus signatures. Valid values are: + `enable`, `enable(alert-only)`, or `disable`' required: false codegen_overrides: terraform: name: action variants: [] - description: Machine learining models. + description: Machine learning models required: false codegen_overrides: terraform: @@ -357,7 +366,7 @@ spec: min: 0 max: 255 spec: {} - description: '' + description: File name to exclude from enforcement required: false - name: description type: string @@ -370,7 +379,7 @@ spec: min: 0 max: 255 spec: {} - description: Profile description. + description: Exception description required: false variants: [] description: Exceptions for ML based file scans. @@ -385,7 +394,7 @@ spec: - packet-capture validators: [] spec: {} - description: Enable packet capture. + description: Enable packet capture required: false - name: threat-exception type: list @@ -402,7 +411,7 @@ spec: spec: params: [] variants: [] - description: Exceptions for specific threats. + description: Exceptions for specific threats required: false codegen_overrides: terraform: @@ -414,6 +423,6 @@ spec: - wfrt-hold-mode validators: [] spec: {} - description: '' + description: Enable hold mode for WildFire real time signature lookup required: false variants: []