Wednesday, March 7, 2018

Palo Alto Networks - Querying Multiple URL Categories at Once

Palo Alto Networks offers a way to query a URL via https://urlfiltering.paloaltonetworks.com/. However, if you want to query multiple URLs at the same time, then you need to leverage the API.
  • Generate the API key for the firewall. See this link for instructions.
  • Create a text file with all the URLs you want to check. For example, create a file called urls.txt with the URLs entered in the following format:
www.google.com
www.facebook.com
www.yahoo.com
purple.com
chase.com

  • Create a bash file to query PAN-DB using the text file created in the previous step. For example, create a file called url_checker with the following details:
#!/bin/bash
for url in $(cat urls.txt); 
do curl -k 'https://{firewall ip}/api/?type=op&cmd=<test><url>'$url'</url></test>&key={api key here}'; 
done
  • From the command line, run the bash script. For example, in OSX, ./url_checker
  • The output should give you a list of all URLs in the file and their corresponding categories.
SJCMACF0UPG8WM:Desktop smitchell$ ./url_checker
<response cmd="status" status="success"><result>www.google.com search-engines (Base db) expires in 3000 seconds
www.google.com search-engines (Cloud db)
</result></response><response cmd="status" status="success"><result>www.facebook.com social-networking (Base db) expires in 3000 seconds
www.facebook.com social-networking (Cloud db)
</result></response><response cmd="status" status="success"><result>www.yahoo.com internet-portals (Base db) expires in 3000 seconds
www.yahoo.com internet-portals (Cloud db)
</result></response><response cmd="status" status="success"><result>purple.com home-and-garden (Base db) expires in 0 seconds
purple.com home-and-garden (Cloud db)
</result></response><response cmd="status" status="success"><result>chase.com financial-services (Base db) expires in 9000 seconds
chase.com financial-services (Cloud db)
</result></response>SJCMACF0UPG8WM:Desktop smitchell$

No comments:

Post a Comment