PaloAltoNetworks · migara · Jan 17, 2025 · Oct 24, 2024 · Oct 24, 2024 · Dec 17, 2024
diff --git a/...s/objects/security-profile-antivirus.yaml → .../objects/profiles/security/antivirus.yaml b/...s/objects/security-profile-antivirus.yaml → .../objects/profiles/security/antivirus.yaml
@@ -25,13 +25,78 @@ locations:
     - config
     - shared
     vars: []
-  description: Location in Shared Panorama
+  description: Panorama shared object
   devices:
   - panorama
   - ngfw
   validators: []
   required: false
   read_only: false
+- name: device-group
+  xpath:
+    path:
+    - config
+    - devices
+    - $panorama_device
+    - device-group
+    - $device_group
+    vars:
+    - name: panorama_device
+      description: Panorama device name
+      required: false
+      default: localhost.localdomain
+      validators: []
+      type: entry
+    - name: device_group
+      description: Device Group name
+      required: true
+      validators:
+      - type: not-values
+        spec:
+          values:
+          - value: shared
+            error: The device group name cannot be "shared". Use the "shared" location
+              instead
+      type: entry
+  description: Located in a specific Device Group
+  devices:
+  - panorama
+  validators: []
+  required: false
+  read_only: false
+- name: vsys
+  xpath:
+    path:
+    - config
+    - devices
+    - $ngfw_device
+    - vsys
+    - $vsys
+    vars:
+    - name: ngfw_device
+      description: The NGFW device name
+      required: false
+      default: localhost.localdomain
+      validators: []
+      type: entry
+    - name: vsys
+      description: The Virtual System name
+      required: false
+      default: vsys1
+      validators:
+      - type: not-values
+        spec:
+          values:
+          - value: shared
+            error: The vsys name cannot be "shared". Use the "shared" location instead
+      type: entry
+  description: Located in a specific Virtual System
+  devices:
+  - ngfw
+  - panorama
+  validators: []
+  required: false
+  read_only: false
 entries:
 - name: name
   description: ''
@@ -79,11 +144,16 @@ spec:
               - value: reset-client
               - value: reset-server
               - value: reset-both
-            description: ''
+            description: 'Action for application exception. Valid values are: `default`
+              (default), `allow`, `alert`, `drop`, `reset-client`, `reset-server`,
+              or `reset-both`'
             required: false
           variants: []
-    description: Application exceptions.
+    description: Application exceptions
     required: false
+    codegen_overrides:
+      terraform:
+        name: application-exceptions
   - name: decoder
     type: list
     profiles:
@@ -124,7 +194,9 @@ spec:
               - value: reset-client
               - value: reset-server
               - value: reset-both
-            description: ''
+            description: 'Action for standard antivirus signatures. Valid values are:
+              `default` (default), `allow`, `alert`, `drop`, `reset-client`, `reset-server`,
+              or `reset-both`'
             required: false
           - name: wildfire-action
             type: enum
@@ -152,7 +224,9 @@ spec:
               - value: reset-client
               - value: reset-server
               - value: reset-both
-            description: ''
+            description: 'Action for signatures generated by the WildFire system.
+              Valid values are: `default` (default), `allow`, `alert`, `drop`, `reset-client`,
+              `reset-server`, or `reset-both`'
             required: false
           - name: mlav-action
             type: enum
@@ -180,11 +254,19 @@ spec:
               - value: reset-client
               - value: reset-server
               - value: reset-both
-            description: ''
+            description: 'Action for malicious threats detected in real-time by the
+              WildFire Inline ML models. Valid values are: `default` (default), `allow`,
+              `alert`, `drop`, `reset-client`, `reset-server`, or `reset-both`'
             required: false
+            codegen_overrides:
+              terraform:
+                name: ml-action
           variants: []
-    description: Protocol decoders.
+    description: Protocol decoders
     required: false
+    codegen_overrides:
+      terraform:
+        name: decoders
   - name: description
     type: string
     profiles:
@@ -196,7 +278,7 @@ spec:
         min: 0
         max: 255
     spec: {}
-    description: Profile description.
+    description: Profile description
     required: false
   - name: disable-override
     type: enum
@@ -207,12 +289,14 @@ spec:
     - type: values
       spec:
         values:
+        - 'yes'
         - 'no'
     spec:
       default: 'no'
       values:
+      - value: 'yes'
       - value: 'no'
-    description: disable object override in child device groups
+    description: Disable object override in child device groups
     required: false
   - name: mlav-engine-filebased-enabled
     type: list
@@ -245,11 +329,18 @@ spec:
               - value: enable
               - value: enable(alert-only)
               - value: disable
-            description: ''
+            description: 'Action for ML model antivirus signatures. Valid values are:
+              `enable`, `enable(alert-only)`, or `disable`'
             required: false
+            codegen_overrides:
+              terraform:
+                name: action
           variants: []
-    description: Machine learining models.
+    description: Machine learning models
     required: false
+    codegen_overrides:
+      terraform:
+        name: machine-learning-models
   - name: mlav-exception
     type: list
     profiles:
@@ -275,7 +366,7 @@ spec:
                 min: 0
                 max: 255
             spec: {}
-            description: ''
+            description: File name to exclude from enforcement
             required: false
           - name: description
             type: string
@@ -288,19 +379,22 @@ spec:
                 min: 0
                 max: 255
             spec: {}
-            description: Profile description.
+            description: Exception description
             required: false
           variants: []
-    description: Exceptions for ML based
+    description: Exceptions for ML based file scans.
     required: false
+    codegen_overrides:
+      terraform:
+        name: machine-learning-exceptions
   - name: packet-capture
     type: bool
     profiles:
     - xpath:
       - packet-capture
     validators: []
     spec: {}
-    description: Enable packet capture.
+    description: Enable packet capture
     required: false
   - name: threat-exception
     type: list
@@ -317,17 +411,18 @@ spec:
         spec:
           params: []
           variants: []
-    description: Exceptions for specific threats.
+    description: Exceptions for specific threats
     required: false
+    codegen_overrides:
+      terraform:
+        name: threat-exceptions
   - name: wfrt-hold-mode
     type: bool
     profiles:
     - xpath:
       - wfrt-hold-mode
-      min_version: 11.0.2
-      max_version: 11.0.3
     validators: []
     spec: {}
-    description: ''
+    description: Enable hold mode for WildFire real time signature lookup
     required: false
   variants: []