From fa9b9f1f530ca9c73e4846cdeb6831d0c2f74c04 Mon Sep 17 00:00:00 2001 From: Sven Waschkut Date: Fri, 8 Sep 2023 13:44:54 +0200 Subject: [PATCH 01/16] start version 2.1.17 --- CHANGELOG.txt | 10 +++++++++- lib/misc-classes/PH.php | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index f9ed2e52..96cf6644 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,6 +1,14 @@ CHANGELOG -2.1.16 +2.1.17 +UTIL: + +BUGFIX: + +GENERAL: + + +2.1.16 (20230908) UTIL: * type=address | new 'filter=(name same.as.region.predefined)' * class UTIL | extend if API mode - with App-id/AV/WF/Threat version info diff --git a/lib/misc-classes/PH.php b/lib/misc-classes/PH.php index fd32cf7e..cdd3d4bd 100644 --- a/lib/misc-classes/PH.php +++ b/lib/misc-classes/PH.php @@ -182,7 +182,7 @@ function __construct($argv, $argc) private static $library_version_major = 2; private static $library_version_sub = 1; - private static $library_version_bugfix = 16; + private static $library_version_bugfix = 17; //BASIC AUTH PAN-OS 7.1 public static $softwareupdate_key = "658d787f293e631196dac9fb29490f1cc1bb3827"; From 7b90d5f774aeb75a7c119688c2862deb0964a56e Mon Sep 17 00:00:00 2001 From: Sven Waschkut Date: Tue, 12 Sep 2023 17:58:23 +0200 Subject: [PATCH 02/16] type=certificate | extend to TemplateStack --- CHANGELOG.txt | 1 + .../TemplateStack.php | 22 +++++++++++++ .../filters/filters-Certificate.php | 31 +++++++++++++++++++ lib/pan_php_framework.php | 2 ++ utils/common/CertificateCallContext.php | 2 +- utils/lib/NETWORKUTIL.php | 20 ++++++++++++ 6 files changed, 77 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 96cf6644..c9354cfc 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -2,6 +2,7 @@ CHANGELOG 2.1.17 UTIL: +* type=certificate | extend to TemplateStack BUGFIX: diff --git a/lib/device-and-system-classes/TemplateStack.php b/lib/device-and-system-classes/TemplateStack.php index 4187d498..f2c80442 100644 --- a/lib/device-and-system-classes/TemplateStack.php +++ b/lib/device-and-system-classes/TemplateStack.php @@ -36,6 +36,9 @@ class TemplateStack public $FirewallsSerials = array(); + /** @var CertificateStore */ + public $certificateStore = null; + /** @var PANConf */ public $deviceConfiguration; @@ -49,6 +52,9 @@ public function __construct($name, $owner) $this->name = $name; $this->owner = $owner; $this->deviceConfiguration = new PANConf(null, null, $this); + + $this->certificateStore = new CertificateStore($this); + $this->certificateStore->setName('certificateStore'); } public function load_from_domxml(DOMElement $xml) @@ -98,7 +104,23 @@ public function load_from_domxml(DOMElement $xml) if( $tmp !== false ) { $this->deviceConfiguration->load_from_domxml($tmp); + + $shared = DH::findFirstElement('shared', $tmp); + if( $shared !== false ) + { + // + // Extract Certificate objects + // + $tmp = DH::findFirstElement('certificate', $shared); + if( $tmp !== FALSE ) + { + $this->certificateStore->load_from_domxml($tmp); + } + // End of Certificate objects extraction + } } + + } public function name() diff --git a/lib/misc-classes/filters/filters-Certificate.php b/lib/misc-classes/filters/filters-Certificate.php index 6d5c825b..a2101472 100644 --- a/lib/misc-classes/filters/filters-Certificate.php +++ b/lib/misc-classes/filters/filters-Certificate.php @@ -1,5 +1,36 @@ function (CertificateRQueryContext $context) { + return $context->object->name() == $context->value; + }, + 'arg' => TRUE, + 'ci' => array( + 'fString' => '(%PROP% new test 1)', + 'input' => 'input/panorama-8.0.xml' + ) +); +RQuery::$defaultFilters['certificate']['name']['operators']['eq.nocase'] = array( + 'Function' => function (CertificateRQueryContext $context) { + return strtolower($context->object->name()) == strtolower($context->value); + }, + 'arg' => TRUE, + 'ci' => array( + 'fString' => '(%PROP% new test 2)', + 'input' => 'input/panorama-8.0.xml' + ) +); +RQuery::$defaultFilters['certificate']['name']['operators']['contains'] = array( + 'Function' => function (CertificateRQueryContext $context) { + return strpos($context->object->name(), $context->value) !== FALSE; + }, + 'arg' => TRUE, + 'ci' => array( + 'fString' => '(%PROP% -)', + 'input' => 'input/panorama-8.0.xml' + ) +); + RQuery::$defaultFilters['certificate']['publickey-algorithm']['operators']['is.rsa'] = array( 'Function' => function (CertificateRQueryContext $context) { if( !$context->object->hasPublicKey() ) diff --git a/lib/pan_php_framework.php b/lib/pan_php_framework.php index da8b2922..d848d2d8 100644 --- a/lib/pan_php_framework.php +++ b/lib/pan_php_framework.php @@ -325,6 +325,8 @@ function my_shutdown() require_once $basedir . '/network-classes/VirtualWire.php'; require_once $basedir . '/network-classes/VirtualWireStore.php'; +require_once $basedir . '/network-classes/SharedGatewayStore.php'; + require_once $basedir . '/network-classes/Certificate.php'; require_once $basedir . '/network-classes/CertificateStore.php'; diff --git a/utils/common/CertificateCallContext.php b/utils/common/CertificateCallContext.php index 4c52af38..e46df5b2 100644 --- a/utils/common/CertificateCallContext.php +++ b/utils/common/CertificateCallContext.php @@ -41,5 +41,5 @@ static public function prepareSupportedActions() } } require_once "actions-certificate.php"; -DHCPCallContext::prepareSupportedActions(); +CertificateCallContext::prepareSupportedActions(); diff --git a/utils/lib/NETWORKUTIL.php b/utils/lib/NETWORKUTIL.php index 4d721ea1..e6e4f55f 100644 --- a/utils/lib/NETWORKUTIL.php +++ b/utils/lib/NETWORKUTIL.php @@ -206,6 +206,18 @@ public function location_filter_object() } } + + foreach( $this->pan->templatestacks as $templatestack ) + { + if( $this->templateName == 'any' || $this->templateName == $templatestack->name() ) + { + if( $location == 'shared' || $location == 'any' ) + { + if( $this->utilType == 'certificate' ) + $this->objectsToProcess[] = Array('store' => $templatestack->certificateStore, 'objects' => $templatestack->certificateStore->getAll()); + } + } + } } else { @@ -216,6 +228,14 @@ public function location_filter_object() { #if( $this->utilType == 'interface' ) # $this->objectsToProcess[] = Array('store' => $sub->deviceConfiguration->network, 'objects' => $sub->deviceConfiguration->network->getAllInterfaces()); + + /* + if( get_class($sub) === "Container" ) + continue; + foreach( $sub->deviceConfiguration->getVirtualSystems() as $vsys ) + if( $this->utilType == 'certificate' ) + $this->objectsToProcess[] = Array('store' => $vsys->certificateStore, 'objects' => $vsys->certificateStore->getAll()); + */ } } } From 0586f0456d7cf35216076bc2466b12fc275d9e4c Mon Sep 17 00:00:00 2001 From: Sven Waschkut Date: Tue, 12 Sep 2023 17:58:42 +0200 Subject: [PATCH 03/16] Update UTIL.php --- utils/lib/UTIL.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/utils/lib/UTIL.php b/utils/lib/UTIL.php index 4bd85ff2..e97ae7ce 100644 --- a/utils/lib/UTIL.php +++ b/utils/lib/UTIL.php @@ -533,6 +533,8 @@ public function loadplugin() ThreatCallContext::prepareSupportedActions(); elseif( $this->utilType == 'device' ) DeviceCallContext::prepareSupportedActions(); + elseif( $this->utilType == 'certificate' ) + CertificateCallContext::prepareSupportedActions(); } From 369778a4decf3cdfe1d7cd31fc839efbc9f96282 Mon Sep 17 00:00:00 2001 From: Sven Waschkut Date: Tue, 12 Sep 2023 18:04:16 +0200 Subject: [PATCH 04/16] type=ssh-connector in=admin@MGMT-IP setcommand-file=set-commands.txt | bugfix to correctly send set commands --- CHANGELOG.txt | 1 + utils/lib/RUNSSH.php | 30 ++++++++++++++++++++++++++---- 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index c9354cfc..ecf1ce4a 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -5,6 +5,7 @@ UTIL: * type=certificate | extend to TemplateStack BUGFIX: +* type=ssh-connector in=admin@MGMT-IP setcommand-file=set-commands.txt | bugfix to correctly send set commands GENERAL: diff --git a/utils/lib/RUNSSH.php b/utils/lib/RUNSSH.php index e667afc9..b19a9ebf 100644 --- a/utils/lib/RUNSSH.php +++ b/utils/lib/RUNSSH.php @@ -54,27 +54,46 @@ function __construct( $ip, $user, $password, $commands, &$output_string, $timeou $configureFound = false; $combinedCommands = ""; $write = false; + $maxcommandCounter = count($commands)+1; foreach( $commands as $k => $command ) { + PH::print_stdout("-------------"); PH::print_stdout( strtoupper($command) . ":"); - - if( strpos( $command, "configure" ) !== FALSE ) + if( strpos( $command, "set cli pager" ) !== FALSE ) { $configureFound = true; + print "write 1a\n"; + print "command: ".$command."\n"; $ssh->write($command . "\n"); $configureCounter = 0; + $maxcommandCounter--; + } + elseif( strpos( $command, "configure" ) !== FALSE ) + { + $configureFound = true; + print "write 1b\n"; + print "command: ".$command."\n"; + $ssh->write($command . "\n"); + $configureCounter = 0; + $maxcommandCounter--; } - if( $configureFound && $configureCounter != 0 ) + if( $configureFound && $configureCounter > 0 ) { + print "TEST\n"; + print "counter: ".$configureCounter."\n"; + print "maxcounter: ".$maxcommandCounter."\n"; + $combinedCommands .= $command."\n"; $configureCounter++; - if( $configureCounter == $setcommandMaxLine ) + if( $configureCounter == $setcommandMaxLine || $configureCounter == $maxcommandCounter ) { $configureCounter = 1; + print "write 2\n"; + print "command: ".$combinedCommands."\n"; $ssh->write( $combinedCommands ); $write = true; $combinedCommands = ""; @@ -86,6 +105,8 @@ function __construct( $ip, $user, $password, $commands, &$output_string, $timeou } else { + print "write 3\n"; + print "command: ".$command."\n"; $ssh->write($command . "\n"); $write = true; } @@ -96,6 +117,7 @@ function __construct( $ip, $user, $password, $commands, &$output_string, $timeou if( $write ) { sleep(1); + print "read\n"; $tmp_string = $ssh->read(); PH::print_stdout( $tmp_string ); From 78af12cc076c7e3aae6091dbfa75ec6caeea0528 Mon Sep 17 00:00:00 2001 From: Sven Waschkut Date: Wed, 13 Sep 2023 13:38:46 +0200 Subject: [PATCH 05/16] introduce class SharedGatewayStore | extend different classes to support SharedGateway --- CHANGELOG.txt | 1 + lib/device-and-system-classes/PANConf.php | 44 ++++ .../VirtualSystem.php | 79 +++++--- .../NetworkPropertiesContainer.php | 15 +- lib/network-classes/SharedGatewayStore.php | 188 ++++++++++++++++++ lib/network-classes/Zone.php | 10 +- utils/lib/UTIL.php | 22 ++ 7 files changed, 327 insertions(+), 32 deletions(-) create mode 100644 lib/network-classes/SharedGatewayStore.php diff --git a/CHANGELOG.txt b/CHANGELOG.txt index ecf1ce4a..40dda0ca 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -3,6 +3,7 @@ CHANGELOG 2.1.17 UTIL: * type=certificate | extend to TemplateStack +* introduce class SharedGatewayStore | extend different classes to support SharedGateway BUGFIX: * type=ssh-connector in=admin@MGMT-IP setcommand-file=set-commands.txt | bugfix to correctly send set commands diff --git a/lib/device-and-system-classes/PANConf.php b/lib/device-and-system-classes/PANConf.php index d8e36f95..e39b2386 100644 --- a/lib/device-and-system-classes/PANConf.php +++ b/lib/device-and-system-classes/PANConf.php @@ -73,6 +73,9 @@ class PANConf /** @var VirtualSystem[] */ public $virtualSystems = array(); + /** @var VirtualSystem[] */ + public $sharedGateways = array(); + /** @var PanAPIConnector|null $connector */ public $connector = null; @@ -678,6 +681,23 @@ public function findVSYS_by_displayName($displayname) return null; } + /** + * @param string $name + * @return VirtualSystem|null + */ + public function findSharedGateway_by_displayName($displayname) + { + $tmp_vsys = $this->getSharedGateways(); + foreach( $tmp_vsys as $vsys ) + { + if( $vsys->alternativeName() == $displayname ) + return $vsys; + + } + + return null; + } + /** * @param string $name * @return VirtualSystem|null @@ -695,6 +715,23 @@ public function findVirtualSystem($name) return null; } + /** + * @param string $name + * @return VirtualSystem|null + */ + public function findSharedGateway($name) + { + foreach( $this->sharedGateways as $vsys ) + { + if( $vsys->name() == $name ) + { + return $vsys; + } + } + + return null; + } + /** * @param string $fileName * @param bool $printMessage @@ -767,6 +804,13 @@ public function getVirtualSystems() return $this->virtualSystems; } + /** + * @return VirtualSystem[] + */ + public function getSharedGateways() + { + return $this->sharedGateways; + } public function display_statistics( $connector = null ) { diff --git a/lib/device-and-system-classes/VirtualSystem.php b/lib/device-and-system-classes/VirtualSystem.php index dfc7dd49..92234ca0 100644 --- a/lib/device-and-system-classes/VirtualSystem.php +++ b/lib/device-and-system-classes/VirtualSystem.php @@ -178,8 +178,12 @@ class VirtualSystem public $version = null; public $apiCache; - - public function __construct(PANConf $owner, DeviceGroup $applicableDG = null) + /** + * VirtualSystem constructor. + * @param PANConf|SharedGatewayStore $owner + * @param DeviceGroup $applicableDG + */ + public function __construct( $owner, $applicableDG = null) { $this->owner = $owner; @@ -190,15 +194,24 @@ public function __construct(PANConf $owner, DeviceGroup $applicableDG = null) $this->tagStore = new TagStore($this); $this->tagStore->name = 'tags'; - $this->importedInterfaces = new InterfaceContainer($this, $owner->network); - $this->importedVirtualRouter = new VirtualRouterContainer($this, $owner->network); + if( get_class($owner) == "SharedGatewayStore" ) + { + + } + else + { + $this->importedInterfaces = new InterfaceContainer($this, $owner->network); + $this->importedVirtualRouter = new VirtualRouterContainer($this, $owner->network); + } + #$this->appStore = $owner->appStore; $this->appStore = new AppStore($this); $this->appStore->name = 'customApplication'; - $this->threatStore = $owner->threatStore; + if( get_class($owner) !== "SharedGatewayStore" ) + $this->threatStore = $owner->threatStore; $this->zoneStore = new ZoneStore($this); $this->zoneStore->setName('zoneStore'); @@ -321,8 +334,11 @@ public function __construct(PANConf $owner, DeviceGroup $applicableDG = null) $this->sdWanRules->name = 'SDWan'; - $this->dosRules->_networkStore = $this->owner->network; - $this->pbfRules->_networkStore = $this->owner->network; + if( get_class($owner) !== "SharedGatewayStore" ) + { + $this->dosRules->_networkStore = $this->owner->network; + $this->pbfRules->_networkStore = $this->owner->network; + } } @@ -355,16 +371,21 @@ public function load_from_domxml($xml) { $networkRoot = DH::findFirstElementOrCreate('network', $importroot); $tmp = DH::findFirstElementOrCreate('interface', $networkRoot); - $this->importedInterfaces->load_from_domxml($tmp); + if( $this->importedInterfaces !== null ) + $this->importedInterfaces->load_from_domxml($tmp); $tmp = DH::findFirstElement('virtual-router', $networkRoot); if( $tmp !== FALSE ) - $this->importedVirtualRouter->load_from_domxml($tmp); + { + if( $this->importedVirtualRouter !== null ) + $this->importedVirtualRouter->load_from_domxml($tmp); + } + } // - if( $this->owner->owner === null ) + if( $this->owner->owner === null || get_class($this->owner) == "SharedGatewayStore" ) { // @@ -656,32 +677,36 @@ public function load_from_domxml($xml) // // add reference to address object, if interface IP-address is using this object // - foreach( $this->importedInterfaces->interfaces() as $interface ) + if( $this->importedInterfaces !== null) { - if( $interface->isEthernetType() && $interface->type() == "layer3" ) - $interfaces = $interface->getLayer3IPv4Addresses(); - elseif( $interface->isVlanType() || $interface->isLoopbackType() || $interface->isTunnelType() ) - $interfaces = $interface->getIPv4Addresses(); - else - $interfaces = array(); + foreach( $this->importedInterfaces->interfaces() as $interface ) + { + if( $interface->isEthernetType() && $interface->type() == "layer3" ) + $interfaces = $interface->getLayer3IPv4Addresses(); + elseif( $interface->isVlanType() || $interface->isLoopbackType() || $interface->isTunnelType() ) + $interfaces = $interface->getIPv4Addresses(); + else + $interfaces = array(); - foreach( $interfaces as $layer3IPv4Address ) - { - if( substr_count($layer3IPv4Address, '.') != 3 ) + foreach( $interfaces as $layer3IPv4Address ) { - $object = $this->addressStore->find($layer3IPv4Address); - if( is_object($object) ) - $object->addReference($interface); - else + if( substr_count($layer3IPv4Address, '.') != 3 ) { - //Todo: fix needed too many warnings - if address object is coming from other address store - #mwarning("interface configured objectname: " . $layer3IPv4Address . " not found.\n", $interface); - } + $object = $this->addressStore->find($layer3IPv4Address); + if( is_object($object) ) + $object->addReference($interface); + else + { + //Todo: fix needed too many warnings - if address object is coming from other address store + #mwarning("interface configured objectname: " . $layer3IPv4Address . " not found.\n", $interface); + } + } } } } + //Todo: addressobject reference missing for: IKE gateway / GP Portal / GP Gateway (where GP is not implemented at all) diff --git a/lib/network-classes/NetworkPropertiesContainer.php b/lib/network-classes/NetworkPropertiesContainer.php index 2004ab25..b1fe788c 100644 --- a/lib/network-classes/NetworkPropertiesContainer.php +++ b/lib/network-classes/NetworkPropertiesContainer.php @@ -38,9 +38,13 @@ class NetworkPropertiesContainer /** @var greTunnelStore */ public $greTunnelStore; - /** @var dhcpStore */ + /** @var DHCPStore */ public $dhcpStore; + /** @var SharedGatewayStore */ + public $sharedGatewayStore; + + /** @var vlanIfStore */ public $vlanIfStore; @@ -75,6 +79,8 @@ function __construct($owner) $this->tunnelIfStore = new TunnelIfStore('TunnelIfaces', $owner); $this->virtualWireStore = new VirtualWireStore('', $owner); $this->dhcpStore = new DHCPStore('DHCP', $owner); + + $this->sharedGatewayStore = new SharedGatewayStore('SharedGateway', $owner); } function load_from_domxml(DOMElement $xml) @@ -132,6 +138,13 @@ function load_from_domxml(DOMElement $xml) $this->dhcpStore->load_from_domxml($tmp); } + $tmp = DH::findFirstElement('shared-gateway', $this->xmlroot); + if( $tmp !== FALSE ) + { + $this->sharedGatewayStore->load_from_domxml($tmp); + + $this->owner->sharedGateways = $this->sharedGatewayStore->virtualSystems; + } } diff --git a/lib/network-classes/SharedGatewayStore.php b/lib/network-classes/SharedGatewayStore.php new file mode 100644 index 00000000..f1d94658 --- /dev/null +++ b/lib/network-classes/SharedGatewayStore.php @@ -0,0 +1,188 @@ +name = $name; + $this->owner = $owner; + $this->classn = &self::$childn; + } + + public function load_from_domxml(DOMElement $xml) + { + $this->xmlroot = $xml; + + foreach( $this->xmlroot->childNodes as $node ) + { + if( $node->nodeType != XML_ELEMENT_NODE ) + continue; + + /** @var DOMElement $node */ + + if( $this->skipEmptyXmlObjects && !$node->hasChildNodes() ) + { + mwarning('XML element had no child, it was skipped', $node); + continue; + } + + $localVsys = new VirtualSystem($this); + + $localVsys->load_from_domxml($node); + + $this->virtualSystems[] = $localVsys; + } + } + + /** + * @return SharedGateway[] + */ + public function SharedGateways() + { + return $this->o; + } + + /** + * @param $vrName string + * @return null|SharedGateway + */ + public function findSharedGateway($vrName) + { + return $this->findByName($vrName); + } + + /** + * Creates a new DHCP in this store. It will be placed at the end of the list. + * @param string $name name of the new VirtualRouter + * @return SharedGateway + */ + public function newSharedGateway($name) + { + foreach( $this->SharedGateways() as $vr ) + { + if( $vr->name() == $name ) + derr("SharedGateway: " . $name . " already available\n"); + } + + $SharedGateway = new SharedGateway($name, $this); + $xmlElement = DH::importXmlStringOrDie($this->owner->xmlroot->ownerDocument, dhcp::$templatexml); + + $SharedGateway->load_from_domxml($xmlElement); + + $SharedGateway->owner = null; + $SharedGateway->setName($name); + + //20190507 - which add method is best, is addvirtualRouter needed?? + $this->addSharedGateway($SharedGateway); + $this->add($SharedGateway); + + return $SharedGateway; + } + + /** + * @param SharedGateway $SharedGateway + * @return bool + */ + public function addSharedGateway($SharedGateway) + { + if( !is_object($SharedGateway) ) + derr('this function only accepts dhcp class objects'); + + if( $SharedGateway->owner !== null ) + derr('Trying to add a dhcp that has a owner already !'); + + + $ser = spl_object_hash($SharedGateway); + + if( !isset($this->fastMemToIndex[$ser]) ) + { + $SharedGateway->owner = $this; + + $this->fastMemToIndex[$ser] = $SharedGateway; + $this->fastNameToIndex[$SharedGateway->name()] = $SharedGateway; + + if( $this->xmlroot === null ) + $this->createXmlRoot(); + + $this->xmlroot->appendChild($SharedGateway->xmlroot); + + return TRUE; + } + else + derr('You cannot add a dhcp that is already here :)'); + + return FALSE; + } + + public function createXmlRoot() + { + if( $this->xmlroot === null ) + { + $xml = DH::findFirstElementOrCreate('devices', $this->owner->xmlroot); + $xml = DH::findFirstElementOrCreate('entry', $xml); + $xml = DH::findFirstElementOrCreate('network', $xml); + + $this->xmlroot = DH::findFirstElementOrCreate('shared-gateway', $xml); + } + } + + private function &getBaseXPath() + { + + $str = ""; + /* + if( $this->owner->owner->isTemplate() ) + $str .= $this->owner->owner->getXPath(); + elseif( $this->owner->isPanorama() || $this->owner->isFirewall() ) + $str = '/config/shared'; + else + derr('unsupported'); + */ + + //TODO: intermediate solution + $str .= '/config/devices/entry/network'; + + return $str; + } + + public function &getSharedGatewayStoreXPath() + { + $path = $this->getBaseXPath(); + return $path; + } + +} \ No newline at end of file diff --git a/lib/network-classes/Zone.php b/lib/network-classes/Zone.php index 3e765a5e..8dd52f55 100644 --- a/lib/network-classes/Zone.php +++ b/lib/network-classes/Zone.php @@ -77,7 +77,8 @@ public function __construct($name, $owner, $fromXmlTemplate = FALSE, $type = 'la if( $this->owner->owner->isVirtualSystem() ) { - $this->attachedInterfaces = new InterfaceContainer($this, $this->owner->owner->owner->network); + if( get_class( $this->owner->owner->owner ) !== "SharedGatewayStore" ) + $this->attachedInterfaces = new InterfaceContainer($this, $this->owner->owner->owner->network); } else $this->attachedInterfaces = new InterfaceContainer($this, null); @@ -175,7 +176,8 @@ public function load_from_domxml(DOMElement $xml) { $this->type = $node->tagName; - $this->attachedInterfaces->load_from_domxml($node); + if( $this->attachedInterfaces !== null ) + $this->attachedInterfaces->load_from_domxml($node); } else if( $node->tagName == 'external' ) { @@ -186,8 +188,8 @@ public function load_from_domxml(DOMElement $xml) continue; $this->externalVsys[$memberNode->textContent] = $memberNode->textContent; } - - $this->attachedInterfaces->load_from_domxml($node); + if( $this->attachedInterfaces !== null ) + $this->attachedInterfaces->load_from_domxml($node); } elseif( $node->tagName == 'tap' ) { diff --git a/utils/lib/UTIL.php b/utils/lib/UTIL.php index e97ae7ce..38cf8232 100644 --- a/utils/lib/UTIL.php +++ b/utils/lib/UTIL.php @@ -1541,7 +1541,9 @@ public function location_filter_object() if( $location == 'shared' || $location == 'any' ) { if( $this->utilType == 'address' ) + { $this->objectsToProcess[] = array('store' => $this->pan->addressStore, 'objects' => $this->pan->addressStore->all(null, TRUE)); + } elseif( $this->utilType == 'service' ) $this->objectsToProcess[] = array('store' => $this->pan->serviceStore, 'objects' => $this->pan->serviceStore->all(null, TRUE)); elseif( $this->utilType == 'tag' ) @@ -1600,6 +1602,26 @@ public function location_filter_object() self::GlobalInitAction($sub); } } + + foreach( $this->pan->getSharedGateways() as $sub ) + { + if( ($location == 'any' || $location == $sub->name() && !isset($ruleStoresToProcess[$sub->name()])) ) + { + if( $this->utilType == 'address' ) + $this->objectsToProcess[] = array('store' => $sub->addressStore, 'objects' => $sub->addressStore->all(null, TRUE)); + elseif( $this->utilType == 'service' ) + $this->objectsToProcess[] = array('store' => $sub->serviceStore, 'objects' => $sub->serviceStore->all(null, TRUE)); + elseif( $this->utilType == 'tag' ) + $this->objectsToProcess[] = array('store' => $sub->tagStore, 'objects' => $sub->tagStore->getall()); + elseif( $this->utilType == 'securityprofilegroup' ) + $this->objectsToProcess[] = array('store' => $sub->securityProfileGroupStore, 'objects' => $sub->securityProfileGroupStore->getAll()); + elseif( $this->utilType == 'schedule' ) + $this->objectsToProcess[] = array('store' => $sub->scheduleStore, 'objects' => $sub->scheduleStore->getall()); + elseif( $this->utilType == 'application' ) + $this->objectsToProcess[] = array('store' => $sub->appStore, 'objects' => $sub->appStore->apps()); + } + } + } else { From c7841ad50b99fa4f702aed996a6fea3a20b0c053 Mon Sep 17 00:00:00 2001 From: Sven Waschkut Date: Wed, 13 Sep 2023 13:56:01 +0200 Subject: [PATCH 06/16] type=zone | extend with SharedGateway --- CHANGELOG.txt | 1 + utils/common/actions-zone.php | 6 ++++-- utils/lib/NETWORKUTIL.php | 23 +++++++++++++++++++++++ 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 40dda0ca..54092a20 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -4,6 +4,7 @@ CHANGELOG UTIL: * type=certificate | extend to TemplateStack * introduce class SharedGatewayStore | extend different classes to support SharedGateway +* type=zone | extend with SharedGateway BUGFIX: * type=ssh-connector in=admin@MGMT-IP setcommand-file=set-commands.txt | bugfix to correctly send set commands diff --git a/utils/common/actions-zone.php b/utils/common/actions-zone.php index 2d6a37af..52860f51 100644 --- a/utils/common/actions-zone.php +++ b/utils/common/actions-zone.php @@ -429,7 +429,8 @@ //DISPLAY interfaces attached to zones $interfaces = $object->attachedInterfaces; - foreach( $interfaces->getAll() as $interface ) + if( $interfaces !== null ) + foreach( $interfaces->getAll() as $interface ) { $tmp_txt = " " . $interface->type . " - "; $tmp_txt .= $interface->name(); @@ -720,7 +721,8 @@ else { $lines .= $context->encloseFunction($object->type()); - $lines .= $context->encloseFunction( $object->attachedInterfaces->getAll() ); + if( $object->attachedInterfaces !== null ) + $lines .= $context->encloseFunction( $object->attachedInterfaces->getAll() ); if( $object->logsetting == null ) $tmpLogprof = ""; diff --git a/utils/lib/NETWORKUTIL.php b/utils/lib/NETWORKUTIL.php index e6e4f55f..9d56db00 100644 --- a/utils/lib/NETWORKUTIL.php +++ b/utils/lib/NETWORKUTIL.php @@ -135,6 +135,29 @@ public function location_filter_object() self::GlobalInitAction($sub); } + + foreach( $this->pan->getSharedGateways() as $sub ) + { + if( ($location == 'any' || $location == $sub->name() && !isset($ruleStoresToProcess[$sub->name()])) ) + { + if( $this->utilType == 'virtualwire' ) + {} + elseif( $this->utilType == 'interface' ) + $this->objectsToProcess[] = Array('store' => $sub->importedInterfaces, 'objects' => $sub->importedInterfaces->getAll()); + elseif( $this->utilType == 'routing' ) + {} + elseif( $this->utilType == 'zone' ) + $this->objectsToProcess[] = array('store' => $sub->zoneStore, 'objects' => $sub->zoneStore->getall()); + elseif( $this->utilType == 'dhcp' ) + {} + elseif( $this->utilType == 'certificate' ) + $this->objectsToProcess[] = Array('store' => $sub->certificateStore, 'objects' => $sub->certificateStore->getAll()); + + $locationFound = TRUE; + } + + self::GlobalInitAction($sub); + } } else { From 63c7a1946d550254ff1e797804cd6ce804a2a0a1 Mon Sep 17 00:00:00 2001 From: Sven Waschkut Date: Thu, 14 Sep 2023 01:44:26 +0200 Subject: [PATCH 07/16] different Classes | extend type=rule for SharedGateway --- CHANGELOG.txt | 1 + .../VirtualSystem.php | 12 +++- .../NetworkPropertiesContainer.php | 14 ++++- lib/network-classes/SharedGatewayStore.php | 1 - lib/network-classes/Zone.php | 4 +- utils/lib/RULEUTIL.php | 62 +++++++++++++++++++ utils/lib/UTIL.php | 5 +- 7 files changed, 90 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 54092a20..042bb055 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -5,6 +5,7 @@ UTIL: * type=certificate | extend to TemplateStack * introduce class SharedGatewayStore | extend different classes to support SharedGateway * type=zone | extend with SharedGateway +* type=rule | extend with SharedGateway BUGFIX: * type=ssh-connector in=admin@MGMT-IP setcommand-file=set-commands.txt | bugfix to correctly send set commands diff --git a/lib/device-and-system-classes/VirtualSystem.php b/lib/device-and-system-classes/VirtualSystem.php index 92234ca0..125c71a1 100644 --- a/lib/device-and-system-classes/VirtualSystem.php +++ b/lib/device-and-system-classes/VirtualSystem.php @@ -196,7 +196,8 @@ public function __construct( $owner, $applicableDG = null) if( get_class($owner) == "SharedGatewayStore" ) { - + $this->importedInterfaces = new InterfaceContainer($this, $owner->owner->network); + $this->importedVirtualRouter = new VirtualRouterContainer($this, $owner->owner->network); } else { @@ -334,7 +335,12 @@ public function __construct( $owner, $applicableDG = null) $this->sdWanRules->name = 'SDWan'; - if( get_class($owner) !== "SharedGatewayStore" ) + if( get_class($owner) === "SharedGatewayStore" ) + { + $this->dosRules->_networkStore = $this->owner->owner->network; + $this->pbfRules->_networkStore = $this->owner->owner->network; + } + else { $this->dosRules->_networkStore = $this->owner->network; $this->pbfRules->_networkStore = $this->owner->network; @@ -723,7 +729,7 @@ public function load_from_domxml($xml) if( $this->rulebaseroot === FALSE ) $this->rulebaseroot = null; - if( $this->owner->owner === null && $this->rulebaseroot !== null ) + if( ($this->owner->owner === null || get_class($this->owner) == "SharedGatewayStore") && $this->rulebaseroot !== null ) { // // Security Rules extraction diff --git a/lib/network-classes/NetworkPropertiesContainer.php b/lib/network-classes/NetworkPropertiesContainer.php index b1fe788c..b76ee9f2 100644 --- a/lib/network-classes/NetworkPropertiesContainer.php +++ b/lib/network-classes/NetworkPropertiesContainer.php @@ -141,9 +141,19 @@ function load_from_domxml(DOMElement $xml) $tmp = DH::findFirstElement('shared-gateway', $this->xmlroot); if( $tmp !== FALSE ) { - $this->sharedGatewayStore->load_from_domxml($tmp); + $this->sharedGatewayStore->load_from_domxml($tmp); + + $this->owner->sharedGateways = $this->sharedGatewayStore->virtualSystems; + + foreach( $this->owner->sharedGateways as $localVsys ) + { + $importedInterfaces = $localVsys->importedInterfaces->interfaces(); + foreach( $importedInterfaces as &$ifName ) + { + $ifName->importedByVSYS = $localVsys; + } + } - $this->owner->sharedGateways = $this->sharedGatewayStore->virtualSystems; } } diff --git a/lib/network-classes/SharedGatewayStore.php b/lib/network-classes/SharedGatewayStore.php index f1d94658..4f8d8ea6 100644 --- a/lib/network-classes/SharedGatewayStore.php +++ b/lib/network-classes/SharedGatewayStore.php @@ -61,7 +61,6 @@ public function load_from_domxml(DOMElement $xml) } $localVsys = new VirtualSystem($this); - $localVsys->load_from_domxml($node); $this->virtualSystems[] = $localVsys; diff --git a/lib/network-classes/Zone.php b/lib/network-classes/Zone.php index 8dd52f55..c81355b1 100644 --- a/lib/network-classes/Zone.php +++ b/lib/network-classes/Zone.php @@ -77,7 +77,9 @@ public function __construct($name, $owner, $fromXmlTemplate = FALSE, $type = 'la if( $this->owner->owner->isVirtualSystem() ) { - if( get_class( $this->owner->owner->owner ) !== "SharedGatewayStore" ) + if( get_class( $this->owner->owner->owner ) === "SharedGatewayStore" ) + $this->attachedInterfaces = new InterfaceContainer($this, $this->owner->owner->owner->owner->network); + else $this->attachedInterfaces = new InterfaceContainer($this, $this->owner->owner->owner->network); } else diff --git a/utils/lib/RULEUTIL.php b/utils/lib/RULEUTIL.php index 831013df..02414ea9 100644 --- a/utils/lib/RULEUTIL.php +++ b/utils/lib/RULEUTIL.php @@ -198,6 +198,68 @@ public function location_filter_object() self::GlobalInitAction($sub, $this->ruleTypes); } + + foreach( $this->pan->getSharedGateways() as $sub ) + { + if( ($location == 'any' || $location == $sub->name() && !isset($ruleStoresToProcess[$sub->name()])) ) + { + if( array_search('any', $this->ruleTypes) !== FALSE || array_search('security', $this->ruleTypes) !== FALSE ) + { + $this->objectsToProcess[] = array('store' => $sub->securityRules, 'rules' => $sub->securityRules->rules()); + } + if( array_search('any', $this->ruleTypes) !== FALSE || array_search('nat', $this->ruleTypes) !== FALSE ) + { + $this->objectsToProcess[] = array('store' => $sub->natRules, 'rules' => $sub->natRules->rules()); + } + if( array_search('any', $this->ruleTypes) !== FALSE || array_search('qos', $this->ruleTypes) !== FALSE ) + { + $this->objectsToProcess[] = array('store' => $sub->qosRules, 'rules' => $sub->qosRules->rules()); + } + if( array_search('any', $this->ruleTypes) !== FALSE || array_search('pbf', $this->ruleTypes) !== FALSE ) + { + $this->objectsToProcess[] = array('store' => $sub->pbfRules, 'rules' => $sub->pbfRules->rules()); + } + if( array_search('any', $this->ruleTypes) !== FALSE || array_search('decryption', $this->ruleTypes) !== FALSE ) + { + $this->objectsToProcess[] = array('store' => $sub->decryptionRules, 'rules' => $sub->decryptionRules->rules()); + } + if( array_search('any', $this->ruleTypes) !== FALSE || array_search('appoverride', $this->ruleTypes) !== FALSE ) + { + $this->objectsToProcess[] = array('store' => $sub->appOverrideRules, 'rules' => $sub->appOverrideRules->rules()); + } + if( array_search('any', $this->ruleTypes) !== FALSE || array_search('captiveportal', $this->ruleTypes) !== FALSE ) + { + $this->objectsToProcess[] = array('store' => $sub->captivePortalRules, 'rules' => $sub->captivePortalRules->rules()); + } + if( array_search('any', $this->ruleTypes) !== FALSE || array_search('authentication', $this->ruleTypes) !== FALSE ) + { + $this->objectsToProcess[] = array('store' => $sub->authenticationRules, 'rules' => $sub->authenticationRules->rules()); + } + if( array_search('any', $this->ruleTypes) !== FALSE || array_search('dos', $this->ruleTypes) !== FALSE ) + { + $this->objectsToProcess[] = array('store' => $sub->dosRules, 'rules' => $sub->dosRules->rules()); + } + if( array_search('any', $this->ruleTypes) !== FALSE || array_search('tunnelinspection', $this->ruleTypes) !== FALSE ) + { + $this->objectsToProcess[] = array('store' => $sub->tunnelInspectionRules, 'rules' => $sub->tunnelInspectionRules->rules()); + } + if( array_search('any', $this->ruleTypes) !== FALSE || array_search('defaultsecurity', $this->ruleTypes) !== FALSE ) + { + $this->objectsToProcess[] = array('store' => $sub->defaultSecurityRules, 'rules' => $sub->defaultSecurityRules->resultingRuleSet()); + } + if( array_search('any', $this->ruleTypes) !== FALSE || array_search('networkpacketbroker', $this->ruleTypes) !== FALSE ) + { + $this->objectsToProcess[] = array('store' => $sub->networkPacketBrokerRules, 'rules' => $sub->networkPacketBrokerRules->rules()); + } + if( array_search('any', $this->ruleTypes) !== FALSE || array_search('sdwan', $this->ruleTypes) !== FALSE ) + { + $this->objectsToProcess[] = array('store' => $sub->sdWanRules, 'rules' => $sub->sdWanRules->rules()); + } + $locationFound = TRUE; + + self::GlobalInitAction($sub, $this->ruleTypes); + } + } } else { diff --git a/utils/lib/UTIL.php b/utils/lib/UTIL.php index 38cf8232..85911ca9 100644 --- a/utils/lib/UTIL.php +++ b/utils/lib/UTIL.php @@ -1619,6 +1619,9 @@ public function location_filter_object() $this->objectsToProcess[] = array('store' => $sub->scheduleStore, 'objects' => $sub->scheduleStore->getall()); elseif( $this->utilType == 'application' ) $this->objectsToProcess[] = array('store' => $sub->appStore, 'objects' => $sub->appStore->apps()); + + $locationFound = TRUE; + self::GlobalInitAction($this->pan); } } @@ -1644,7 +1647,6 @@ public function location_filter_object() $this->objectsToProcess[] = array('store' => $this->pan->threatStore, 'objects' => $this->pan->threatStore->getAll()); $locationFound = TRUE; - self::GlobalInitAction($this->pan); } elseif( $this->configType == 'fawkes' && ($location == 'ANY' || $location == 'any') ) @@ -1655,7 +1657,6 @@ public function location_filter_object() $this->objectsToProcess[] = array('store' => $this->pan->threatStore, 'objects' => $this->pan->threatStore->getAll()); $locationFound = TRUE; - self::GlobalInitAction($this->pan); } From 009378893248614708a070de6cd5bbdf82d0b800 Mon Sep 17 00:00:00 2001 From: Sven Waschkut Date: Thu, 14 Sep 2023 07:58:43 +0200 Subject: [PATCH 08/16] type=service | improvement for SharedGateway - class VirtualSystem --- CHANGELOG.txt | 1 + lib/device-and-system-classes/PANConf.php | 24 ++++++++++++++ .../VirtualSystem.php | 31 +++++++++++++++++-- lib/network-classes/SharedGatewayStore.php | 2 +- lib/object-classes/ServiceGroup.php | 6 ++-- lib/rule-classes/RuleStore.php | 14 ++++++--- 6 files changed, 67 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 042bb055..54ed39e9 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -6,6 +6,7 @@ UTIL: * introduce class SharedGatewayStore | extend different classes to support SharedGateway * type=zone | extend with SharedGateway * type=rule | extend with SharedGateway +* type=service | improvement for SharedGateway - class VirtualSystem BUGFIX: * type=ssh-connector in=admin@MGMT-IP setcommand-file=set-commands.txt | bugfix to correctly send set commands diff --git a/lib/device-and-system-classes/PANConf.php b/lib/device-and-system-classes/PANConf.php index e39b2386..bfbf3633 100644 --- a/lib/device-and-system-classes/PANConf.php +++ b/lib/device-and-system-classes/PANConf.php @@ -137,6 +137,30 @@ class PANConf /** @var SecurityProfileStore */ public $HipProfilesProfileStore = null; + /** @var SecurityProfileStore */ + public $GTPProfileStore = null; + + /** @var SecurityProfileStore */ + public $SCEPProfileStore = null; + + /** @var SecurityProfileStore */ + public $PacketBrokerProfileStore = null; + + /** @var SecurityProfileStore */ + public $SDWanErrorCorrectionProfileStore = null; + + /** @var SecurityProfileStore */ + public $SDWanPathQualityProfileStore = null; + + /** @var SecurityProfileStore */ + public $SDWanSaasQualityProfileStore = null; + + /** @var SecurityProfileStore */ + public $SDWanTrafficDistributionProfileStore = null; + + /** @var SecurityProfileStore */ + public $DataObjectsProfileStore = null; + /** @var ScheduleStore */ public $scheduleStore = null; diff --git a/lib/device-and-system-classes/VirtualSystem.php b/lib/device-and-system-classes/VirtualSystem.php index 125c71a1..ffb0a615 100644 --- a/lib/device-and-system-classes/VirtualSystem.php +++ b/lib/device-and-system-classes/VirtualSystem.php @@ -189,18 +189,21 @@ public function __construct( $owner, $applicableDG = null) $this->parentDeviceGroup = $applicableDG; - $this->version = &$owner->version; $this->tagStore = new TagStore($this); $this->tagStore->name = 'tags'; if( get_class($owner) == "SharedGatewayStore" ) { + $this->version = &$owner->owner->version; + $this->importedInterfaces = new InterfaceContainer($this, $owner->owner->network); $this->importedVirtualRouter = new VirtualRouterContainer($this, $owner->owner->network); } else { + $this->version = &$owner->version; + $this->importedInterfaces = new InterfaceContainer($this, $owner->network); $this->importedVirtualRouter = new VirtualRouterContainer($this, $owner->network); } @@ -345,6 +348,26 @@ public function __construct( $owner, $applicableDG = null) $this->dosRules->_networkStore = $this->owner->network; $this->pbfRules->_networkStore = $this->owner->network; } + + $storeType = array( + 'addressStore', 'serviceStore', 'tagStore', 'scheduleStore', 'appStore', + + 'securityProfileGroupStore', + + 'URLProfileStore', 'AntiVirusProfileStore', 'FileBlockingProfileStore', 'DataFilteringProfileStore', + 'VulnerabilityProfileStore', 'AntiSpywareProfileStore', 'WildfireProfileStore', + 'DecryptionProfileStore', 'HipObjectsProfileStore' + + ); + + foreach( $storeType as $type ) + { + if( get_class($this->owner) === "SharedGatewayStore" ) + $this->$type->parentCentralStore = $this->owner->owner->$type; + else + $this->$type->parentCentralStore = $this->owner->$type; + } + } @@ -410,7 +433,7 @@ public function load_from_domxml($xml) // Extract region objects // $tmp = DH::findFirstElement('region', $xml); - if( $tmp !== false ) + if( $tmp !== FALSE ) $this->addressStore->load_regions_from_domxml($tmp); //print "VSYS '".$this->name."' address objectsloaded\n" ; // End of address objects extraction @@ -450,8 +473,10 @@ public function load_from_domxml($xml) // // $tmp = DH::findFirstElement('service-group', $xml); if( $tmp !== FALSE ) + { + #print "VSYS '".$this->name."' service groups loaded\n" ; $this->serviceStore->load_servicegroups_from_domxml($tmp); - //print "VSYS '".$this->name."' service groups loaded\n" ; + } // End of extraction // diff --git a/lib/network-classes/SharedGatewayStore.php b/lib/network-classes/SharedGatewayStore.php index 4f8d8ea6..e637e9fe 100644 --- a/lib/network-classes/SharedGatewayStore.php +++ b/lib/network-classes/SharedGatewayStore.php @@ -60,7 +60,7 @@ public function load_from_domxml(DOMElement $xml) continue; } - $localVsys = new VirtualSystem($this); + $localVsys = new VirtualSystem($this, $this->owner); $localVsys->load_from_domxml($node); $this->virtualSystems[] = $localVsys; diff --git a/lib/object-classes/ServiceGroup.php b/lib/object-classes/ServiceGroup.php index 0710c9ba..930a9917 100644 --- a/lib/object-classes/ServiceGroup.php +++ b/lib/object-classes/ServiceGroup.php @@ -94,12 +94,12 @@ public function load_from_domxml($xml) if( $membersRoot === FALSE ) { - derr('unsupported non v6 syntax type ServiceGroup', $this->xmlroot); + derr('unsupported syntax type ServiceGroup', $this->xmlroot); } - foreach( $membersRoot->childNodes as $node ) { - if( $node->nodeType != 1 ) continue; + /** @var DOMElement $node */ + if( $node->nodeType != XML_ELEMENT_NODE ) continue; $memberName = $node->textContent; diff --git a/lib/rule-classes/RuleStore.php b/lib/rule-classes/RuleStore.php index 470ef1e2..eaf11aa1 100644 --- a/lib/rule-classes/RuleStore.php +++ b/lib/rule-classes/RuleStore.php @@ -1021,8 +1021,11 @@ public function &resultingRuleSet() { $varName = $this->getStoreVarName(); /** @var RuleStore $var */ - $var = $this->owner->parentDeviceGroup->$varName; - $res = $var->resultingPreRuleSet(); + if( isset($this->owner->parentDeviceGroup->$varName) ) + { + $var = $this->owner->parentDeviceGroup->$varName; + $res = $var->resultingPreRuleSet(); + } } $res = array_merge($res, $this->_rules); @@ -1036,8 +1039,11 @@ public function &resultingRuleSet() { $varName = $this->getStoreVarName(); /** @var RuleStore $var */ - $var = $this->owner->parentDeviceGroup->$varName; - $res = array_merge($res, $var->resultingPostRuleSet()); + if( isset($this->owner->parentDeviceGroup->$varName) ) + { + $var = $this->owner->parentDeviceGroup->$varName; + $res = array_merge($res, $var->resultingPostRuleSet()); + } } return $res; From eed6a6569d5153deb9028cc57ab3bf4ae7db9dbc Mon Sep 17 00:00:00 2001 From: Sven Waschkut Date: Thu, 14 Sep 2023 09:39:00 +0200 Subject: [PATCH 09/16] develop script "shared_gateway.php" | introduction --- CHANGELOG.txt | 1 + utils/develop/shared_gateway.php | 110 +++++++++++++++++++++++++++++++ 2 files changed, 111 insertions(+) create mode 100644 utils/develop/shared_gateway.php diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 54ed39e9..2a3d6ffc 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -7,6 +7,7 @@ UTIL: * type=zone | extend with SharedGateway * type=rule | extend with SharedGateway * type=service | improvement for SharedGateway - class VirtualSystem +* develop script "shared_gateway.php" | introduction BUGFIX: * type=ssh-connector in=admin@MGMT-IP setcommand-file=set-commands.txt | bugfix to correctly send set commands diff --git a/utils/develop/shared_gateway.php b/utils/develop/shared_gateway.php new file mode 100644 index 00000000..7ec12072 --- /dev/null +++ b/utils/develop/shared_gateway.php @@ -0,0 +1,110 @@ + 'in', 'shortHelp' => 'in=filename.xml | api. ie: in=api://192.168.1.1 or in=api://0018CAEC3@panorama.company.com', 'argDesc' => '[filename]|[api://IP]|[api://serial@IP]'); +$supportedArguments['out'] = array('niceName' => 'out', 'shortHelp' => 'output file to save config after changes. Only required when input is a file. ie: out=save-config.xml', 'argDesc' => '[filename]'); +$supportedArguments['debugapi'] = array('niceName' => 'DebugAPI', 'shortHelp' => 'prints API calls when they happen'); +$supportedArguments['help'] = array('niceName' => 'help', 'shortHelp' => 'this message'); +$supportedArguments['location'] = array('niceName' => 'Location', 'shortHelp' => 'specify if you want to limit your query to a VSYS/DG. By default location=shared for Panorama, =vsys1 for PANOS. ie: location=any or location=vsys2,vsys1', 'argDesc' => '=sub1[,sub2]'); + +$supportedArguments['loadpanoramapushedconfig'] = array('niceName' => 'loadPanoramaPushedConfig', 'shortHelp' => 'load Panorama pushed config from the firewall to take in account panorama objects and rules'); +$supportedArguments['apitimeout'] = array('niceName' => 'apiTimeout', 'shortHelp' => 'in case API takes too long time to anwer, increase this value (default=60)'); + +$supportedArguments['shadow-disableoutputformatting'] = array('niceName' => 'shadow-disableoutputformatting', 'shortHelp' => 'XML output in offline config is not in cleaned PHP DOMDocument structure'); +$supportedArguments['shadow-enablexmlduplicatesdeletion']= array('niceName' => 'shadow-enablexmlduplicatesdeletion', 'shortHelp' => 'if duplicate objects are available, keep only one object of the same name'); +$supportedArguments['shadow-ignoreinvalidaddressobjects']= array('niceName' => 'shadow-ignoreinvalidaddressobjects', 'shortHelp' => 'PAN-OS allow to have invalid address objects available, like object without value or type'); +$supportedArguments['shadow-apikeynohidden'] = array('niceName' => 'shadow-apikeynohidden', 'shortHelp' => 'send API-KEY in clear text via URL. this is needed for all PAN-OS version <9.0 if API mode is used. '); +$supportedArguments['shadow-apikeynosave']= array('niceName' => 'shadow-apikeynosave', 'shortHelp' => 'do not store API key in .panconfkeystore file'); +$supportedArguments['shadow-displaycurlrequest']= array('niceName' => 'shadow-displaycurlrequest', 'shortHelp' => 'display curl information if running in API mode'); +$supportedArguments['shadow-reducexml']= array('niceName' => 'shadow-reducexml', 'shortHelp' => 'store reduced XML, without newline and remove blank characters in offline mode'); +$supportedArguments['shadow-json']= array('niceName' => 'shadow-json', 'shortHelp' => 'BETA command to display output on stdout not in text but in JSON format'); + +//YOUR OWN arguments if needed +$supportedArguments['argument1'] = array('niceName' => 'ARGUMENT1', 'shortHelp' => 'an argument you like to use in your script'); +$supportedArguments['optional_argument2'] = array('niceName' => 'Optional_Argument2', 'shortHelp' => 'an argument you like to define here'); + + +$usageMsg = PH::boldText('USAGE: ') . "php " . basename(__FILE__) . " in=api:://[MGMT-IP] argument1 [optional_argument2]"; + + +$util = new UTIL("custom", $argv, $argc,__FILE__, $supportedArguments, $usageMsg ); + +$util->utilInit(); + +$util->load_config(); +$util->location_filter(); + + +/** @var PANConf|PanoramaConf $pan */ +$pan = $util->pan; + + +/** @var VirtualSystem|DeviceGroup $sub */ +$sub = $util->sub; + +/** @var string $location */ +$location = $util->location; + +/** @var boolean $apiMode */ +$apiMode = $util->apiMode; + +/** @var array $args */ +$args = PH::$args; + +PH::print_stdout(); +PH::print_stdout( " ********** **********" ); +PH::print_stdout(); + +/********************************* + * * + * * START WRITING YOUR CODE HERE + * * + * * List of available variables: + * + * * $pan : PANConf or PanoramaConf object + * * $location : string with location name or undefined if not provided on CLI + * * $sub : DeviceGroup or VirtualSystem found after looking from cli 'location' argument + * * $apiMode : if config file was downloaded from API directly + * * $args : array with all CLI arguments processed by PAN-OS-PHP + * * + */ + +PH::print_stdout( "display ShardGateways"); + +$vsys_number = 11; +foreach( $pan->getSharedGateways() as $key => $sharedGateway) +{ + print "NAME: ".$sharedGateway->name()."\n"; + + $vsys = $pan->createVirtualSystem($vsys_number); + + $clone = $sharedGateway->xmlroot->cloneNode(true); + + $name = DH::findAttribute('name', $clone); + $clone->setAttribute("name", "vsys".$vsys_number); + + $vsys->xmlroot->parentNode->appendChild($clone); + $vsys->xmlroot->parentNode->removeChild($vsys->xmlroot); + + + $sharedGateway->owner->xmlroot->removeChild($sharedGateway->xmlroot); + + $vsys_number++; +} + +$util->save_our_work(); +PH::print_stdout(); +PH::print_stdout( "************* END OF SCRIPT ".basename(__FILE__)." ************" ); +PH::print_stdout(); + From f693a5795cac1117c35d6dc5e678fc5284633f76 Mon Sep 17 00:00:00 2001 From: Sven Waschkut Date: Thu, 14 Sep 2023 15:18:33 +0200 Subject: [PATCH 10/16] type=address in=api://192.168.55.129 'actions=combine-addressgroups:{NEW_GROUP_NAME},true' 'filter=(name regex /{FILTER}/)' --- CHANGELOG.txt | 1 + utils/common/actions-address.php | 70 +++++++++++++++++++++++++++++++- utils/lib/UTIL.php | 5 +++ 3 files changed, 75 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 2a3d6ffc..00bb4b66 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -8,6 +8,7 @@ UTIL: * type=rule | extend with SharedGateway * type=service | improvement for SharedGateway - class VirtualSystem * develop script "shared_gateway.php" | introduction +* type=address in=api://192.168.55.129 'actions=combine-addressgroups:{NEW_GROUP_NAME},true' 'filter=(name regex /{FILTER}/)' BUGFIX: * type=ssh-connector in=admin@MGMT-IP setcommand-file=set-commands.txt | bugfix to correctly send set commands diff --git a/utils/common/actions-address.php b/utils/common/actions-address.php index 1b80e8a5..64b61955 100644 --- a/utils/common/actions-address.php +++ b/utils/common/actions-address.php @@ -3413,4 +3413,72 @@ 'panorama_file' => Array( 'type' => 'string', 'default' => '*nodefault*'), 'dg_name' => array('type' => 'string', 'default' => '*nodefault*') ) -); \ No newline at end of file +); + +AddressCallContext::$supportedActions['combine-addressgroups'] = array( + 'name' => 'combine-addressgroups', + 'GlobalInitFunction' => function (AddressCallContext $context) { + + $new_addressgroup_name = $context->arguments['new_addressgroup_name']; + + $obj = $context->subSystem->addressStore->find($new_addressgroup_name); + if( $obj !== null ) + { + derr("this action is only working if no addressgroup with name: ".$new_addressgroup_name." is not already available", null, False); + } + + + $context->objectList = array(); + }, + 'MainFunction' => function (AddressCallContext $context) { + $object = $context->object; + if( !$object->isAddress() ) + $context->objectList[] = $object; + }, + 'GlobalFinishFunction' => function (AddressCallContext $context) { + $new_addressgroup_name = $context->arguments['new_addressgroup_name']; + $replace_groups = $context->arguments['replace_groups']; + + PH::print_stdout(" - create AddressGroup: ". $new_addressgroup_name ); + + if( $context->isAPI ) + $obj = $context->subSystem->addressStore->API_newAddressGroup($new_addressgroup_name); + else + $obj = $context->subSystem->addressStore->newAddressGroup($new_addressgroup_name); + + foreach( $context->objectList as $group ) + { + /** @var AddressGroup $group*/ + foreach( $group->members() as $member ) + { + PH::print_stdout(" - add address as member: ". $member->name()); + if( $context->isAPI ) + $obj->API_addMember($member); + else + $obj->addMember($member); + } + + foreach($group->tags->getAll() as $tag) + { + PH::print_stdout(" - add tag: ". $tag->name()); + if( $context->isAPI ) + $obj->tags->API_addTag($tag); + else + $obj->tags->addTag($tag); + } + + if( $replace_groups ) + { + PH::print_stdout( " replace addressgroup: ". $group->name() . " with new addressgroup: ". $obj->name()); + if( $context->isAPI ) + $group->replaceMeGlobally($obj,true); + else + $group->replaceMeGlobally($obj); + } + } + }, + 'args' => array( + 'new_addressgroup_name' => Array( 'type' => 'string', 'default' => '*nodefault*'), + 'replace_groups' => array('type' => 'bool', 'default' => FALSE) + ) +); diff --git a/utils/lib/UTIL.php b/utils/lib/UTIL.php index 85911ca9..2c0af451 100644 --- a/utils/lib/UTIL.php +++ b/utils/lib/UTIL.php @@ -1731,6 +1731,11 @@ public function locationNotFound($location, $configType = null, $pan = null) PH::print_stdout( " - " . $sub->name() . " [".$sub->alternativeName()."]" ); PH::$JSON_OUT['error-location'][] = $sub->name(); } + foreach( $this->pan->getSharedGateways() as $sub ) + { + PH::print_stdout( " - " . $sub->name() . " [".$sub->alternativeName()."]" ); + PH::$JSON_OUT['error-location'][] = $sub->name(); + } } else { From 92165baa2d8ed85cc225f01e2e8477f24fbd6d75 Mon Sep 17 00:00:00 2001 From: Sven Waschkut Date: Thu, 14 Sep 2023 15:25:52 +0200 Subject: [PATCH 11/16] Update actions-address.php --- utils/common/actions-address.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/common/actions-address.php b/utils/common/actions-address.php index 64b61955..b1ce23b4 100644 --- a/utils/common/actions-address.php +++ b/utils/common/actions-address.php @@ -3460,7 +3460,7 @@ foreach($group->tags->getAll() as $tag) { - PH::print_stdout(" - add tag: ". $tag->name()); + PH::print_stdout(" - add tag: ". $tag->name()); if( $context->isAPI ) $obj->tags->API_addTag($tag); else From c95f1f2abbaa901f08ef725dc7a4b6ea18fb447f Mon Sep 17 00:00:00 2001 From: Sven Waschkut Date: Mon, 18 Sep 2023 11:47:07 +0200 Subject: [PATCH 12/16] type=gcp actions=validation | introduction of new action --- CHANGELOG.txt | 1 + utils/lib/GCP.php | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 00bb4b66..2451c3ab 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -9,6 +9,7 @@ UTIL: * type=service | improvement for SharedGateway - class VirtualSystem * develop script "shared_gateway.php" | introduction * type=address in=api://192.168.55.129 'actions=combine-addressgroups:{NEW_GROUP_NAME},true' 'filter=(name regex /{FILTER}/)' +* type=gcp actions=validation | introduction of new action BUGFIX: * type=ssh-connector in=admin@MGMT-IP setcommand-file=set-commands.txt | bugfix to correctly send set commands diff --git a/utils/lib/GCP.php b/utils/lib/GCP.php index a288e9aa..95438ef6 100644 --- a/utils/lib/GCP.php +++ b/utils/lib/GCP.php @@ -38,6 +38,9 @@ class GCP extends UTIL private $insecureValue = "--insecure-skip-tls-verify=true"; + private $project_json = null; + private $validation_command = null; + public function utilStart() { @@ -100,6 +103,10 @@ public function main() $outputfilename = PH::$args['out']; elseif( isset(PH::$args['in']) ) $outputfilename = $inputconfig; + elseif( isset(PH::$args['project-json']) ) + $project_json = PH::$args['project-json']; + elseif( isset(PH::$args['validation-command']) ) + $validation_command = PH::$args['validation-command']; if( isset(PH::$args['actions']) ) { @@ -110,6 +117,7 @@ public function main() $actionArray[] = "expedition-log"; $actionArray[] = "upload"; $actionArray[] = "download"; + $actionArray[] = "validation"; $actionArray[] = "onboard"; $actionArray[] = "offboard"; $actionArray[] = "mysql-validation"; @@ -124,6 +132,7 @@ public function main() PH::print_stdout( " - actions=expedition-log tenantid=090"); PH::print_stdout( " - actions=upload tenantid=FULL"); PH::print_stdout( " - actions=download tenantid=FULL"); + PH::print_stdout( " - actions=validation tenantid=XYZ validation-command='XYZ'"); PH::print_stdout( " - actions=onboard tenantid=XYZ"); PH::print_stdout( " - actions=offboard tenantid=XYZ"); PH::print_stdout( " - actions=mysql-validation tenantid=XYZ"); @@ -288,6 +297,33 @@ public function main() $cli = "kubectl ".$this->insecureValue." exec ".$tenantID." -c ".$container." -- cat ".$this->configPath.$inputconfig." > ".$outputfilename; $this->execCLIWithOutput( $cli ); } + elseif( $action == "validation" ) + { + + if( $validation_command === null ) + derr( "argument 'validation-command=COMMAND' is not specified" ); + + + if( strpos( $tenantID, "expedition" ) !== False ) + { + $container = "expedition"; + $this->configPath = "/tmp/"; + } + else + $container = substr($tenantID, 0, -2); + + $cli = "kubectl ".$this->insecureValue." exec ".$tenantID." -c ".$container." -- ".$validation_command; + + $this->execCLI($cli, $output, $retValue); + + foreach( $output as $line ) + { + $string = ' ## '; + $string .= $line; + + PH::print_stdout($string); + } + } elseif( $action == "onboard" ) { //gcloud container clusters get-credentials admin --region us-central1 --project ngfw-dev From 80e660dde3ce27e04714efa1ca6b7460de4486c9 Mon Sep 17 00:00:00 2001 From: Sven Waschkut Date: Mon, 18 Sep 2023 23:20:54 +0200 Subject: [PATCH 13/16] type=gcp actions=image-validation | introduction of new action --- CHANGELOG.txt | 1 + utils/lib/GCP.php | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 2451c3ab..39c5fbf4 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -10,6 +10,7 @@ UTIL: * develop script "shared_gateway.php" | introduction * type=address in=api://192.168.55.129 'actions=combine-addressgroups:{NEW_GROUP_NAME},true' 'filter=(name regex /{FILTER}/)' * type=gcp actions=validation | introduction of new action +* type=gcp actions=image-validation | introduction of new action BUGFIX: * type=ssh-connector in=admin@MGMT-IP setcommand-file=set-commands.txt | bugfix to correctly send set commands diff --git a/utils/lib/GCP.php b/utils/lib/GCP.php index 95438ef6..d84529e8 100644 --- a/utils/lib/GCP.php +++ b/utils/lib/GCP.php @@ -118,6 +118,7 @@ public function main() $actionArray[] = "upload"; $actionArray[] = "download"; $actionArray[] = "validation"; + $actionArray[] = "image-validation"; $actionArray[] = "onboard"; $actionArray[] = "offboard"; $actionArray[] = "mysql-validation"; @@ -133,6 +134,7 @@ public function main() PH::print_stdout( " - actions=upload tenantid=FULL"); PH::print_stdout( " - actions=download tenantid=FULL"); PH::print_stdout( " - actions=validation tenantid=XYZ validation-command='XYZ'"); + PH::print_stdout( " - actions=image-validation"); PH::print_stdout( " - actions=onboard tenantid=XYZ"); PH::print_stdout( " - actions=offboard tenantid=XYZ"); PH::print_stdout( " - actions=mysql-validation tenantid=XYZ"); @@ -324,6 +326,30 @@ public function main() PH::print_stdout($string); } } + elseif( $action == "image-validation" ) + { + if( strpos( $tenantID, "expedition" ) !== False ) + { + $container = "expedition"; + $this->configPath = "/tmp/"; + } + else + $container = substr($tenantID, 0, -2); + + $cli = "kubectl ".$this->insecureValue." describe pod ".$tenantID." | grep 'Image '"; + + //describe pod expedition-77b4c645b9-sxqrp | grep Image + + $this->execCLI($cli, $output, $retValue); + + foreach( $output as $line ) + { + $string = ' ## '; + $string .= $line; + + PH::print_stdout($string); + } + } elseif( $action == "onboard" ) { //gcloud container clusters get-credentials admin --region us-central1 --project ngfw-dev From 6882df18c468355cdfbcf59fd1010befbefd21cc Mon Sep 17 00:00:00 2001 From: Sven Waschkut Date: Mon, 18 Sep 2023 23:50:20 +0200 Subject: [PATCH 14/16] Update GCP.php --- utils/lib/GCP.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/lib/GCP.php b/utils/lib/GCP.php index d84529e8..7edf15b1 100644 --- a/utils/lib/GCP.php +++ b/utils/lib/GCP.php @@ -336,7 +336,7 @@ public function main() else $container = substr($tenantID, 0, -2); - $cli = "kubectl ".$this->insecureValue." describe pod ".$tenantID." | grep 'Image '"; + $cli = "kubectl ".$this->insecureValue." describe pod ".$tenantID." | grep 'Image: '"; //describe pod expedition-77b4c645b9-sxqrp | grep Image From 8462dc14548c9328171de845cacd9681332aab62 Mon Sep 17 00:00:00 2001 From: Sven Waschkut Date: Tue, 19 Sep 2023 10:49:28 +0200 Subject: [PATCH 15/16] type=device | extend to display for FW config, per default also all sharedgateways in additional to vsys --- CHANGELOG.txt | 1 + utils/lib/DEVICEUTIL.php | 2 ++ 2 files changed, 3 insertions(+) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 39c5fbf4..3f3f8550 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -11,6 +11,7 @@ UTIL: * type=address in=api://192.168.55.129 'actions=combine-addressgroups:{NEW_GROUP_NAME},true' 'filter=(name regex /{FILTER}/)' * type=gcp actions=validation | introduction of new action * type=gcp actions=image-validation | introduction of new action +* type=device | extend to display for FW config, per default also all sharedgateways in additional to vsys BUGFIX: * type=ssh-connector in=admin@MGMT-IP setcommand-file=set-commands.txt | bugfix to correctly send set commands diff --git a/utils/lib/DEVICEUTIL.php b/utils/lib/DEVICEUTIL.php index 50cb8bdd..9c8aa82b 100644 --- a/utils/lib/DEVICEUTIL.php +++ b/utils/lib/DEVICEUTIL.php @@ -75,6 +75,8 @@ public function location_filter_object() { if( array_search('any', $this->deviceTypes) !== FALSE || array_search('vsys', $this->deviceTypes) !== FALSE ) $this->objectsToProcess[] = array('store' => $this->pan, 'objects' => $this->pan->getVirtualSystems()); + if( array_search('any', $this->deviceTypes) !== FALSE || array_search('vsys', $this->deviceTypes) !== FALSE ) + $this->objectsToProcess[] = array('store' => $this->pan, 'objects' => $this->pan->getSharedGateways()); } elseif( $this->configType == 'panorama' ) { From b3e29d7cc824e47acc950fc2e12c7800ede24fa7 Mon Sep 17 00:00:00 2001 From: Sven Waschkut Date: Wed, 20 Sep 2023 12:11:36 +0200 Subject: [PATCH 16/16] update App-ID version to: 8756-8298 --- CHANGELOG.txt | 1 + lib/object-classes/predefined.xml | 3055 ++++++++++++++++++++++++++++- 2 files changed, 2951 insertions(+), 105 deletions(-) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 3f3f8550..7b275100 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -17,6 +17,7 @@ BUGFIX: * type=ssh-connector in=admin@MGMT-IP setcommand-file=set-commands.txt | bugfix to correctly send set commands GENERAL: +* update App-ID version to: 8756-8298 2.1.16 (20230908) diff --git a/lib/object-classes/predefined.xml b/lib/object-classes/predefined.xml index 1dbd6a60..3410ff72 100644 --- a/lib/object-classes/predefined.xml +++ b/lib/object-classes/predefined.xml @@ -1,6 +1,6 @@ - 8748-8241 + 8756-8298 @@ -764,6 +764,12 @@ 8571 + + + amazon-cloud-drive-uploading, ssl, web-browsing + 8756 + + web-browsing @@ -1058,6 +1064,24 @@ 8193 + + + web-browsing + 8756 + + + + + ssl + 8756 + + + + + ms-office365, office365-enterprise-access, ssl, web-browsing + 8756 + + bacnet @@ -5270,6 +5294,36 @@ 456 + + + unknown-udp + 8756 + + + + + ftp + 8756 + + + + + ssl + 8756 + + + + + unknown-udp, open-vpn + 8756 + + + + + web-browsing + 8756 + + ssl, web-browsing @@ -5825,7 +5879,7 @@ soap - 8745 + 8756 @@ -7778,6 +7832,12 @@ 609 + + + ssl, unknown-tcp, web-browsing + 8756 + + sctp @@ -9209,7 +9269,7 @@ ssl - 8745 + 8756 @@ -9248,6 +9308,12 @@ 8322 + + + ssl, web-browsing, websocket + 8756 + + web-browsing @@ -10496,6 +10562,12 @@ 8681 + + + unknown-tcp + 8756 + + ssl @@ -11081,7 +11153,13 @@ web-browsing - 8745 + 8756 + + + + + unknown-tcp + 8756 @@ -11840,6 +11918,96 @@ 8447 + + + siemens-epoc + 8756 + + + + + siemens-epoc + 8756 + + + + + siemens-epoc + 8756 + + + + + siemens-epoc + 8756 + + + + + siemens-epoc + 8756 + + + + + siemens-epoc + 8756 + + + + + siemens-epoc + 8756 + + + + + siemens-epoc + 8756 + + + + + siemens-epoc + 8756 + + + + + siemens-epoc + 8756 + + + + + siemens-epoc + 8756 + + + + + siemens-epoc + 8756 + + + + + siemens-epoc + 8756 + + + + + siemens-epoc + 8756 + + + + + siemens-epoc + 8756 + + unknown-tcp @@ -13276,6 +13444,12 @@ 8377 + + + umas + 8756 + + modbus @@ -18322,6 +18496,32 @@ As of April 2009, Qik supports about 140 cell phones for its software. Qik video showmax-streaming + + The epoc Blood Analysis System by Siemens is a handheld, bedside solution that provides lab-accurate blood gas, electrolyte, and metabolite (BGEM) results at the patient side. + + + https://www.siemens-healthineers.com/en-us/blood-gas/blood-gas-systems/epoc-blood-analysis-system + + + + siemens-epoc-acknowledge + siemens-epoc-base + siemens-epoc-get-auto-sw-updt + siemens-epoc-get-configuration + siemens-epoc-get-epocal-config + siemens-epoc-get-evad + siemens-epoc-get-operator-list + siemens-epoc-get-physician-list + siemens-epoc-get-sw-update-info + siemens-epoc-get-testcard-lot + siemens-epoc-get-time + siemens-epoc-handshake + siemens-epoc-reader-info + siemens-epoc-save-eqc + siemens-epoc-save-packet + siemens-epoc-save-test + + S7comm (S7 Communication) is a Siemens proprietary protocol that runs between programmable logic controllers (PLCs) of the Siemens S7-300/400 family.It is used for PLC programming, exchanging data between PLCs, accessing PLC data from SCADA (supervisory control and data acquisition) systems and diagnostic purposes.The S7comm data comes as payload of COTP data packets. @@ -18930,8 +19130,8 @@ Twitter is ranked as one of the 50 most popular websites worldwide by Alexa's we - umas-coils-registers-read umas-base + umas-coils-registers-read umas-coils-registers-write umas-download-block umas-init-comm @@ -18948,6 +19148,8 @@ Twitter is ranked as one of the 50 most popular websites worldwide by Alexa's we umas-plc-reservation-take umas-plc-start umas-plc-stop + umas-read-card-info + umas-read-id umas-repeat-request umas-sd-backup-make umas-sd-backup-remove @@ -18955,7 +19157,6 @@ Twitter is ranked as one of the 50 most popular websites worldwide by Alexa's we umas-upload-block umas-variables-read umas-variables-write - umas-read-id @@ -19143,10 +19344,13 @@ Twitter is ranked as one of the 50 most popular websites worldwide by Alexa's we + azure-log-analytics + azure-openai-api + azure-openai-encrypted + azure-openai-studio windows-azure-base windows-azure-service-updates windows-azure-uploading - azure-log-analytics @@ -28450,6 +28654,7 @@ airaim.com is a domain controlled by four nameservers at airaim.com themselves. web-browsing + amazon-luna bluejeans-uploading canvas close.io @@ -28734,6 +28939,57 @@ airaim.com is a domain controlled by four nameservers at airaim.com themselves. 3 + + saas + internet-utility + browser-based + Amazon Luna is a cloud gaming platform developed and operated by Amazon. This App-ID covers the traffic for Amazon Luna application. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + amazon-cloud-drive-uploading + yes + + no + no + no + no + + + [Web App] + + + + https://en.wikipedia.org/wiki/Amazon_Luna + + + + + tcp/80,443 + + + + rtcp + rtp-base + ssl + stun + web-browsing + websocket + + 1 + amazon-music media @@ -33434,6 +33690,165 @@ Autodesk, Inc. is an American multinational software corporation that makes soft 2 windows-azure + + saas + artificial-intelligence + client-server + Azure OpenAI Service provides access to OpenAI's language models, which can be adapted to tasks including content generation, summarization, semantic search, and natural language to code translation. It can be accessed through either Azure OpenAI Studio, the web-based interface, or API calls. This App-ID covers the decrypted traffic only of Azure OpenAI Service through API calls. The encrypted traffic cannot be differentiated from Azure OpenAI Studio and thus is covered in azure-openai-encrypted. + yes + yes + yes + yes + no + no + no + yes + yes + no + no + yes + no + drop-reset + yes + no + yes + yes + yes + azure-openai-studio + yes + + no + no + no + no + + + [Generative AI] + [Web App] + + + + https://learn.microsoft.com/en-us/azure/ai-services/openai/overview + + + + + tcp/80,443 + + + + ssl + web-browsing + + 3 + windows-azure + + + saas + artificial-intelligence + client-server + Azure OpenAI Service provides access to OpenAI's language models, which can be adapted to tasks including content generation, summarization, semantic search, and natural language to code translation. It can be accessed through either Azure OpenAI Studio, the web-based interface, or API calls. This App-ID covers the encrypted traffic of Azure OpenAI Service that can't be identified uniquely as either azure-openai-studio or azure-openai-api. + yes + yes + no + no + no + yes + yes + no + no + yes + no + drop-reset + no + yes + yes + windows-azure-base + yes + + no + no + no + no + + + [Generative AI] + [Web App] + + + + https://learn.microsoft.com/en-us/azure/ai-services/openai/overview + + + + + tcp/80,443 + + + + ms-office365-base + ssl + + 3 + windows-azure + + + saas + artificial-intelligence + browser-based + Azure OpenAI Service provides access to OpenAI's language models, which can be adapted to tasks including content generation, summarization, semantic search, and natural language to code translation. It can be accessed through either Azure OpenAI Studio, the web-based interface, or API calls. This App-ID covers all decrypted and some encrypted traffic of Azure OpenAI Service through Azure OpenAI Studio. The remaining encrypted traffic cannot be differentiated from Azure OpenAI's API calls and thus is covered in azure-openai-encrypted. + yes + yes + yes + yes + no + no + no + yes + yes + no + no + yes + no + drop-reset + yes + no + yes + yes + yes + office365-enterprise-access + yes + + no + no + no + no + + + [Generative AI] + [Web App] + + + + https://learn.microsoft.com/en-us/azure/ai-services/openai/overview + + + + + tcp/80,443 + + + + ms-office365-base + ssl + web-browsing + + + azure-openai-api + + 3 + windows-azure + general-internet file-sharing @@ -49783,7 +50198,7 @@ Drag your files into Drop Zone or paste them from Clipboard and you are ready to tcp/443 - udp/500,1701,2408,4500 + udp/500,1701,2408,4500,7844 @@ -53585,7 +54000,6 @@ To access a website through the Coral cache (and thus reduce the load on the sit iot drop-reset no - yes https://www.crestron.com/getmedia/4292ddca-5063-4b79-8d61-9b29fbb425eb/mg_sr_ip-guidelines-for-the-it-professional @@ -75415,6 +75829,181 @@ It is developed and maintained by the Icelandic company CCP Games. First release 3 + + business-systems + ics-protocols + client-server + The Ewon Cosy 131 is an industrial VPN gateway designed to offer remote access to machines and installations on customer sites or in the field. Using the Ewon eBuddy software, users can discover Ewon devices on their network. This App-ID covers the Ewon discovery protocol. + yes + yes + no + no + no + no + yes + no + no + no + no + scada + drop-reset + no + yes + + + https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/application-user-guide/aug-0063-00-en-ebuddy.pdf + + + + + udp/1507 + + + 1 + + + business-systems + ics-protocols + client-server + The Ewon Cosy 131 is an industrial VPN gateway designed to offer remote access to machines and installations on customer sites or in the field. This App-ID covers Ewon firmware updates using the eBuddy software. + yes + yes + no + no + no + yes + yes + no + no + no + no + drop-reset + no + yes + yes + ftp + + + https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/application-user-guide/aug-0063-00-en-ebuddy.pdf + + + + + tcp/dynamic + + + + ftp + + 2 + + + business-systems + ics-protocols + client-server + The Ewon Cosy 131 is an industrial VPN gateway designed to offer remote access to machines and installations on customer sites or in the field. eCatcher is the Talk2M remote access software used to connect to the devices located on the Ewon's LAN. This App-ID covers the traffic between the eCatcher software and the Talk2M access server. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + + + https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher + + + + + tcp/443 + + + + ssl + + 1 + + + business-systems + ics-protocols + client-server + The Ewon Cosy 131 is an industrial VPN gateway designed to offer remote access to machines and installations on customer sites or in the field. eCatcher is the Talk2M remote access software used to connect to the devices located on the Ewon's LAN. This App-ID covers the traffic between the eCatcher software and Talk2M VPN servers. + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + open-vpn + + + https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher + + + + + udp/1194 + + + + open-vpn + + 1 + + + business-systems + ics-protocols + browser-based + The Ewon Cosy 131 is an industrial VPN gateway designed to offer remote access to machines and installations on customer sites or in the field. Each Ewon can be configured through its internal web server. This App-ID covers the Ewon web server. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + + [Web App] + + + + https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/8---legacy/aug-0004-00-en-ewon-getting-started.pdf + + + + + tcp/80,443 + + + + web-browsing + + 1 + media photo-video @@ -77299,7 +77888,6 @@ FCIP technology overcomes the distance limitations of native Fibre Channel, enab instant-messaging client-server Fetion is an instant messaging (IM) client developed by China Mobile, a Chinese telecommunications company. It is currently the third most popular IM client in China. It allows users to send and receive SMS free of charge between PCs and mobile phones. China Mobile intends to develop Fetion into a comprehensive communications service which will focus on wireless communications and offer Internet applications as a complement. - yes yes yes no @@ -77310,20 +77898,20 @@ FCIP technology overcomes the distance limitations of native Fibre Channel, enab no yes no - fetion 180 drop-reset no + yes [Web App] - - http://www.fetion.com.cn - http://en.wikipedia.org/wiki/Fetion + + http://www.fetion.com.cn + @@ -77361,6 +77949,7 @@ FCIP technology overcomes the distance limitations of native Fibre Channel, enab no drop-reset no + yes yes no @@ -77372,12 +77961,12 @@ FCIP technology overcomes the distance limitations of native Fibre Channel, enab [Web App] - - http://www.fetion.com.cn - http://en.wikipedia.org/wiki/Fetion + + http://www.fetion.com.cn + @@ -77386,7 +77975,6 @@ FCIP technology overcomes the distance limitations of native Fibre Channel, enab - fetion-base rtp-base stun @@ -77415,6 +78003,7 @@ FCIP technology overcomes the distance limitations of native Fibre Channel, enab drop-reset no no + yes yes no @@ -77440,9 +78029,6 @@ FCIP technology overcomes the distance limitations of native Fibre Channel, enab udp/dynamic - - fetion-base - 3 fetion @@ -81774,7 +82360,6 @@ The Flumotion Streaming Platform is a CDN that supports leading formats like Win drop-reset no yes - yes web20_parrent_app @@ -82832,13 +83417,14 @@ It protects users from hackers and harmful apps, stop trackers, and can set the tcp/21 - tcp/21 tcp/990/secure + tcp/21 dell-update enhanced-file-transfer + ewon-firmware-update fileapp gridftp symantec-av-update @@ -86554,7 +87140,6 @@ The company's "Powered by GameSpy" technology has enabled online functionality i drop-reset no yes - yes github-copilot [Generative AI] @@ -97132,7 +97717,6 @@ It used to be that setting up a VPN tunnel was extremely difficult, however with drop-reset no yes - yes web20_parrent_app @@ -98638,7 +99222,6 @@ However, when the DSRI option is applied to the “http-nsri” applic coralcdn-user direct-connect eset-update - fetion-base gotoassist httport ipp @@ -112157,7 +112740,6 @@ With LeapFILE, there are no email size limits, FTP hassles, or overnight deliver no yes yes - yes web20_parrent_app yes @@ -115487,6 +116069,42 @@ The service connects the remote desktop and the local computer using SSL over TC 2 lucidpress + + business-systems + management + client-server + Luxriot EVO is a Video Management Software (VMS) to deploy with the Auto Detection feature for IP cameras. This App-ID covers the traffic of Luxriot EVO. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + web20_parrent_app + + + https://www.luxriot.com/luxriot-evo/ + + + + + tcp/8080,8083,60554 + + + + ssl + web-browsing + + 1 + networking infrastructure @@ -119954,7 +120572,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://www.mindraynorthamerica.com/patient-monitoring-systems/telemetry-and-central-stations/ @@ -120225,7 +120842,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120263,7 +120879,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120301,7 +120916,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120339,7 +120953,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120377,7 +120990,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120415,7 +121027,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120453,7 +121064,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120491,7 +121101,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120529,7 +121138,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120567,7 +121175,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120605,7 +121212,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120643,7 +121249,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120681,7 +121286,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120719,7 +121323,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120757,7 +121360,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120795,7 +121397,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120833,7 +121434,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120871,7 +121471,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120909,7 +121508,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120947,7 +121545,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -120985,7 +121582,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -121023,7 +121619,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -121061,7 +121656,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -121099,7 +121693,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -121137,7 +121730,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -121175,7 +121767,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -121213,7 +121804,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -121251,7 +121841,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -121289,7 +121878,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -121327,7 +121915,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -121365,7 +121952,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -121403,7 +121989,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -121441,7 +122026,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -121479,7 +122063,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -121517,7 +122100,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -121555,7 +122137,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -121593,7 +122174,6 @@ A major benefit of the MIMACS system is that all components of system are modula no drop-reset no - yes https://dl.mitsubishielectric.com/dl/fa/document/manual/plc/sh080008/sh080008z.pdf @@ -128778,7 +129358,6 @@ Serving as a successor to Microsoft's Business Productivity Online Suite, the se drop-reset no yes - yes sharepoint-online yes @@ -128836,7 +129415,6 @@ Serving as a successor to Microsoft's Business Productivity Online Suite, the se no yes yes - yes sharepoint-online-downloading yes @@ -128893,7 +129471,6 @@ Serving as a successor to Microsoft's Business Productivity Online Suite, the se no yes yes - yes sharepoint-online-uploading yes @@ -136040,6 +136617,53 @@ Network Installation Manager Service Handler (NIMSH) eliminates the need for rsh 3 ning + + saas + it-management + browser-based + NinjaOne is the world's first unified IT management platform, designed to simplify IT operations, make IT teams more efficient, and enable greater business productivity. This App-ID covers the traffic of NinjaOne. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + websocket + yes + + no + no + no + no + + + [Web App] + + + + https://www.ninjaone.com/ + + + + + tcp/80,443 + + + + ssl + web-browsing + + 1 + media gaming @@ -137673,6 +138297,7 @@ Office Live Workspace is a free service for storing and sharing documents online web-browsing + azure-openai-studio microsoft-intune ms-delve ms-onedrive-uploading @@ -143065,8 +143690,8 @@ Based upon OnLive's instant-action cloud gaming technology, OnLive Desktop deliv tcp/1194 - udp/1194 tcp/443 + udp/1194 @@ -143075,6 +143700,7 @@ Based upon OnLive's instant-action cloud gaming technology, OnLive Desktop deliv cyberghost-vpn + ewon-talk2m-vpn frozenway hotspot-shield ipvanish @@ -147073,7 +147699,6 @@ Contrary to older VPN solutions, PacketiX VPN 2.0 can be integrated into an exis drop-reset no yes - yes [Palo Alto Networks] @@ -147113,7 +147738,6 @@ Contrary to older VPN solutions, PacketiX VPN 2.0 can be integrated into an exis drop-reset no yes - yes [Palo Alto Networks] @@ -147985,6 +148609,36 @@ Palringo offers a technology, Palringo Local, which allows users to set and view 1 + + business-systems + ics-protocols + client-server + Panasonic MEWTOCOL communication protocol is a proprietary communication protocol which sends commands (instructions) to a programmable controller, and receives responses in return. This enables the computer and programmable controller to converse with each other, so that various kinds of information can be obtained and provided. This App-ID covers Panasonic MEWTOCOL-COM (Computer Link) and MEWTOCOL-DAT (Data Transfer) communication traffic. + yes + no + no + no + no + no + no + no + no + no + drop-reset + no + yes + + + https://na.industrial.panasonic.com/products/industrial-automation + + + + + tcp/32769-32772 + + + 1 + business-systems software-update @@ -150247,7 +150901,6 @@ PBwiki's investors include Mohr Davidow Ventures and the Seraph Group, as well a drop-reset no yes - yes https://www.usa.philips.com/healthcare/product/HCNOCTN171/patient-information-center-ix-pic-ix @@ -154070,7 +154723,6 @@ delegate granular privileges and authorization without disclosing the root passw drop-reset no yes - yes web20_parrent_app yes @@ -157357,6 +158009,36 @@ QQLive is a separate download. It provides more than 100 TV channels, mostly mai 1 + + business-systems + medical + client-server + Radiometer's AQURE point-of-care IT solution is a digital service that supports high uptime, workflow optimization and quality assurance with centralized control. This App-ID covers the traffic from a Radiometer blood gas analyzer to a Radiometer AQURE web server. + yes + no + no + no + no + no + no + no + no + no + drop-reset + no + yes + + + https://www.radiometeramerica.com/en-US/products/connect-and-care/centralized-aqure + + + + + tcp/9338 + + + 1 + business-systems auth-service @@ -162324,7 +163006,6 @@ It provides two main communication models: the publish-subscribe protocol, which no yes yes - yes web20_parrent_app [Web App] @@ -164715,7 +165396,6 @@ What began as just a startpage with widgets has morphed into a personalized laun drop-reset no yes - yes [Web App] @@ -169095,7 +169775,8 @@ On September 12, 2005, Oracle Corporation announced it had agreed to buy Siebel 1 - + + siemens-epoc business-systems medical client-server @@ -169128,7 +169809,580 @@ On September 12, 2005, Oracle Corporation announced it had agreed to buy Siebel web-browsing + + siemens-epoc-acknowledge + siemens-epoc-get-auto-sw-updt + siemens-epoc-get-configuration + siemens-epoc-get-epocal-config + siemens-epoc-get-evad + siemens-epoc-get-operator-list + siemens-epoc-get-physician-list + siemens-epoc-get-sw-update-info + siemens-epoc-get-testcard-lot + siemens-epoc-get-time + siemens-epoc-handshake + siemens-epoc-reader-info + siemens-epoc-save-eqc + siemens-epoc-save-packet + siemens-epoc-save-test + + 1 + siemens-epoc + + + business-systems + medical + client-server + The epoc Blood Analysis System by Siemens is a handheld, bedside solution that provides lab-accurate blood gas, electrolyte, and metabolite (BGEM) results at the patient side. This App-ID covers the Acknowledge traffic of Siemens epoc Blood Analysis System. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + siemens-epoc-base + + + https://www.siemens-healthineers.com/en-us/blood-gas/blood-gas-systems/epoc-blood-analysis-system + + + + + tcp/dynamic + + + + web-browsing + + 1 + siemens-epoc + + + business-systems + medical + client-server + The epoc Blood Analysis System by Siemens is a handheld, bedside solution that provides lab-accurate blood gas, electrolyte, and metabolite (BGEM) results at the patient side. This App-ID covers the GetAutoSoftwareUpdate traffic of Siemens epoc Blood Analysis System. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + siemens-epoc-base + + + https://www.siemens-healthineers.com/en-us/blood-gas/blood-gas-systems/epoc-blood-analysis-system + + + + + tcp/dynamic + + + + web-browsing + + 1 + siemens-epoc + + + business-systems + medical + client-server + The epoc Blood Analysis System by Siemens is a handheld, bedside solution that provides lab-accurate blood gas, electrolyte, and metabolite (BGEM) results at the patient side. This App-ID covers the GetConfiguration traffic of Siemens epoc Blood Analysis System. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + siemens-epoc-base + + + https://www.siemens-healthineers.com/en-us/blood-gas/blood-gas-systems/epoc-blood-analysis-system + + + + + tcp/dynamic + + + + web-browsing + + 1 + siemens-epoc + + + business-systems + medical + client-server + The epoc Blood Analysis System by Siemens is a handheld, bedside solution that provides lab-accurate blood gas, electrolyte, and metabolite (BGEM) results at the patient side. This App-ID covers the GetEpocalConfiguration traffic of Siemens epoc Blood Analysis System. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + siemens-epoc-base + + + https://www.siemens-healthineers.com/en-us/blood-gas/blood-gas-systems/epoc-blood-analysis-system + + + + + tcp/dynamic + + + + web-browsing + + 1 + siemens-epoc + + + business-systems + medical + client-server + The epoc Blood Analysis System by Siemens is a handheld, bedside solution that provides lab-accurate blood gas, electrolyte, and metabolite (BGEM) results at the patient side. This App-ID covers the GetEvad traffic of Siemens epoc Blood Analysis System. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + siemens-epoc-base + + + https://www.siemens-healthineers.com/en-us/blood-gas/blood-gas-systems/epoc-blood-analysis-system + + + + + tcp/dynamic + + + + web-browsing + + 1 + siemens-epoc + + + business-systems + medical + client-server + The epoc Blood Analysis System by Siemens is a handheld, bedside solution that provides lab-accurate blood gas, electrolyte, and metabolite (BGEM) results at the patient side. This App-ID covers the GetOperatorList traffic of Siemens epoc Blood Analysis System. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + siemens-epoc-base + + + https://www.siemens-healthineers.com/en-us/blood-gas/blood-gas-systems/epoc-blood-analysis-system + + + + + tcp/dynamic + + + + web-browsing + + 1 + siemens-epoc + + + business-systems + medical + client-server + The epoc Blood Analysis System by Siemens is a handheld, bedside solution that provides lab-accurate blood gas, electrolyte, and metabolite (BGEM) results at the patient side. This App-ID covers the GetPhysiciansList traffic of Siemens epoc Blood Analysis System. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + siemens-epoc-base + + + https://www.siemens-healthineers.com/en-us/blood-gas/blood-gas-systems/epoc-blood-analysis-system + + + + + tcp/dynamic + + + + web-browsing + + 1 + siemens-epoc + + + business-systems + medical + client-server + The epoc Blood Analysis System by Siemens is a handheld, bedside solution that provides lab-accurate blood gas, electrolyte, and metabolite (BGEM) results at the patient side. This App-ID covers the GetSWUpdateInfo traffic of Siemens epoc Blood Analysis System. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + siemens-epoc-base + + + https://www.siemens-healthineers.com/en-us/blood-gas/blood-gas-systems/epoc-blood-analysis-system + + + + + tcp/dynamic + + + + web-browsing + + 1 + siemens-epoc + + + business-systems + medical + client-server + The epoc Blood Analysis System by Siemens is a handheld, bedside solution that provides lab-accurate blood gas, electrolyte, and metabolite (BGEM) results at the patient side. This App-ID covers the GetTestCardLotList traffic of Siemens epoc Blood Analysis System. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + siemens-epoc-base + + + https://www.siemens-healthineers.com/en-us/blood-gas/blood-gas-systems/epoc-blood-analysis-system + + + + + tcp/dynamic + + + + web-browsing + + 1 + siemens-epoc + + + business-systems + medical + client-server + The epoc Blood Analysis System by Siemens is a handheld, bedside solution that provides lab-accurate blood gas, electrolyte, and metabolite (BGEM) results at the patient side. This App-ID covers the GetTime traffic of Siemens epoc Blood Analysis System. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + siemens-epoc-base + + + https://www.siemens-healthineers.com/en-us/blood-gas/blood-gas-systems/epoc-blood-analysis-system + + + + + tcp/dynamic + + + + web-browsing + + 1 + siemens-epoc + + + business-systems + medical + client-server + The epoc Blood Analysis System by Siemens is a handheld, bedside solution that provides lab-accurate blood gas, electrolyte, and metabolite (BGEM) results at the patient side. This App-ID covers the Handshake traffic of Siemens epoc Blood Analysis System. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + siemens-epoc-base + + + https://www.siemens-healthineers.com/en-us/blood-gas/blood-gas-systems/epoc-blood-analysis-system + + + + + tcp/dynamic + + + + web-browsing + + 1 + siemens-epoc + + + business-systems + medical + client-server + The epoc Blood Analysis System by Siemens is a handheld, bedside solution that provides lab-accurate blood gas, electrolyte, and metabolite (BGEM) results at the patient side. This App-ID covers the ReaderInfo traffic of Siemens epoc Blood Analysis System. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + siemens-epoc-base + + + https://www.siemens-healthineers.com/en-us/blood-gas/blood-gas-systems/epoc-blood-analysis-system + + + + + tcp/dynamic + + + + web-browsing + + 1 + siemens-epoc + + + business-systems + medical + client-server + The epoc Blood Analysis System by Siemens is a handheld, bedside solution that provides lab-accurate blood gas, electrolyte, and metabolite (BGEM) results at the patient side. This App-ID covers the SaveEqc traffic of Siemens epoc Blood Analysis System. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + siemens-epoc-base + + + https://www.siemens-healthineers.com/en-us/blood-gas/blood-gas-systems/epoc-blood-analysis-system + + + + + tcp/dynamic + + + + web-browsing + + 1 + siemens-epoc + + + business-systems + medical + client-server + The epoc Blood Analysis System by Siemens is a handheld, bedside solution that provides lab-accurate blood gas, electrolyte, and metabolite (BGEM) results at the patient side. This App-ID covers the SavePacket traffic of Siemens epoc Blood Analysis System. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + siemens-epoc-base + + + https://www.siemens-healthineers.com/en-us/blood-gas/blood-gas-systems/epoc-blood-analysis-system + + + + + tcp/dynamic + + + + web-browsing + + 1 + siemens-epoc + + + business-systems + medical + client-server + The epoc Blood Analysis System by Siemens is a handheld, bedside solution that provides lab-accurate blood gas, electrolyte, and metabolite (BGEM) results at the patient side. This App-ID covers the SaveTest traffic of Siemens epoc Blood Analysis System. + yes + yes + no + no + no + no + yes + no + no + no + no + drop-reset + no + yes + yes + siemens-epoc-base + + + https://www.siemens-healthineers.com/en-us/blood-gas/blood-gas-systems/epoc-blood-analysis-system + + + + + tcp/dynamic + + + + web-browsing + 1 + siemens-epoc business-systems @@ -174699,7 +175953,6 @@ This identifies version 3 of the protocol. SNMPv3 provides important security fe drop-reset no yes - yes web20_parrent_app yes @@ -179740,7 +180993,6 @@ The service is largely comparable to other social networking sites. StudiVZ clai drop-reset no yes - yes websocket yes @@ -183865,7 +185117,6 @@ TalesRunner is very popular in Korea and it is gaining increasing support in oth medical drop-reset no - yes https://www.terarecon.com/ @@ -185280,7 +186531,6 @@ In addition to the remote control features (screen-sharing), Timbuktu also allow no drop-reset no - yes https://www.sci.com/tocnet-g4/ @@ -189476,6 +190726,7 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-plc-reservation-take umas-plc-start umas-plc-stop + umas-read-card-info umas-read-id umas-repeat-request umas-sd-backup-make @@ -189520,6 +190771,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -189555,6 +190809,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -189590,6 +190847,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -189625,6 +190885,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -189660,6 +190923,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -189695,6 +190961,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -189730,6 +190999,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -189765,6 +191037,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -189800,6 +191075,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -189835,6 +191113,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -189870,6 +191151,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -189905,6 +191189,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -189940,6 +191227,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -189975,6 +191265,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -190010,6 +191303,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -190045,6 +191341,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -190080,6 +191379,48 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + + 1 + umas + + + business-systems + ics-protocols + network-protocol + The UMAS (Unified Messaging Application Services) protocol is based on the Modbus protocol. UMAS protocol is used to configure and monitor the Schneider-Electric PLCs. This App-ID covers the command traffic of reading internal PLC SD-Card Info in UMAS protocol. + yes + no + no + no + no + no + no + no + no + no + drop-reset + no + yes + yes + umas-base + + + http://lirasenlared.blogspot.com/2017/08/the-unity-umas-protocol-part-i.html + + + + + tcp/502 + + + + umas-base + + + ctd-dummy + 1 umas @@ -190115,6 +191456,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -190150,6 +191494,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -190185,6 +191532,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -190220,6 +191570,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -190255,6 +191608,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -190290,6 +191646,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -190325,6 +191684,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -190360,6 +191722,9 @@ UDP Lite is a connectionless protocol, a variant form of UDP, that will deliver umas-base + + ctd-dummy + 1 umas @@ -196451,6 +197816,7 @@ WebQQ is the online service where you can do the QQ chat online without installi mqtt-base ms-visual-studio-remote-tunnel netlog + ninjaone ocpp openmeetings pdffiller-base @@ -197994,6 +199360,7 @@ WhatsApp has integrated the TextSecure encryption protocol, which enforces certi azure-log-analytics + azure-openai-encrypted pitchengine sway windows-azure-uploading @@ -234278,6 +235645,163 @@ Zwiki supports a number of wiki markup styles out of the box, including MoinMoin + + + + + + bittorrent + signiant-base,fasp,ldap,traceroute + + + + + + + unknown-udp + cip-ethernet-ip-base + + + + + + + unknown-udp, dnscrypt + cisco-umbrella-dnscrypt + + + + + + + unknown-udp + cloudflare-warp + + + + + + + + dropbox-base + dropbox-editing + + + + + + + facebook-base + facebook-video + + + + + + + unknown-tcp + flexnet-publisher + + + + + + + ipvanish + ike + + + + + + + openai-api + openai-base + + + + + + + unknown-tcp + oracle + + + + + + + unknown-udp + quic + + + + + + + unknown-tcp, unknown-udp + rauland-borg-nurse-call + + + + + + + unknown-tcp + telegram-base + + + + + + + tenable.io + ssl, web-browsing + + + + + + + twitter-base + twitter-posting + + + + + + + unknown-tcp + whatsapp-base + + + + + + + whatsapp-voice + stun,rtp-audio + + + + + + + ssl + zoom-base + + + + + + + http-proxy,web-browsing + zscaler-internet-access + + + + + @@ -234559,6 +236083,7 @@ Zwiki supports a number of wiki markup styles out of the box, including MoinMoin All + Ubuntu 22.04 LTS Ubuntu 20.04.2 LTS Ubuntu 20.04.1 LTS Ubuntu 20.04 LTS @@ -234582,6 +236107,11 @@ Zwiki supports a number of wiki markup styles out of the box, including MoinMoin Ubuntu 14.04.2 LTS Ubuntu 14.04.1 LTS Ubuntu 14.0.4 LTS + Red Hat Enterprise Linux 9.1 + Red Hat Enterprise Linux 8.7 + Red Hat Enterprise Linux 8.4 + Red Hat Enterprise Linux 8.3 + Red Hat Enterprise Linux 8.1 Red Hat Enterprise Linux 8.0 Red Hat Enterprise Linux 7.7 Red Hat Enterprise Linux 7.6 @@ -239022,7 +240552,7 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n This tag groups App-IDs that use artificial intelligence algorithms to create new content (text, video, audio, images, etc.) or alter it (edit, correct, extend, etc.) based on user input. - 8748-8241 + 8756-8298 @@ -278348,6 +279878,83 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + Gh0st RAT Command and Control Traffic Detection command-and-control @@ -278369,6 +279976,90 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + Gh0st RAT Command and Control Traffic Detection command-and-control @@ -278698,6 +280389,76 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + + + Pastebin Command and Control Traffic Detection + spyware + critical + + reset-both + RelevantKnowledge Adware Traffic Detection spyware @@ -278768,6 +280529,146 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + Generic Malicious Traffic Detection + command-and-control + critical + + reset-both + + + Gh0st RAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + Gh0st RAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + Gh0st RAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + Gh0st RAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + Gh0st RAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + Gh0st RAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + NJRat Command and Control Traffic Detection + command-and-control + medium + + alert + + + Gh0st RAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + LimeRAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + Gh0st RAT Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + Malicious LNK Files Detection + spyware + medium + + alert + + + Malicious VBScript Files Detection + spyware + medium + + alert + + + Malicious PowerShell File Detection + spyware + medium + + alert + + + Malicious PowerShell Files Detection + spyware + medium + + alert + + + Malicious PowerShell Files Detection + spyware + medium + + alert + + + Malicious JavaScript Files Detection + spyware + medium + + alert + + + Malicious JavaScript Files Detection + spyware + medium + + alert + + + Malicious JavaScript Files Detection + spyware + medium + + alert + + + Malicious JavaScript Files Detection + spyware + medium + + alert + EmailSpyPro adware @@ -289814,6 +291715,13 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + Generic PHP Webshell File Detection + webshell + critical + + reset-both + Viking Command and Control Traffic Detected spyware @@ -301231,6 +303139,13 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + PotatoVPN Traffic Detection + spyware + informational + + alert + PoshC2 Default Certificate Detection backdoor @@ -301420,6 +303335,41 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + Mythic Agent Medusa Command and Control Traffic Detection + hacktool + medium + + reset-both + + + Mythic Agent Medusa Command and Control Traffic Detection + hacktool + critical + + reset-both + + + Caldera Manx Plugin Executable Download Detection + hacktool + critical + + reset-both + + + Caldera Manx Plugin Command and Control Traffic Detection + hacktool + critical + + reset-both + + + Caldera Manx Plugin Command and Control Traffic Detection + hacktool + critical + + reset-both + QuiteRAT Command and Control Traffic Detection command-and-control @@ -301441,6 +303391,62 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + Caldera Ragdoll Agent Executable Download Detection + hacktool + critical + + reset-both + + + Caldera Ragdoll Agent Command and Control Traffic Detection + hacktool + critical + + reset-both + + + Cobalt Strike Beacon Command and Control Traffic Detection + hacktool + critical + + reset-both + + + Cobalt Strike Beacon Command and Control Traffic Detection + hacktool + critical + + reset-both + + + Microsoft Office File Embedded in PDF File Detection + spyware + low + + alert + + + Nimbo-C2 Command and Control Traffic Detection + command-and-control + critical + + reset-both + + + BruteRatel C4 Command and Control Traffic Detection + hacktool + critical + + reset-both + + + Cobalt Strike Beacon Command and Control Traffic Detection + hacktool + critical + + reset-both + Backdoor.BO.Rootme backdoor @@ -303747,7 +305753,7 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n SSH Failed Brute-force Authentication Attempt brute-force - medium + low yes @@ -304462,6 +306468,24 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n source-and-destination + + LibSSH Authentication Key Bypass Vulnerability + + CVE-2023-2283 + + + brute-force + medium + + yes + + alert + + 10 + 50 + source-and-destination + + Rockwell Automation RSLinx Classic CIP Connection Path Size Stack Buffer Overflow Vulnerability @@ -322488,6 +324512,19 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + Redis HRANDFIELD ZRANDMEMBER command Integer Overflow Vulnerability + + CVE-2023-22458 + + overflow + medium + + + yes + + alert + NodeBB socket.io Elevation of Privilege Vulnerability @@ -322595,6 +324632,19 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n alert + + Flexera FlexNet Publisher License Server Manager Request Handling Buffer Overflow Vulnerability + + CVE-2015-8277 + + code-execution + critical + + + yes + + reset-server + Redis Buffer Overflow Vulnerability @@ -328919,7 +330969,7 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n info-leak high - + yes @@ -411766,8 +413816,9 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server - Adobe CodeFusion Remote Code Execution Vulnerability + Adobe ColdFusion Remote Code Execution Vulnerability + CVE-2023-26359 CVE-2023-26360 code-execution @@ -411779,8 +413830,9 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server - Adobe CodeFusion Remote Code Execution Vulnerability + Adobe ColdFusion Remote Code Execution Vulnerability + CVE-2023-26359 CVE-2023-26360 code-execution @@ -414200,6 +416252,19 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + GitLab Directory Traversal Vulnerability + + CVE-2023-2825 + + info-leak + high + + + yes + + reset-server + Cisco Small Business Switch Information Disclosure Vulnerability @@ -415442,6 +417507,20 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + FasterXML Jackson-Databind Denial-of-Service Vulnerability + + CVE-2022-42004 + CVE-2022-42003 + + dos + high + + + yes + + reset-server + PHP PostgreSQL Remote Code Execution @@ -415849,19 +417928,6 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server - - Barracuda Email Security Gateway Command Injection Vulnerability - - CVE-2023-2868 - - code-execution - critical - - - yes - - reset-both - Adobe ColdFusion Check Credentials Attempt info-leak @@ -416764,6 +418830,18 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + SSH2 LibSSH Login Attempt + + CVE-2023-2283 + + brute-force + informational + + + yes + + Google Chrome Type Confusion Vulnerability @@ -416881,6 +418959,19 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + Cisco WebEx Player ATDL2006.dll Heap Memory Corruption + + CVE-2011-3319 + + overflow + high + + + yes + + reset-both + Netgear ProSAFE NMS300 getNodesByTopologyMapSearch SQL Injection Vulnerability @@ -417684,6 +419775,16 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n alert + + HTTP SQL Injection Attempt + sql-injection + medium + + + yes + + alert + XStream Library Insecure Deserialization Vulnerability @@ -417711,6 +419812,26 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + Kingdee Deserialization Remote Code Execution Vulnerability + code-execution + critical + + + yes + + reset-server + + + Smartbi Built-in User Authentication Bypass Vulnerability + code-execution + critical + + + yes + + reset-server + VMware vCenter Server Arbitrary File Read Vulnerability @@ -417923,6 +420044,19 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + MinIO Server Side Request Forgery Vulnerability + + CVE-2021-21287 + + code-execution + high + + + yes + + reset-both + Pimcore Stored Cross-Site Scripting Vulnerability @@ -417965,6 +420099,35 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + Microsoft Excel Memory Corruption Vulnerability + + CVE-2011-1988 + + + MS11-072 + + code-execution + high + + + yes + + reset-both + + + D-Link DVG-N5402SP Directory Traversal Vulnerability + + CVE-2015-7245 + + info-leak + high + + + yes + + reset-server + RaspAP Command Injection Vulnerability @@ -417978,6 +420141,32 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + Weaver E-Office Arbitrary File Upload Vulnerability + + CVE-2023-2648 + + code-execution + critical + + + yes + + reset-server + + + GitLab GraphQL Information Disclosure Vulnerability + + CVE-2020-26413 + + info-leak + medium + + + yes + + alert + Libexpat Integer Overflow Vulnerability @@ -417991,6 +420180,29 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + Microsoft Windows GDI Information Disclosure Vulnerability + + CVE-2018-8397 + + info-leak + high + + + yes + + reset-both + + + SECWORLD SecGate 3600 NGFW Arbitrary File Upload Vulnerability + code-execution + medium + + + yes + + alert + PaperCut NG and MF Path Traversal Vulnerability @@ -418004,6 +420216,19 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + WordPress XootiX Plugins Cross Site Request Forgery Vulnerability + + CVE-2022-0215 + + code-execution + high + + + yes + + reset-server + Cisco Routers File Upload Vulnerability @@ -418017,6 +420242,154 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + eGroupWare Remote Code Eexecution Vulnerability + code-execution + medium + + + yes + + alert + + + Tongda OA Online Arbitrary User Login Vulnerability + info-leak + informational + + + yes + + alert + + + Weaver E-Office Arbitrary File Upload Vulnerability + + CVE-2023-2523 + + code-execution + critical + + + yes + + reset-server + + + Yonyou NC-Cloud Arbitrary File Upload Vulnerability + code-execution + medium + + + yes + + reset-server + + + Potential Command Execution Vulnerability + code-execution + medium + + + yes + + alert + + + HTTP SQL Injection Attempt + sql-injection + medium + + + yes + + alert + + + Abode Systems Command Injection Vulnerability + + CVE-2022-33193 + + code-execution + critical + + + yes + + reset-server + + + HTTP SQL Injection Attempt + sql-injection + medium + + + yes + + alert + + + Abode Systems Command Injection Vulnerability + + CVE-2022-33194 + + code-execution + critical + + + yes + + reset-server + + + HTTP SQL Injection Attempt + sql-injection + medium + + + yes + + alert + + + Abode Systems Memory Corruption Vulnerability + + CVE-2022-35874 + + code-execution + critical + + + yes + + reset-server + + + Apache Xalan Java XSLT Library Integer Truncation Vulnerability + + CVE-2022-34169 + + code-execution + high + + + yes + + reset-both + + + Microsoft Internet Explorer Memory Corruption Vulnerability + + CVE-2014-0322 + + code-execution + high + + + yes + + alert + SonicWall GMS and Analytics detectInjection SQL Injection Vulnerability @@ -418031,6 +420404,16 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + Nmap Service Detection + hacktool + low + + + yes + + alert + Ivanti MobileIron Sentry Command Injection Vulnerability @@ -418044,6 +420427,362 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + Google Chrome Android Intent Redirect Vulnerability + + CVE-2022-2856 + + code-execution + medium + + + yes + + reset-client + + + Generic Cross-Site Scripting Vulnerability + code-execution + medium + + + yes + + alert + + + Citrix Gateway Cross-Site Scripting Vulnerability + + CVE-2023-24488 + + code-execution + medium + + + yes + + alert + + + Oracle GlassFish Cross Site Request Forgery Vulnerability + + CVE-2012-0550 + + code-execution + medium + + + yes + + alert + + + Juniper Networks JunOS Remote Code Execution Vulnerability + + CVE-2023-36844 + CVE-2023-36845 + CVE-2023-36846 + CVE-2023-36847 + + code-execution + medium + + + yes + + reset-server + + + WordPress Forminator Plugin File Upload Vulnerability + + CVE-2023-4596 + + code-execution + critical + + + yes + + reset-server + + + Ivanti Avalanche Directory Traversal Vulnerability + + CVE-2023-32563 + + code-execution + critical + + + yes + + reset-server + + + Tongda OA SQL Injection Vulnerability + + CVE-2023-4166 + CVE-2023-4165 + + sql-injection + critical + + + yes + + reset-server + + + Stakater Forecastle Directory Traversal Vulnerability + + CVE-2023-40297 + + info-leak + medium + + + yes + + alert + + + Google Chrome Type Confusion Vulnerability + + CVE-2023-2935 + + code-execution + high + + + yes + + reset-both + + + Google Chrome Type Confusion Vulnerability + + CVE-2023-2936 + + code-execution + high + + + yes + + reset-both + + + WordPress Media Library Assistant Plugin Remote Code Execution Vulnerability + + CVE-2023-4634 + + code-execution + critical + + + yes + + reset-server + + + Google Chrome Use-After-Free Vulnerability + + CVE-2023-2931 + CVE-2023-2932 + + code-execution + high + + + yes + + reset-both + + + Google Chrome Use-After-Free Vulnerability + + CVE-2023-2930 + + code-execution + high + + + yes + + reset-both + + + Google Chrome Use-After-Free Vulnerability + + CVE-2023-2933 + + code-execution + high + + + yes + + reset-both + + + TOTOlink A7100RU Command Injection Vulnerability + + CVE-2022-28584 + + code-execution + critical + + + yes + + reset-server + + + TRENDnet TEW755AP Command Injection Vulnerability + + CVE-2022-46597 + + code-execution + critical + + + yes + + reset-server + + + TRENDnet TEW755AP Stack Buffer Overflow Vulnerability + + CVE-2022-46588 + + overflow + critical + + + yes + + reset-server + + + TOTOlink A7100RU Command Injection Vulnerability + + CVE-2022-28575 + + code-execution + critical + + + yes + + reset-server + + + TOTOlink A7100RU Command Injection Vulnerability + + CVE-2022-28577 + + code-execution + critical + + + yes + + reset-server + + + TOTOlink A7100RU Command Injection Vulnerability + + CVE-2022-28582 + + code-execution + critical + + + yes + + reset-server + + + TOTOlink A7100RU Command Injection Vulnerability + + CVE-2022-28580 + + code-execution + critical + + + yes + + reset-server + + + TOTOlink A7100RU Command Injection Vulnerability + + CVE-2022-28583 + + code-execution + critical + + + yes + + reset-server + + + D-Link Wi-Fi Router Firmware Buffer Overflow Vulnerability + + CVE-2022-30521 + + overflow + critical + + + yes + + reset-server + + + Acrobat Reader Memory Corruption Vulnerability + + CVE-2023-26369 + + + APSB23-34 + + code-execution + high + + + yes + + reset-both + + + Avaya Aura Remote Code Execution Vulnerability + + CVE-2023-3722 + + code-execution + critical + + + yes + + reset-server + + + VMware Aria Operations for Networks saveFileToDisk Directory Traversal Vulnerability + + CVE-2023-20890 + + info-leak + high + + + yes + + reset-server + Mozilla Firefox Browser Engine Multiple Unspecified Vulnerabilities @@ -506780,9 +509519,9 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n alert - MVPower DVR TV Shell Unauthenticated Command Execution Vulnerability + MVPower DVR TV Remote Command Execution Vulnerability code-execution - high + medium yes @@ -530119,7 +532858,7 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n code-execution medium - + yes @@ -539247,6 +541986,7 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n code-execution medium + yes @@ -546039,6 +548779,19 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + Apache Superset Remote Code Execution Vulnerability + + CVE-2023-37941 + + code-execution + critical + + + yes + + reset-server + Aerospike Database Server RW Fabric Message Code Execution Vulnerability @@ -547953,6 +550706,32 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + LW9621 Drone Camera Buffer Overflow Vulnerability + + CVE-2022-40918 + + overflow + critical + + + yes + + alert + + + Microsoft Windows Internet Connection Sharing DHCP Interface Remote Code Execution Vulnerability + + CVE-2023-38148 + + code-execution + critical + + + yes + + reset-server + Cisco Secure ACS EAP-TLS Authentication Bypass Vulnerability @@ -551166,11 +553945,10 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n overflow high - yes yes - reset-server + alert SIP Invalid Sent-by Address Found @@ -551390,6 +554168,19 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n alert + + Digium Asterisk SIP SDP Header Buffer Overflow Vulnerability + + CVE-2013-2685 + + overflow + medium + + + yes + + alert + Digium Asterisk res_pjsip_pubsub Out-of-Bounds Write Vulnerability @@ -553795,6 +556586,19 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-both + + Barracuda Email Security Gateway Command Injection Vulnerability + + CVE-2023-2868 + + code-execution + critical + + + yes + + reset-both + Squid ASN.1 Header Parsing Denial of Service Vulnerability @@ -556934,6 +559738,16 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server + + Nmap Aggressive Option Print Detection + hacktool + low + + + yes + + alert + Sybase Database Login Failed brute-force @@ -564101,7 +566915,7 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n reset-server - Microsoft Windows Rdp Gateway Server Remote Code Execution Vulnerability + Microsoft Windows Remote Desktop Gateway Remote Code Execution Vulnerability CVE-2020-0609 @@ -566113,6 +568927,12 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n Onenote Document Detected Onenote Document + + Executables + yes + Possible ActiveX CAB Detected + Possible ActiveX CAB + @@ -566376,6 +569196,7 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n 52018 52258 52131 + 52193 @@ -566437,6 +569258,8 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n + + @@ -569913,6 +572736,28 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n generic-req-nettcp-host generic-req-nettcp-path + + scada-req-codesys-runtime-host-name + scada-req-codesys-runtime-model-number + scada-req-codesys-runtime-vendor-name + scada-req-codesys-runtime-serial-number + scada-req-codesys-runtime-mac-address + scada-req-codesys-runtime-ip-address + scada-req-codesys-runtime-application-name + scada-rsp-codesys-runtime-application-name + scada-req-codesys-runtime-manufacturer + scada-rsp-codesys-runtime-manufacturer + scada-req-codesys-runtime-desktop-name + scada-rsp-codesys-runtime-desktop-name + scada-req-codesys-runtime-codesys-version + scada-rsp-codesys-runtime-codesys-version + scada-rsp-codesys-runtime-host-name + scada-rsp-codesys-runtime-model-number + scada-rsp-codesys-runtime-vendor-name + scada-rsp-codesys-runtime-serial-number + scada-rsp-codesys-runtime-mac-address + scada-rsp-codesys-runtime-ip-address + @@ -570395,7 +573240,7 @@ Refer to this article for details - https://live.paloaltonetworks.com/t5/blogs/n - +