diff --git a/CHANGELOG.txt b/CHANGELOG.txt index c3c76b1c..debbd677 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,6 +1,21 @@ CHANGELOG -2.1.13 +2.1.14 +UTIL: +type=rule actions=display | introduction of argument actions=display:hitcount,ApplicationSeen + +BUGFIX: +* type=vendor-migration | general bugfix to use correct baseconfig file if no argument in= is defined +* class AddressGroup | bugfix for missing function type() - related to type=address actions=move +* type=rule location=DG1 'actions=move:DG2,pre' - no rulename change +* class AddressCommon | bugfix if rule is already deleted - AddressRuleContainer is NULL => type=rule actions=removeWhereUsed +* type=rule | bugfix for actions=exporttoexcel - to correctly display columns + +GENERAL: +* update to App-ID version: 8748-8241 + + +2.1.13 (20230810) UTIL: * type=address | introduction of actions=upload-address-2cloudmanager:panorama.xml,DGname && actions=upload-addressgroup-2cloudmanager:panorama.xml,DGname * type=address actions=upload-address-2cloudmanager | extend validation if object name is already available diff --git a/lib/misc-classes/PH.php b/lib/misc-classes/PH.php index e38f0202..51b4ab06 100644 --- a/lib/misc-classes/PH.php +++ b/lib/misc-classes/PH.php @@ -182,7 +182,7 @@ function __construct($argv, $argc) private static $library_version_major = 2; private static $library_version_sub = 1; - private static $library_version_bugfix = 13; + private static $library_version_bugfix = 14; //BASIC AUTH PAN-OS 7.1 public static $softwareupdate_key = "658d787f293e631196dac9fb29490f1cc1bb3827"; diff --git a/lib/object-classes/AddressGroup.php b/lib/object-classes/AddressGroup.php index 543c3954..a2885e1c 100644 --- a/lib/object-classes/AddressGroup.php +++ b/lib/object-classes/AddressGroup.php @@ -1292,6 +1292,13 @@ public function replaceByMembersAndDelete($context, $isAPI = FALSE, $rewriteXml } } + /** + * @return string ie: 'ip-netmask' 'ip-range' + */ + public function type() + { + return "address-group"; + } static protected $templatexml = ''; static protected $templatexml_v6 = ''; diff --git a/lib/object-classes/predefined.xml b/lib/object-classes/predefined.xml index c34c1aa8..1dbd6a60 100644 --- a/lib/object-classes/predefined.xml +++ b/lib/object-classes/predefined.xml @@ -1,6 +1,6 @@ - 8741-8213 + 8748-8241 @@ -2897,7 +2897,7 @@ unknown-tcp, unknown-udp - 8732 + 8745 @@ -5681,7 +5681,7 @@ web-browsing - 8732 + 8745 @@ -5822,6 +5822,12 @@ 8144 + + + soap + 8745 + + unknown-tcp @@ -6110,6 +6116,12 @@ 8621 + + + github-copilot + 8745 + + github, ssl, web-browsing @@ -6767,7 +6779,7 @@ web-browsing - 8732 + 8745 @@ -7604,6 +7616,12 @@ 757 + + + ssl + 8745 + + unknown-tcp @@ -7955,7 +7973,7 @@ unknown-tcp, unknown-udp - 8732 + 8745 @@ -7973,223 +7991,223 @@ mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 mitsubishi-melsec - 8732 + 8745 @@ -8834,6 +8852,24 @@ 544 + + + sharepoint-online + 8745 + + + + + sharepoint-online-downloading + 8745 + + + + + sharepoint-online-uploading + 8745 + + ssl,web-browsing,skydrive @@ -9170,6 +9206,12 @@ 650 + + + ssl + 8745 + + ssl, web-browsing @@ -10388,6 +10430,18 @@ 8559 + + + ssl, web-browsing + 8745 + + + + + ssl + 8745 + + web-browsing, ssl @@ -10589,7 +10643,7 @@ net.tcp - 8732 + 8745 @@ -10826,6 +10880,12 @@ 8377 + + + ssl, web-browsing + 8745 + + ssl, web-browsing @@ -11018,6 +11078,12 @@ 692 + + + web-browsing + 8745 + + unknown-udp @@ -11294,6 +11360,12 @@ 8219 + + + ssl, web-browsing + 8745 + + ssl, web-browsing, unknown-tcp, unknown-udp @@ -11489,7 +11561,7 @@ soap - 8732 + 8745 @@ -12130,6 +12202,12 @@ 8093 + + + web-browsing + 8745 + + ssl, web-browsing @@ -12490,6 +12568,12 @@ 529 + + + ssl, web-browsing + 8745 + + unknown-tcp @@ -12781,7 +12865,7 @@ unknown-tcp - 8732 + 8745 @@ -12853,7 +12937,7 @@ unknown-tcp - 8732 + 8745 @@ -15671,6 +15755,7 @@ Facebook has met with some controversy over the past few years. It has been bloc gist-uploading github-base github-copilot + github-copilot-business github-downloading github-editing github-posting @@ -17110,6 +17195,9 @@ Both Microsoft Lync and Microsoft Communicator for Mac are enterprise software; ms-lync-online-apps-sharing ms-lync-online-file-transfer ms-office365-base + ms-onedrive-business + ms-onedrive-business-download + ms-onedrive-business-upload ms-outlook-downloading ms-outlook-personal-uploading ms-outlook-uploading @@ -17629,6 +17717,18 @@ It topped the ForeSee Results’ Top 100 Online Retail Satisfaction Index w pages-uploading + + Palo Alto Networks Prisma SD-WAN (formerly CloudGenix) is a cloud-delivered service that implements app-defined, autonomous SD-WAN to help you secure and connect your branch offices, data centers and large campus sites without increasing cost and complexity. + + + https://docs.paloaltonetworks.com/prisma/prisma-sd-wan + + + + paloalto-prisma-sdwan-base + paloalto-prisma-sdwan-control + + Palo Alto Networks delivers world-class customer support through a range of options, including 24/7 availability, a global network of support centers and options for hardware replacement. @@ -17792,6 +17892,18 @@ It topped the ForeSee Results’ Top 100 Online Retail Satisfaction Index w proprofs-survey-maker-uploading + + Proton AG (Proton) is a Swiss technology company offering privacy-focused online services including Proton Mail, Proton Calendar, Proton Drive and Proton VPN. + + + https://en.wikipedia.org/wiki/Proton_(Swiss_company) + + + + proton-base + protonmail + + Qik is a mobile live video streaming and two-way video conferencing application that allows users to stream live video from their cell phones to the internet. Qik enables users to record and upload video directly from supported cell phones. As of April 2009, Qik supports about 140 cell phones for its software. Qik videos can be shared via Facebook, Twitter, Youtube, and many other social network sites. @@ -32761,6 +32873,9 @@ Autodesk, Inc. is an American multinational software corporation that makes soft networking remote-access client-server + Avocent develops integrated IT infrastructure management solutions. Its core competencies are in integrating hardware, software and embedded technologies, to provide IT managers with a single interface to remotely administer an IT infrastructure. + yes + yes no no no @@ -32769,28 +32884,27 @@ Autodesk, Inc. is an American multinational software corporation that makes soft no no yes - 3 - Avocent develops integrated IT infrastructure management solutions. Its core competencies are in integrating hardware, software and embedded technologies, to provide IT managers with a single interface to remotely administer an IT infrastructure. + no + iot + 3600 http://en.wikipedia.org/wiki/Avocent - no - 3600 - yes tcp/3449,3448,3211,3502,3871 + 3 networking ip-protocol network-protocol Avocent-vsp (Avocent Video Session Protocol) is a protocol used to transfer keyboard, video and mouse information between a KVM switch and a remote Video Viewer. - no + yes yes no no @@ -32801,12 +32915,12 @@ Autodesk, Inc. is an American multinational software corporation that makes soft no no no + iot drop-reset - no yes - http://www.avocent.com/WorkArea/linkit.aspx?LinkIdentifier=id&ItemID=17876 + http://www.avocent.com/WorkArea/linkit.aspx?LinkIdentifier=id&amp;ItemID=17876 @@ -40207,6 +40321,7 @@ All battlefield games will be covered under this app id. medical client-server B. Braun is a German medical and pharmaceutical device company in infusion therapy and pain management, develops, manufactures, and markets innovative medical products and services to the healthcare industry. This App-ID covers traffic for the DoseTrac infusion management software. + yes yes no no @@ -40217,6 +40332,7 @@ All battlefield games will be covered under this app id. no no no + medical drop-reset no @@ -41141,6 +41257,7 @@ bet365's site is available in 14 different languages and supports a wide variety no + [Generative AI] [Web App] @@ -42546,7 +42663,6 @@ and ensure your investments align to real business requirements. drop-reset no yes - yes web20_parrent_app yes @@ -46339,7 +46455,6 @@ Channel 4 was established with, and continues to hold, a remit of public service drop-reset no yes - yes web20_parrent_app yes @@ -46349,6 +46464,7 @@ Channel 4 was established with, and continues to hold, a remit of public service no + [Generative AI] [Web App] @@ -46392,7 +46508,6 @@ Channel 4 was established with, and continues to hold, a remit of public service drop-reset no yes - yes character-ai-base yes @@ -46402,6 +46517,7 @@ Channel 4 was established with, and continues to hold, a remit of public service no + [Generative AI] [Posting] [Web App] @@ -46444,7 +46560,6 @@ Channel 4 was established with, and continues to hold, a remit of public service no yes yes - yes character-ai-base yes @@ -46454,6 +46569,7 @@ Channel 4 was established with, and continues to hold, a remit of public service no + [Generative AI] [Uploading] [Web App] @@ -53451,8 +53567,8 @@ To access a website through the Coral cache (and thus reduce the load on the sit 1 - media - photo-video + business-systems + general-business client-server Crestron CIP (Crestron Control Interface Protocol) is a proprietary communication protocol used to monitor and control Crestron devices, including audiovisual equipment, lighting systems, HVAC and other building automation components. This App-ID covers the Crestron Control Interface Protocol. yes @@ -56126,7 +56242,6 @@ To access a website through the Coral cache (and thus reduce the load on the sit no yes yes - yes web20_parrent_app yes @@ -56136,6 +56251,7 @@ To access a website through the Coral cache (and thus reduce the load on the sit no + [Generative AI] [Web App] @@ -56186,7 +56302,6 @@ To access a website through the Coral cache (and thus reduce the load on the sit no yes yes - yes deepl-base yes @@ -56196,6 +56311,7 @@ To access a website through the Coral cache (and thus reduce the load on the sit no + [Generative AI] [Web App] @@ -56233,7 +56349,6 @@ To access a website through the Coral cache (and thus reduce the load on the sit drop-reset no yes - yes deepl-base yes @@ -56243,6 +56358,7 @@ To access a website through the Coral cache (and thus reduce the load on the sit no + [Generative AI] [Web App] @@ -66010,7 +66126,6 @@ What separates DroidVPN from other VPN Applications is it can tunnel the traffic no yes yes - yes web20_parrent_app @@ -82621,7 +82736,6 @@ It protects users from hackers and harmful apps, stop trackers, and can set the no drop-reset no - yes [Proxy Avoidance] @@ -83909,6 +84023,42 @@ The company's "Powered by GameSpy" technology has enabled online functionality i 1 + + business-systems + medical + client-server + GE's DCAR Communication Protocol (DCP) is used for communication between GE MAC ECG machines and GE MUSE servers to transfer tests, receive orders, and/or patient demographics information. This App-ID covers GE's DCP. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + soap + + + https://www.gehealthcare.com/products/diagnostic-ecg/resting-ecg/mac-vu360 + + + + + tcp/9240 + + + + soap + + 1 + business-systems medical @@ -86344,8 +86494,8 @@ The company's "Powered by GameSpy" technology has enabled online functionality i github - business-systems - software-development + saas + artificial-intelligence client-server GitHub Copilot is an artificial intelligence tool developed by GitHub and OpenAI to assist users of Visual Studio Code, Visual Studio, Neovim, and JetBrains integrated development environments by autocompleting code. This App-ID covers the traffic of GitHub Copilot. yes @@ -86363,6 +86513,7 @@ The company's "Powered by GameSpy" technology has enabled online functionality i no github-base + [Generative AI] [Web App] @@ -86378,100 +86529,76 @@ The company's "Powered by GameSpy" technology has enabled online functionality i github-base + + github-copilot-business + 1 github - + saas - management + artificial-intelligence client-server - This app-id controls downloading activities by Github. GitHub is a web-based hosting service for software development projects that use the Git revision control system. + Copilot for Business allows user to manage access to GitHub Copilot for organizations within enterprise. This App-ID covers the traffic of Github Copilot for Business. yes - yes - yes - yes yes no no no - yes + no yes no no no no drop-reset - yes no - yes yes - yes - - - yes - yes - yes - yes - - no - no - no - no - + yes + github-copilot - [Downloading] + [Generative AI] [Web App] - - http://en.wikipedia.org/wiki/GitHub - - - https://github.com + + https://docs.github.com/en/enterprise-cloud@latest/copilot/overview-of-github-copilot/about-github-copilot-for-business - tcp/443 + tcp/80,443 - + github-base - ssl - web-browsing - - bigbluebutton - lantern - - - web-browsing - - - http - - 2 + 1 github - + saas management client-server - This app-id controls editing activities by Github. GitHub is a web-based hosting service for software development projects that use the Git revision control system. + This app-id controls downloading activities by Github. GitHub is a web-based hosting service for software development projects that use the Git revision control system. yes + yes yes + yes yes no no no - no + yes yes no no - yes + no no drop-reset + yes no + yes yes yes @@ -86487,7 +86614,7 @@ The company's "Powered by GameSpy" technology has enabled online functionality i no - [Editing] + [Downloading] [Web App] @@ -86495,7 +86622,7 @@ The company's "Powered by GameSpy" technology has enabled online functionality i http://en.wikipedia.org/wiki/GitHub - https://github.com/ + https://github.com @@ -86508,6 +86635,10 @@ The company's "Powered by GameSpy" technology has enabled online functionality i ssl web-browsing + + bigbluebutton + lantern + web-browsing @@ -86517,11 +86648,11 @@ The company's "Powered by GameSpy" technology has enabled online functionality i 2 github - + saas management client-server - This app-id controls posting activities by Github. GitHub is a web-based hosting service for software development projects that use the Git revision control system. + This app-id controls editing activities by Github. GitHub is a web-based hosting service for software development projects that use the Git revision control system. yes yes yes @@ -86535,7 +86666,6 @@ The company's "Powered by GameSpy" technology has enabled online functionality i yes no drop-reset - yes no yes yes @@ -86552,12 +86682,77 @@ The company's "Powered by GameSpy" technology has enabled online functionality i no - [Posting] + [Editing] [Web App] - https://en.wikipedia.org/wiki/GitHub + http://en.wikipedia.org/wiki/GitHub + + + https://github.com/ + + + + + tcp/443 + + + + github-base + ssl + web-browsing + + + web-browsing + + + http + + 2 + github + + + saas + management + client-server + This app-id controls posting activities by Github. GitHub is a web-based hosting service for software development projects that use the Git revision control system. + yes + yes + yes + no + no + no + no + yes + no + no + yes + no + drop-reset + yes + no + yes + yes + + + yes + yes + yes + yes + + no + no + no + no + + + [Posting] + [Web App] + + + + https://en.wikipedia.org/wiki/GitHub https://github.com/ @@ -88783,6 +88978,7 @@ Google App Engine is free up to a certain level of used resources. Fees are char no + [Generative AI] [Web App] @@ -106483,7 +106679,6 @@ Jango's music discovery engine recommends and plays additional songs based on th no yes yes - yes websocket yes @@ -106493,6 +106688,7 @@ Jango's music discovery engine recommends and plays additional songs based on th no + [Generative AI] [Web App] @@ -109731,7 +109927,6 @@ Kaixin001's success can be partly credited to the Great Firewall of China. Due t no drop-reset no - yes web20_parrent_app [Web App] @@ -111942,6 +112137,56 @@ With LeapFILE, there are no email size limits, FTP hassles, or overnight deliver 1 + + media + photo-video + client-server + Lemon8 is a social media app owned by ByteDance, first launched in 2020. This App-ID covers the traffic for Lemon8 application. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + yes + web20_parrent_app + yes + + no + no + no + no + + + [Web App] + + + + https://en.wikipedia.org/wiki/Lemon8 + + + + + tcp/443 + + + + ssl + + + ssl + + 1 + business-systems ics-protocols @@ -119165,7 +119410,7 @@ The current version of Microsoft Dynamics CRM is 4.0 (Update Rollup 9 - 4.00.733 no yes yes - web20_parrent_app + office365-enterprise-access yes no @@ -119187,9 +119432,8 @@ The current version of Microsoft Dynamics CRM is 4.0 (Update Rollup 9 - 4.00.733 tcp/80,443 - - ssl - web-browsing + + office365-enterprise-access 2 @@ -128515,34 +128759,89 @@ Serving as a successor to Microsoft's Business Productivity Online Suite, the se 4 ms-onedrive - + saas file-sharing client-server - OneDrive (previously SkyDrive) is a cloud storage, file hosting service that allows users to sync files and later access them from a web browser or mobile device. Users can also share files publicly or with their contacts. -The ms-onedrive-downloading application identifies file downloading activity of users on OneDrive. + Microsoft OneDrive is a file hosting service operated by Microsoft. This App-ID covers the traffic for OneDrive business application. + yes + yes + no + yes + no + yes + yes + no + yes + yes + no + drop-reset + no + yes + yes + sharepoint-online + yes + + no + no + no + no + + + [Office 365] + [Web App] + + + + https://en.wikipedia.org/wiki/OneDrive + + + + + tcp/80,443 + + + + sharepoint-online + ssl + web-browsing + + + draw.io-cloud + ms-teams-uploading + + 4 + ms-office365 + + + saas + file-sharing + client-server + Microsoft OneDrive is a file hosting service operated by Microsoft. This App-ID covers the downloading traffic for OneDrive business application. yes yes - yes yes yes no yes - yes + no yes yes no - no + yes yes no drop-reset yes no yes + yes + yes + sharepoint-online-downloading yes no - yes + no no no @@ -128561,37 +128860,94 @@ The ms-onedrive-downloading application identifies file downloading activity of tcp/80,443 - - ms-onedrive-base - ssl - web-browsing + + ms-onedrive-business + sharepoint-online-downloading - - http - ssl - + + yammer-downloading + 4 - ms-onedrive + ms-office365 - + saas file-sharing client-server - OneDrive (previously SkyDrive) is a cloud storage, file hosting service that allows users to sync files and later access them from a web browser or mobile device. Users can also share files publicly or with their contacts. -The ms-onedrive-share application identifies file sharing activity of users on OneDrive. + Microsoft OneDrive is a file hosting service operated by Microsoft. This App-ID covers the uploading traffic for OneDrive business application. yes + yes + yes yes no - no + yes no - no + yes yes no yes yes no drop-reset + yes + no + yes + yes + yes + sharepoint-online-uploading + yes + + no + no + no + no + + + [Office 365] + [Uploading] + [Web App] + + + + https://en.wikipedia.org/wiki/OneDrive + + + + + tcp/80,443 + + + + ms-onedrive-business + sharepoint-online-uploading + + 4 + ms-office365 + + + saas + file-sharing + client-server + OneDrive (previously SkyDrive) is a cloud storage, file hosting service that allows users to sync files and later access them from a web browser or mobile device. Users can also share files publicly or with their contacts. +The ms-onedrive-downloading application identifies file downloading activity of users on OneDrive. + yes + yes + yes + yes + yes + no + yes + yes + yes + yes + no + no + yes + no + drop-reset + yes no + yes yes no @@ -128600,8 +128956,61 @@ The ms-onedrive-share application identifies file sharing activity of users on O no + [Downloading] [Office 365] - [Sharing] + [Web App] + + + + https://en.wikipedia.org/wiki/OneDrive + + + + + tcp/80,443 + + + + ms-onedrive-base + ssl + web-browsing + + + http + ssl + + 4 + ms-onedrive + + + saas + file-sharing + client-server + OneDrive (previously SkyDrive) is a cloud storage, file hosting service that allows users to sync files and later access them from a web browser or mobile device. Users can also share files publicly or with their contacts. +The ms-onedrive-share application identifies file sharing activity of users on OneDrive. + yes + yes + no + no + no + no + yes + no + yes + yes + no + drop-reset + no + yes + + no + yes + no + no + + + [Office 365] + [Sharing] [Web App] @@ -130405,7 +130814,6 @@ The ms-onedrive-uploading application identifies file uploading activity of user drop-reset no yes - yes websocket [Web App] @@ -134885,6 +135293,40 @@ It topped the ForeSee Results&#xE2;&#x20AC;&#x2122; Top 100 Online R 3 + + business-systems + medical + client-server + Neximatic offers a cloud-based vital sign streaming solution that automates charting on electronic health record (EHR) systems. This App-ID covers the traffic between Neximatic devices and servers. + yes + no + no + no + no + no + no + no + no + no + drop-reset + no + yes + yes + + + https://www.neximatic.com/index.html + + + + + tcp/443 + + + + ssl + + 1 + media gaming @@ -137231,6 +137673,7 @@ Office Live Workspace is a free service for storing and sharing documents online web-browsing + microsoft-intune ms-delve ms-onedrive-uploading ms-outlook-downloading @@ -143683,6 +144126,7 @@ Based upon OnLive's instant-action cloud gaming technology, OnLive Desktop deliv no + [Generative AI] [Web App] @@ -143738,6 +144182,7 @@ Based upon OnLive's instant-action cloud gaming technology, OnLive Desktop deliv no + [Generative AI] [Web App] @@ -143784,6 +144229,7 @@ Based upon OnLive's instant-action cloud gaming technology, OnLive Desktop deliv no + [Generative AI] [Web App] @@ -146607,6 +147053,86 @@ Contrary to older VPN solutions, PacketiX VPN 2.0 can be integrated into an exis 1 + + paloalto-prisma-sdwan + networking + infrastructure + client-server + Palo Alto Networks Prisma SD-WAN (formerly CloudGenix) is a cloud-delivered service that implements app-defined, autonomous SD-WAN to help you secure and connect your branch offices, data centers and large campus sites without increasing cost and complexity. This App-ID covers the application traffic of Prisma SD-WAN. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + + [Palo Alto Networks] + + + + https://docs.paloaltonetworks.com/prisma/prisma-sd-wan + + + + + tcp/80, 443 + + + + ssl + web-browsing + + 1 + paloalto-prisma-sdwan + + + networking + infrastructure + client-server + Palo Alto Networks Prisma SD-WAN (formerly CloudGenix) is a cloud-delivered service that implements app-defined, autonomous SD-WAN to help you secure and connect your branch offices, data centers and large campus sites without increasing cost and complexity. This App-ID covers the application traffic between a Prisma SD-WAN device and controller. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + + [Palo Alto Networks] + + + + https://docs.paloaltonetworks.com/prisma/prisma-sd-wan + + + + + tcp/443 + + + + ssl + + 1 + paloalto-prisma-sdwan + business-systems management @@ -153524,6 +154050,62 @@ delegate granular privileges and authorization without disclosing the root passw 2 proprofs-survey-maker + + proton + saas + data-privacy + browser-based + Proton AG (Proton) is a Swiss technology company offering privacy-focused online services including Proton Mail, Proton Calendar, Proton Drive and Proton VPN. This App-ID covers the base traffic of Proton. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + web20_parrent_app + yes + + no + no + no + no + + + [Web App] + + + + https://en.wikipedia.org/wiki/Proton_(Swiss_company) + + + + + tcp/80,443 + + + + ssl + web-browsing + + + protonmail + + + ssl + web-browsing + + 1 + proton + collaboration email @@ -153558,6 +154140,7 @@ delegate granular privileges and authorization without disclosing the root passw + proton-base ssl web-browsing @@ -153570,6 +154153,7 @@ delegate granular privileges and authorization without disclosing the root passw ssl 2 + proton networking @@ -156736,6 +157320,43 @@ QQLive is a separate download. It provides more than 100 TV channels, mostly mai 1 + + business-systems + medical + browser-based + Radiometer's AQURE point-of-care IT solution is a digital service that supports high uptime, workflow optimization and quality assurance with centralized control. This App-ID covers the traffic of an AQURE web server. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + + [Web App] + + + + https://www.radiometeramerica.com/en-US/products/connect-and-care/centralized-aqure + + + + + tcp/80,443 + + + + web-browsing + + 1 + business-systems auth-service @@ -159623,7 +160244,6 @@ infrastructure. no yes yes - yes google-cloud-storage-upload yes @@ -159633,6 +160253,7 @@ infrastructure. no + [Generative AI] [Web App] @@ -161684,6 +162305,50 @@ It provides two main communication models: the publish-subscribe protocol, which 4 + + networking + remote-access + client-server + RuDesktop is a client-server application designed to provide access to the desktop of remote computers. This App-ID covers the traffic of RuDesktop. + yes + no + no + no + yes + yes + no + no + no + no + drop-reset + no + yes + yes + yes + web20_parrent_app + + [Web App] + + + + https://rudesktop.ru/ + + + + + tcp/80,443 + + + + ssl + web-browsing + + + ssl + web-browsing + + 2 + media gaming @@ -167306,6 +167971,7 @@ An sFlow agent is the implementation of the sampling mechanism on the hardware ( web-browsing + ms-onedrive-business ms-onedrive-uploading ms-teams-downloading ms-teams-uploading @@ -167385,6 +168051,9 @@ An sFlow agent is the implementation of the sampling mechanism on the hardware ( ssl web-browsing + + ms-onedrive-business-download + ssl web-browsing @@ -167589,6 +168258,9 @@ An sFlow agent is the implementation of the sampling mechanism on the hardware ( ssl web-browsing + + ms-onedrive-business-upload + ssl web-browsing @@ -173764,6 +174436,7 @@ This identifies version 3 of the protocol. SNMPv3 provides important security fe dameware-mini-remote evault factorytalk-assetcentre + ge-dcp globalmeet-base ifolder ipa-scrub-eralexservice @@ -174007,6 +174680,55 @@ This identifies version 3 of the protocol. SNMPv3 provides important security fe 3600 yes + + saas + artificial-intelligence + client-server + Socratic is an education tech company that offers a mobile app for students. The app uses AI technology to help students with their homework by providing educational resources like videos, definitions, Q&amp;A, links and more. This App-ID covers the traffic for Socratic application. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + web20_parrent_app + yes + + no + no + no + no + + + [Web App] + + + + https://en.wikipedia.org/wiki/Socratic_(Google) + + + + + tcp/80,443 + + + + web-browsing + + + web-browsing + + 1 + sodapdf saas @@ -178999,6 +179721,56 @@ The service is largely comparable to other social networking sites. StudiVZ clai 4 + + collaboration + internet-conferencing + client-server + Suit Conference is a video conferencing solution from Istesuit. This App-ID covers the traffic for Suit Conference application. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + websocket + yes + + no + no + no + no + + + [Web App] + + + + https://conference.istesuit.com/ + + + + + tcp/80,443 + + + + ssl + web-browsing + + + web-browsing + + 1 + business-systems ics-protocols @@ -181382,7 +182154,6 @@ This app-id covers uploading workbooks from tableau desktop to tableau online.drop-reset no yes - yes web20_parrent_app yes @@ -181392,6 +182163,7 @@ This app-id covers uploading workbooks from tableau desktop to tableau online.no + [Generative AI] [Web App] @@ -182915,7 +183687,6 @@ TalesRunner is very popular in Korea and it is gaining increasing support in oth drop-reset no yes - yes web20_parrent_app yes @@ -190606,6 +191377,9 @@ During the 2008 United States presidential election, the website was used by nea tcp/9392,9393,9396 + + ssl + 1 @@ -193180,7 +193954,6 @@ Voddler's concept is similar to those of Amazon Video on Demand, Vudu, Headweb, drop-reset no yes - yes web20_parrent_app yes @@ -195691,6 +196464,7 @@ WebQQ is the online service where you can do the QQ chat online without installi spinoco spotify storify-base + suit-conference teamviewer-web telegram-base textnow @@ -211526,6 +212300,14 @@ Zwiki supports a number of wiki markup styles out of the box, including MoinMoin yes paloalto service: client-cert-auth + + yes + Lemon8: pinned-cert + + + yes + Lemon8: pinned-cert + @@ -233321,6 +234103,181 @@ Zwiki supports a number of wiki markup styles out of the box, including MoinMoin + + + + + + unknown-tcp, insufficient-data, web-browsing + alpemix + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + facebook-base + facebook-posting + + + + + + + + + + + + gitlab-base + gitlab-uploading + + + + + + + + + + + + unknown-tcp + ifix + + + + + + + + + + + + ssl,office365-enterprise-access + microsoft-intune + + + + + + + + + + + + + + + + + + + + + + + ssl, web-browsing + protonmail + + + + + + + + pop3-base + redis + + + + + + + + + + + + hp-data-protector + secs-gem + + + + + + + unknown-tcp + siteminder + + + + + + + + + + + + ssl,unknown-tcp + veeam + + + + + + + + unknown-tcp + veeam-cloud-connect + + + + + @@ -237384,6 +238341,16 @@ Zwiki supports a number of wiki markup styles out of the box, including MoinMoin high + + This field identifies the CIP service encapsulated in a CIP Connection Manager request + + 1 + + + 95 + + high + @@ -238048,8 +239015,14 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n This tag groups all App-IDs for Microsoft Office 365 including Outlook, Teams, SharePoint, OneNote, Word, Excel, OneDrive, Forms, Planner, Yammer and more. This tag groups all App-IDs for Microsoft Office 365 including Outlook, Teams, SharePoint, OneNote, Word, Excel, OneDrive, Forms, Planner, Yammer and more. + + 8730 + [Generative AI] + This tag groups App-IDs that use artificial intelligence algorithms to create new content (text, video, audio, images, etc.) or alter it (edit, correct, extend, etc.) based on user input. + This tag groups App-IDs that use artificial intelligence algorithms to create new content (text, video, audio, images, etc.) or alter it (edit, correct, extend, etc.) based on user input. + - 8741-8213 + 8748-8241 @@ -271844,6 +272817,13 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + MultiPlug Adware Traffic Detection + spyware + medium + + alert + DownloadAdmin Adware Traffic Detection spyware @@ -277725,6 +278705,69 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n alert + + Gh0st RAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + Gh0st RAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + Gh0st RAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + Gh0st RAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + Gh0st RAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + Gh0st RAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + Gh0st RAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + Gh0st RAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + Gh0st RAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + EmailSpyPro adware @@ -290962,7 +292005,7 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n Lazarus TLS Fingerprint Detection tls-fingerprint - critical + low alert @@ -299936,7 +300979,7 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both - PowerShell Empire Command and Control Traffic Detection + PowerShell Empire HTTP Listener Command and Control Traffic Detection hacktool medium @@ -299971,14 +301014,14 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both - PowerShell Empire Command and Control Traffic Detection + PowerShell Empire OneDrive Listener Command and Control Traffic Detection hacktool critical reset-both - PowerShell Empire Command and Control Traffic Detection + PowerShell Empire OneDrive Listener Command and Control Traffic Detection hacktool critical @@ -300055,14 +301098,14 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both - PowerShell Empire Command and Control Traffic Detection + PowerShell Empire DropBox Listener Command and Control Traffic Detection hacktool critical reset-both - PowerShell Empire Command and Control Traffic Detection + PowerShell Empire DropBox Listener Command and Control Traffic Detection hacktool critical @@ -300363,6 +301406,41 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + Caldera Sandcat Plugin Executable Download Detection + hacktool + critical + + reset-both + + + Caldera Sandcat Plugin Command and Control Traffic Detection + hacktool + critical + + reset-both + + + QuiteRAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + QuiteRAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + CollectionRAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + Backdoor.BO.Rootme backdoor @@ -318547,7 +319625,7 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n dos high - + yes @@ -321530,6 +322608,32 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + SolarWinds Network Performance Monitor CredentialInitializer Deserialization Vulnerability + + CVE-2023-23836 + + code-execution + high + + + yes + + reset-server + + + PHP-Memcached CLRF Injection Vulnerability + + CVE-2022-26635 + + code-execution + critical + + + yes + + reset-server + Palo Alto Networks PAN-OS Denial-of-Service Vulnerability @@ -373487,9 +374591,9 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n CVE-2020-2040 - code-execution + overflow critical - + yes @@ -406933,7 +408037,7 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n CVE-2012-5946 overflow - low + medium yes @@ -411599,6 +412703,22 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + Microsoft .NET Framework and Silverlight Framework Class Inheritance Vulnerability + + CVE-2011-1253 + + + MS11-078 + + code-execution + critical + + + yes + + reset-both + Google Chrome Use-After-Free Vulnerability @@ -415318,6 +416438,19 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n alert + + RocketMQ NameServer Remote Command Execution Vulnerability + + CVE-2023-37582 + + code-execution + medium + + + yes + + alert + Delta Electronics InfraSuite Security Feature Bypass Vulnerability @@ -415566,6 +416699,19 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + XStream Remote Code Execution Vulnerability + + CVE-2021-21344 + + code-execution + critical + + + yes + + reset-server + Xstream Java XML Deserialization Command Execution Vulnerability @@ -415592,6 +416738,19 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + Microsoft Exchange Server Remote Code Execution Vulnerability + + CVE-2023-32031 + + code-execution + high + + + yes + + reset-server + Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability @@ -415722,6 +416881,19 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + Netgear ProSAFE NMS300 getNodesByTopologyMapSearch SQL Injection Vulnerability + + CVE-2023-38099 + + sql-injection + high + + + yes + + reset-server + Google Chrome Security Check Bypass Vulnerability @@ -415748,6 +416920,45 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + Osprey Pump Controller Information Disclosure Vulnerability + + CVE-2023-28654 + + info-leak + informational + + + yes + + alert + + + Osprey Pump Controller Information Disclosure Vulnerability + + CVE-2023-28375 + + info-leak + high + + + yes + + reset-server + + + Nexxt Nebula 1200-AC Remote Code Execution Vulnerability + + CVE-2022-46080 + + code-execution + critical + + + yes + + reset-server + Adobe Reader Memory Corruption Vulnerability @@ -416069,6 +417280,19 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + Tenda W20E Router Stack Overflow Vulnerability + + CVE-2022-40866 + + overflow + critical + + + yes + + reset-server + Acrobat Reader Memory Corruption Vulnerability @@ -416239,6 +417463,97 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + Tenda W20E Router Stack Overflow Vulnerability + + CVE-2022-40855 + + overflow + critical + + + yes + + reset-server + + + Tenda W20E Router Stack Overflow Vulnerability + + CVE-2022-40864 + + overflow + critical + + + yes + + reset-server + + + Tenda W20E Router Stack Overflow Vulnerability + + CVE-2022-40854 + + overflow + critical + + + yes + + reset-server + + + Tenda W20E Router Stack Overflow Vulnerability + + CVE-2022-40868 + + overflow + critical + + + yes + + reset-server + + + Tenda W20E Router Stack Overflow Vulnerability + + CVE-2022-40867 + + overflow + critical + + + yes + + reset-server + + + Tenda W20E Router Stack Overflow Vulnerability + + CVE-2022-40860 + + overflow + critical + + + yes + + reset-server + + + Tenda W20E Router Stack Overflow Vulnerability + + CVE-2022-40853 + + overflow + critical + + + yes + + reset-server + Google Chrome Type Confusion Vulnerability @@ -416252,6 +417567,483 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + Delta Controls Entelitouch XSS Vulnerability + + CVE-2022-29732 + + code-execution + medium + + + yes + + alert + + + Tenda AC15 and AC18 Routers Heap Overflow Vulnerability + + CVE-2022-40865 + + overflow + critical + + + yes + + reset-server + + + TOTOlink A7100RU Command Injection Vulnerability + + CVE-2023-25395 + + code-execution + critical + + + yes + + reset-server + + + WordPress Customer Reviews for WooCommerce Plugin File Inclusion Vulnerability + + CVE-2023-0080 + + info-leak + high + + + yes + + reset-server + + + Chamilo Command Injection Vulnerability + + CVE-2023-34960 + + code-execution + critical + + + yes + + reset-server + + + WordPress BestWebSoft Gallery Plugin SQL Injection Vulnerability + + CVE-2023-0765 + + sql-injection + high + + + yes + + reset-server + + + WordPress Zyrex Popup Plugin File Upload Vulnerability + + CVE-2023-0924 + + code-execution + high + + + yes + + reset-server + + + WordPress Advanced Custom Fields Plugin Deserialization Vulnerability + + CVE-2023-1196 + + code-execution + high + + + yes + + reset-server + + + OpenCATS Questionnaire.php Stored Cross-Site Scripting Vulnerability + + CVE-2023-27293 + + code-execution + medium + + + yes + + alert + + + XStream Library Insecure Deserialization Vulnerability + + CVE-2020-26258 + CVE-2020-26259 + + code-execution + high + + + yes + + reset-server + + + vBulletin Deserialization Vulnerability + + CVE-2023-25135 + + code-execution + critical + + + yes + + reset-server + + + VMware vCenter Server Arbitrary File Read Vulnerability + + CVE-2021-21986 + + info-leak + critical + + + yes + + reset-server + + + Lexmark Printer Command Injection Vulnerability + + CVE-2023-26067 + + code-execution + high + + + yes + + reset-server + + + Generic HTTP Command Injection Vulnerability + code-execution + medium + + + yes + + alert + + + Trend Micro Apex One Server File Upload Vulnerability + + CVE-2023-0587 + + code-execution + critical + + + yes + + reset-server + + + Huatian Power OA SQL Injection Vulnerability + + CNVD-2022-83472 + + sql-injection + medium + + + yes + + alert + + + Apache Solr xmlparser XML External Entity Expansion Remote Code Execution Vulnerability + + CVE-2017-12629 + + code-execution + critical + + + yes + + reset-server + + + Yonyou NC Deserialization File Upload Vulnerability + code-execution + medium + + + yes + + alert + + + HtmlUnit Remote Code Execution Vulnerability + + CVE-2023-26119 + + code-execution + critical + + + yes + + reset-both + + + HtmlUnit Remote Code Execution Vulnerability + + CVE-2023-26119 + + code-execution + critical + + + yes + + reset-both + + + Leagsoft UniNAC System Arbitrary File Upload Vulnerability + code-execution + medium + + + yes + + alert + + + Adobe ColdFusion IPFilterUtils Improper Access Control Vulnerability + + CVE-2023-38205 + + info-leak + critical + + + yes + + reset-server + + + HAProxy Access Control Bypass Vulnerability + + CVE-2023-25725 + + code-execution + critical + + + yes + + reset-server + + + PMB Project Arbitrary File Upload Vulnerability + + CVE-2023-24734 + + code-execution + critical + + + yes + + reset-server + + + ZoneMinder Local File Inclusion Vulnerability + + CVE-2023-26036 + + code-execution + critical + + + yes + + reset-server + + + Microsoft Internet Explorer Graphics Component Memory Corruption Vulnerability + + CVE-2014-0263 + + + MS14-007 + + code-execution + critical + + + yes + + reset-both + + + Ruijie Command Execution Vulnerability + code-execution + medium + + + yes + + alert + + + Google Chrome Type Confusion Vulnerability + + CVE-2023-3079 + + code-execution + high + + + yes + + reset-both + + + Pimcore Stored Cross-Site Scripting Vulnerability + + CVE-2023-3821 + + code-execution + medium + + + yes + + alert + + + Keycloak Server-Side Request Forgery Vulnerability + + CVE-2020-10770 + + code-execution + medium + + + yes + + alert + + + Microsoft Windows InformationCardSigninHelper ActiveX Control Remote Code Execution Vulnerability + + CVE-2013-3918 + + + MS13-090 + + code-execution + critical + + + yes + + reset-both + + + RaspAP Command Injection Vulnerability + + CVE-2022-39986 + + code-execution + critical + + + yes + + reset-server + + + Libexpat Integer Overflow Vulnerability + + CVE-2022-25315 + + overflow + critical + + + yes + + reset-both + + + PaperCut NG and MF Path Traversal Vulnerability + + CVE-2023-39143 + + info-leak + critical + + + yes + + reset-server + + + Cisco Routers File Upload Vulnerability + + CVE-2023-20073 + + code-execution + critical + + + yes + + reset-both + + + SonicWall GMS and Analytics detectInjection SQL Injection Vulnerability + + CVE-2023-34133 + CVE-2023-34124 + + sql-injection + critical + + + yes + + reset-server + + + Ivanti MobileIron Sentry Command Injection Vulnerability + + CVE-2023-38035 + + code-execution + critical + + + yes + + reset-server + Mozilla Firefox Browser Engine Multiple Unspecified Vulnerabilities @@ -416325,6 +418117,7 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n CVE-2020-7228 CVE-2016-9500 CVE-2018-17441 + CVE-2022-48311 code-execution medium @@ -542903,6 +544696,19 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + Microsoft Windows SMB Denial-of-Service Vulnerability + + CVE-2022-32230 + + dos + high + + + yes + + reset-server + Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Overflow Vulnerability @@ -546121,6 +547927,32 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + Apache ActiveMQ Artemis Denial-of-Service Vulnerability + + CVE-2022-23913 + + dos + high + + + yes + + reset-server + + + Microsoft Message Queuing Remote Code Execution Vulnerability + + CVE-2023-21554 + + code-execution + critical + + + yes + + reset-server + Cisco Secure ACS EAP-TLS Authentication Bypass Vulnerability @@ -562268,6 +564100,19 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + Microsoft Windows Rdp Gateway Server Remote Code Execution Vulnerability + + CVE-2020-0609 + + code-execution + critical + + + yes + + reset-server + Squid WCCP Message Receive Buffer Overflow @@ -564567,6 +566412,20 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n + + + + + + + + + + + + + + @@ -567164,6 +569023,16 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n high + + This field identifies the CIP service encapsulated in a CIP Connection Manager request + + 1 + + + 95 + + high + diff --git a/lib/object-classes/trait/AddressCommon.php b/lib/object-classes/trait/AddressCommon.php index 113f790d..35d7ea75 100644 --- a/lib/object-classes/trait/AddressCommon.php +++ b/lib/object-classes/trait/AddressCommon.php @@ -255,6 +255,10 @@ private function __removeWhereIamUsed($apiMode, $displayOutput = FALSE, $outputP elseif( $refClass == 'AddressRuleContainer' ) { /** @var AddressRuleContainer $ref */ + //->0 === null will happen if rule was already deleted + if( $ref->o === null ) + continue; + if( $ref->count() <= 1 && $actionIfLastInRule == 'delete' ) { if( $displayOutput ) diff --git a/lib/rule-classes/RuleStore.php b/lib/rule-classes/RuleStore.php index 45bf2463..470ef1e2 100644 --- a/lib/rule-classes/RuleStore.php +++ b/lib/rule-classes/RuleStore.php @@ -498,7 +498,7 @@ function &getStoreVarName() * @param integer|string $startCount * @return string */ - public function findAvailableName($base, $suffix = '', $startCount = '') + public function findAvailableName($base, $suffix = '', $startCount = '', $nested = TRUE) { //Todo based on PAN-OS rule name was extended if( $this->owner->version >= 81 ) @@ -524,7 +524,7 @@ public function findAvailableName($base, $suffix = '', $startCount = '') else $newname = $base . $suffix . $inc; - if( $this->isRuleNameAvailable($newname) ) + if( $this->isRuleNameAvailable($newname, $nested) ) return $newname; if( $startCount == '' ) @@ -575,15 +575,15 @@ public function ruleWasRenamed($rule, $oldName) * @param null|bool $inPostRuleBase * @return Rule|SecurityRule|NatRule|DecryptionRule|AppOverrideRule|CaptivePortalRule|AuthenticationRule|PbfRule|QoSRule|DoSRule */ - public function cloneRule($rule, $newName = null, $inPostRuleBase = null) + public function cloneRule($rule, $newName = null, $inPostRuleBase = null, $nested = TRUE ) { if( $newName !== null ) { - if( !$this->isRuleNameAvailable($newName) ) + if( !$this->isRuleNameAvailable($newName, $nested) ) derr('this rule name is not available: ' . $newName); } else - $newName = $this->findAvailableName($rule->name(), ''); + $newName = $this->findAvailableName($rule->name(), '', '', $nested); if( $inPostRuleBase === null ) $inPostRuleBase = $rule->isPostRule(); @@ -610,9 +610,9 @@ public function cloneRule($rule, $newName = null, $inPostRuleBase = null) * @param $inPostRuleBase null|bool * @return NatRule|SecurityRule */ - public function API_cloneRule($rule, $newName, $inPostRuleBase = null) + public function API_cloneRule($rule, $newName, $inPostRuleBase = null, $nested = TRUE) { - $nr = $this->cloneRule($rule, $newName, $inPostRuleBase); + $nr = $this->cloneRule($rule, $newName, $inPostRuleBase, $nested); $con = findConnectorOrDie($this); diff --git a/migration/parser/lib/CONVERTER.php b/migration/parser/lib/CONVERTER.php index a9b22c27..8ba7d563 100644 --- a/migration/parser/lib/CONVERTER.php +++ b/migration/parser/lib/CONVERTER.php @@ -433,14 +433,14 @@ public function initial() $this->display_error_usage_exit('"vendor" is missing from arguments'); if( isset(PH::$args['in']) ) - { $this->configInput = PH::$args['in']; - $this->configInput = PH::processIOMethod($this->configInput, TRUE); - } elseif( isset(PH::$args['template']) ) - $this->configInput['filename'] = __DIR__ . "/../panorama_baseconfig.xml"; + $this->configInput = __DIR__ . "/../panorama_baseconfig.xml"; else - $this->configInput['filename'] = __DIR__ . "/../panos_baseconfig.xml"; + $this->configInput = __DIR__ . "/../panos_baseconfig.xml"; + + $this->configInput = PH::processIOMethod($this->configInput, TRUE); + if( isset(PH::$args['routetable']) ) diff --git a/utils/common/RuleCallContext.php b/utils/common/RuleCallContext.php index 2a4fea31..3b27e6d3 100644 --- a/utils/common/RuleCallContext.php +++ b/utils/common/RuleCallContext.php @@ -462,7 +462,6 @@ public function ruleFieldHtmlExport($rule, $fieldName, $wrap = TRUE, $rule_hitco if( $fieldName == 'application_seen' ) { - print "application_seen\n"; $app_seen_text = ""; $rule_array = $rule->API_apps_seen(); if( !empty($rule_array ) ) @@ -1303,6 +1302,217 @@ public function ScheduleResolveSummary( $rule, $returnString = false ) return ''; } + public function API_apps_seen($rule) + { + $rule_array = array(); + + $rule_uuid = $rule->uuid(); + $cmd = "".$rule_uuid." +apps-seenlast-app-seen-since-countdays-no-new-app-count30anyvsys1securitymainno"; + + $connector = findConnectorOrDie($rule); + $res = $connector->sendOpRequest($cmd); + $res = DH::findFirstElement( "result", $res); + $res = DH::findFirstElement( "rules", $res); + $rule = DH::findFirstElementByNameAttr( "entry", $rule->name(), $res ); + + if( $rule !== null && $rule !== false ) + { + $apps_seen = DH::findFirstElement( "apps-seen", $rule); + $app_array = array(); + foreach( $apps_seen->childNodes as $app ) + { + /** @var DOMElement $app */ + if( $app->nodeType != XML_ELEMENT_NODE ) + continue; + + $application = DH::findFirstElement( "application", $app); + $bytes = DH::findFirstElement( "bytes", $app); + $first_seen = DH::findFirstElement( "first-seen", $app); + $last_seen = DH::findFirstElement( "last-seen", $app); + + $app_array[$application->textContent] = array( + "name" => $application->textContent, + "bytes" => $bytes->textContent, + "first_seen" => $first_seen->textContent, + "last_seen" => $last_seen->textContent, + ); + #print "APP: ".$application->textContent."\n"; + #DH::DEBUGprintDOMDocument( $app ); + } + + #print_r($app_array); + $apps = array_keys($app_array); + + $apps_allowed_count = DH::findFirstElement( "apps-allowed-count", $rule); + $days_no_new_app_count = DH::findFirstElement( "days-no-new-app-count", $rule); + $last_app_seen_since_count = DH::findFirstElement( "last-app-seen-since-count", $rule); + + $rule_array = array( "apps-seen-count" => count($app_array), + "apps-seen" => $app_array, + "apps-allowed-count" => $apps_allowed_count->textContent, + "days-no-new-app-count" => $days_no_new_app_count->textContent, + "last-app-seen-since-count" => $last_app_seen_since_count->textContent, + ); + } + + return $rule_array; + } + + public function API_showRuleHitCount( $rule, $all = false, $print = TRUE ) + { + $con = findConnectorOrDie($rule); + + $rule_hitcount_array = array(); + + if( $con->info_PANOS_version_int >= 90 ) + { + $system = $rule->owner->owner; + $cmd = $rule->prepareRuleHitCount('show', $all); + + if( $cmd == null ) + { + PH::print_stdout( " * not working for Panorama/FW shared" ); + return; + } + + + $res = $con->sendOpRequest($cmd, TRUE); + $res = DH::findFirstElement( "result", $res); + + + $res = DH::findFirstElement( "rule-hit-count", $res); + if( !$res ) + return; + + if( $system->isPanorama() ) + { + DH::DEBUGprintDOMDocument($res); + } + elseif( $system->isDeviceGroup() && $system->name() !== "" ) + { + #DH::DEBUGprintDOMDocument($res); + $res = DH::findFirstElement( "device-group", $res); + } + + elseif( $system->isVirtualSystem() ) + $res = DH::findFirstElement( "vsys", $res); + + if( $system->isDeviceGroup() && $system->name() === "" ) + { + #$res = DH::findFirstElement( "entry", $res); + $res = $res; + } + else + $res = DH::findFirstElement( "entry", $res); + + $res = DH::findFirstElement( "rule-base", $res); + $res = DH::findFirstElement( "entry", $res); + $res = DH::findFirstElement( "rules", $res); + $res = DH::findFirstElement( "entry", $res); + + + if( $system->isDeviceGroup() ) + { + DH::DEBUGprintDOMDocument($res); + // + $res = DH::findFirstElement( "device-vsys", $res); + $res = DH::findFirstElement( "entry", $res); + } + + $latest = DH::findFirstElement( "latest", $res); + $hit_count = DH::findFirstElement( "hit-count", $res); + $last_hit_timestamp = DH::findFirstElement( "last-hit-timestamp", $res); + $last_reset_timestamp = DH::findFirstElement( "last-reset-timestamp", $res); + + $first_hit_timestamp = DH::findFirstElement( "first-hit-timestamp", $res); + $rule_creation_timestamp = DH::findFirstElement( "rule-creation-timestamp", $res); + $rule_modification_timestamp = DH::findFirstElement( "rule-modification-timestamp", $res); + + //create Array and return + $padding = " * "; + if( $latest ) + { + if( $print ) + PH::print_stdout( $padding."latest: ".$latest->textContent ); + $rule_hitcount_array['latest'] = $latest->textContent; + } + + if( $hit_count) + { + if( $print ) + PH::print_stdout( $padding."hit-count: ".$hit_count->textContent ); + $rule_hitcount_array['hit-count'] = $hit_count->textContent; + } + + if( $last_hit_timestamp ) + { + $unixTimestamp = $last_hit_timestamp->textContent; + if( $unixTimestamp === "0" || $unixTimestamp === "" ) + $result = "0"; + else + $result = date( 'Y-m-d H:i:s', $unixTimestamp ); + if( $print ) + PH::print_stdout( $padding."last-hit: ".$result ); + $rule_hitcount_array['last-hit'] = $result; + } + + if( $last_reset_timestamp ) + { + $unixTimestamp = $last_reset_timestamp->textContent; + if( $unixTimestamp === "0" || $unixTimestamp === "" ) + $result = "0"; + else + $result = date( 'Y-m-d H:i:s', $unixTimestamp ); + if( $print ) + PH::print_stdout( $padding."last-reset: ".$result ); + $rule_hitcount_array['last-reset'] = $result; + } + + if( $first_hit_timestamp ) + { + $unixTimestamp = $first_hit_timestamp->textContent; + if( $unixTimestamp === "0" || $unixTimestamp === "" ) + $result = "0"; + else + $result = date( 'Y-m-d H:i:s', $unixTimestamp ); + if( $print ) + PH::print_stdout( $padding."first-hit: ".$result ); + $rule_hitcount_array['first-hit'] = $result; + } + + if( $rule_creation_timestamp ) + { + $unixTimestamp = $rule_creation_timestamp->textContent; + if( $unixTimestamp === "" ) + $result = 0; + else + $result = date( 'Y-m-d H:i:s', $unixTimestamp ); + if( $print ) + PH::print_stdout( $padding."rule-creation: ".$result ); + $rule_hitcount_array['rule-creation'] = $result; + } + if( $rule_modification_timestamp ) + { + $unixTimestamp = $rule_modification_timestamp->textContent; + if( $unixTimestamp === "" ) + $result = 0; + else + $result = date( 'Y-m-d H:i:s', $unixTimestamp ); + if( $print ) + PH::print_stdout( $padding."rule-modification: ".$result ); + $rule_hitcount_array['rule-modification'] = $result; + } + + } + else + { + if( $print ) + PH::print_stdout( " PAN-OS version must be 9.0 or higher" ); + } + + return $rule_hitcount_array; + } } diff --git a/utils/common/actions-rule.php b/utils/common/actions-rule.php index 04bb051b..4aa01a62 100644 --- a/utils/common/actions-rule.php +++ b/utils/common/actions-rule.php @@ -3804,6 +3804,8 @@ $addResolvedApplicationSummary = FALSE; $addResolvedScheduleSummary = FALSE; $addResolvedServiceAppDefaultSummary = FALSE; + $addAppSeenSummary = FALSE; + $addHitCountSummary = FALSE; $optionalFields = &$context->arguments['additionalFields']; @@ -3817,6 +3819,10 @@ $addResolvedApplicationSummary = TRUE; if( isset($optionalFields['ResolveScheduleSummary']) ) $addResolvedScheduleSummary = TRUE; + if( isset($optionalFields['ApplicationSeen']) ) + $addAppSeenSummary = TRUE; + if( isset($optionalFields['HitCount']) ) + $addHitCountSummary = TRUE; if( get_class( $context->object ) === "SecurityRule" ) { @@ -3863,6 +3869,18 @@ if( $addResolvedScheduleSummary ) PH::$JSON_TMP['sub']['object'][$rule->name()]['schedule_resolved_sum'] = $context->ScheduleResolveSummary( $rule ); + + if( $addAppSeenSummary ) + PH::$JSON_TMP['sub']['object'][$rule->name()]['application_seen'] = $context->API_apps_seen( $rule ); + + if( $addHitCountSummary && $context->isAPI) + { + $rule_hitcount_array = $context->API_showRuleHitCount( $rule,false, false ); + + PH::$JSON_TMP['sub']['object'][$rule->name()]['first-hit'] = $rule_hitcount_array['first-hit']; + PH::$JSON_TMP['sub']['object'][$rule->name()]['last-hit'] = $rule_hitcount_array['last-hit']; + PH::$JSON_TMP['sub']['object'][$rule->name()]['hit-count'] = $rule_hitcount_array['hit-count']; + } } }, 'args' => array( @@ -3870,13 +3888,15 @@ array('type' => 'pipeSeparatedList', 'subtype' => 'string', 'default' => '*NONE*', - 'choices' => array('ResolveAddressSummary', 'ResolveServiceSummary', 'ResolveServiceAppDefaultSummary','ResolveApplicationSummary', 'ResolveScheduleSummary'), + 'choices' => array('ResolveAddressSummary', 'ResolveServiceSummary', 'ResolveServiceAppDefaultSummary','ResolveApplicationSummary', 'ResolveScheduleSummary', 'ApplicationSeen', 'HitCount'), 'help' => "pipe(|) separated list of additional field to include in the report. The following is available:\n" . " - ResolveAddressSummary : fields with address objects will be resolved to IP addressed and summarized in a new column)\n" . " - ResolveServiceSummary : fields with service objects will be resolved to their value and summarized in a new column)\n" . " - ResolveServiceAppDefaultSummary : fields with application objects will be resolved to their service default value and summarized in a new column)\n" . " - ResolveApplicationSummary : fields with application objects will be resolved to their category and risk)\n" . - " - ResolveScheduleSummary : fields with schedule objects will be resolved to their expire time)\n" + " - ResolveScheduleSummary : fields with schedule objects will be resolved to their expire time)\n" . + " - ApplicationSeen : all App-ID seen on the Device SecurityRule will be listed\n" . + " - HitCount : Rule - 'first-hit' - 'last-hit' - 'hit-count' will be listed" ) ) ); @@ -4030,7 +4050,7 @@ } else { - $ruleStore->API_cloneRule($rule, null, $moveToPost); + $ruleStore->API_cloneRule($rule, null, $moveToPost, FALSE); $rule->owner->API_remove($rule); } } @@ -4046,14 +4066,16 @@ } else { - $ruleStore->cloneRule($rule, null, $moveToPost); + $ruleStore->cloneRule($rule, null, $moveToPost, FALSE); $rule->owner->remove($rule); } } }, - 'args' => array('location' => array('type' => 'string', 'default' => '*nodefault*'), - 'preORpost' => array('type' => 'string', 'default' => 'pre', 'choices' => array('pre', 'post'))) + 'args' => array( + 'location' => array('type' => 'string', 'default' => '*nodefault*'), + 'preORpost' => array('type' => 'string', 'default' => 'pre', 'choices' => array('pre', 'post')) + ) ); RuleCallContext::$supportedActions[] = array( @@ -4453,14 +4475,15 @@ foreach( $fields as $fieldName => $value ) { if( (( - $fieldName == 'src_resolved_sum' || $fieldName == 'src_resolved_value' || + $fieldName == 'src_resolved_sum' || $fieldName == 'src_resolved_sumOLD' || $fieldName == 'src_resolved_value' || $fieldName == 'src_resolved_nested_name' || $fieldName == 'src_resolved_nested_value' || $fieldName == 'src_resolved_nested_location' || - $fieldName == 'dst_resolved_sum' || $fieldName == 'dst_resolved_value' || + $fieldName == 'dst_resolved_sum' || $fieldName == 'dst_resolved_sumOLD' || $fieldName == 'dst_resolved_value' || $fieldName == 'dst_resolved_nested_name' || $fieldName == 'dst_resolved_nested_value' || $fieldName == 'dst_resolved_nested_location' || $fieldName == 'dnat_host_resolved_sum' || $fieldName == 'snat_address_resolved_sum') && !$addResolvedAddressSummary) || (($fieldName == 'service_resolved_sum' || + $fieldName == 'service_resolved_nested_name' || $fieldName == 'service_resolved_nested_value' || $fieldName == 'service_resolved_nested_location' || $fieldName == 'service_count' || $fieldName == 'service_count_tcp' || $fieldName == 'service_count_udp') && !$addResolvedServiceSummary) || (($fieldName == 'service_appdefault_resolved_sum') && !$addResolvedServiceAppDefaultSummary) || (($fieldName == 'application_resolved_sum') && !$addResolvedApplicationSummary) || diff --git a/utils/develop/ui/json_array.js b/utils/develop/ui/json_array.js index c63ca4a2..32dc3701 100644 --- a/utils/develop/ui/json_array.js +++ b/utils/develop/ui/json_array.js @@ -2350,9 +2350,11 @@ var subjectObject = "ResolveServiceSummary", "ResolveServiceAppDefaultSummary", "ResolveApplicationSummary", - "ResolveScheduleSummary" + "ResolveScheduleSummary", + "ApplicationSeen", + "HitCount" ], - "help": "pipe(|) separated list of additional field to include in the report. The following is available:\n - ResolveAddressSummary : fields with address objects will be resolved to IP addressed and summarized in a new column)\n - ResolveServiceSummary : fields with service objects will be resolved to their value and summarized in a new column)\n - ResolveServiceAppDefaultSummary : fields with application objects will be resolved to their service default value and summarized in a new column)\n - ResolveApplicationSummary : fields with application objects will be resolved to their category and risk)\n - ResolveScheduleSummary : fields with schedule objects will be resolved to their expire time)\n" + "help": "pipe(|) separated list of additional field to include in the report. The following is available:\n - ResolveAddressSummary : fields with address objects will be resolved to IP addressed and summarized in a new column)\n - ResolveServiceSummary : fields with service objects will be resolved to their value and summarized in a new column)\n - ResolveServiceAppDefaultSummary : fields with application objects will be resolved to their service default value and summarized in a new column)\n - ResolveApplicationSummary : fields with application objects will be resolved to their category and risk)\n - ResolveScheduleSummary : fields with schedule objects will be resolved to their expire time)\n - ApplicationSeen : all App-ID seen on the Device SecurityRule will be listed\n - HitCount : Rule - 'first-hit' - 'last-hit' - 'hit-count' will be listed" } } }, diff --git a/utils/lib/UTIL.php b/utils/lib/UTIL.php index 99c7a08f..4eb99343 100644 --- a/utils/lib/UTIL.php +++ b/utils/lib/UTIL.php @@ -1046,7 +1046,7 @@ public function determineConfigType() unset($xpathResult); - if( $this->configInput['type'] !== 'sase-api') + if( isset($this->configInput['type']) && $this->configInput['type'] !== 'sase-api') { if( $this->configType == 'panos' ) { diff --git a/utils/lib/util_action_filter.json b/utils/lib/util_action_filter.json index 3ba08c78..621b8dac 100644 --- a/utils/lib/util_action_filter.json +++ b/utils/lib/util_action_filter.json @@ -2349,9 +2349,11 @@ "ResolveServiceSummary", "ResolveServiceAppDefaultSummary", "ResolveApplicationSummary", - "ResolveScheduleSummary" + "ResolveScheduleSummary", + "ApplicationSeen", + "HitCount" ], - "help": "pipe(|) separated list of additional field to include in the report. The following is available:\n - ResolveAddressSummary : fields with address objects will be resolved to IP addressed and summarized in a new column)\n - ResolveServiceSummary : fields with service objects will be resolved to their value and summarized in a new column)\n - ResolveServiceAppDefaultSummary : fields with application objects will be resolved to their service default value and summarized in a new column)\n - ResolveApplicationSummary : fields with application objects will be resolved to their category and risk)\n - ResolveScheduleSummary : fields with schedule objects will be resolved to their expire time)\n" + "help": "pipe(|) separated list of additional field to include in the report. The following is available:\n - ResolveAddressSummary : fields with address objects will be resolved to IP addressed and summarized in a new column)\n - ResolveServiceSummary : fields with service objects will be resolved to their value and summarized in a new column)\n - ResolveServiceAppDefaultSummary : fields with application objects will be resolved to their service default value and summarized in a new column)\n - ResolveApplicationSummary : fields with application objects will be resolved to their category and risk)\n - ResolveScheduleSummary : fields with schedule objects will be resolved to their expire time)\n - ApplicationSeen : all App-ID seen on the Device SecurityRule will be listed\n - HitCount : Rule - 'first-hit' - 'last-hit' - 'hit-count' will be listed" } } },