diff --git a/openapi-specs/scm/config/posture-management/Posture APIs.yaml b/openapi-specs/scm/config/posture-management/Posture APIs.yaml index 18be56685..1917f76e0 100644 --- a/openapi-specs/scm/config/posture-management/Posture APIs.yaml +++ b/openapi-specs/scm/config/posture-management/Posture APIs.yaml @@ -1,31 +1,60 @@ openapi: 3.0.3 info: - title: Best Practice Assessment (BPA) Config Upload API - version: 1.1.0 - description: "The Best Practice Assessment (BPA) Config Upload API provides a streamlined,\ - \ \nprogrammatic way for organizations to audit their security posture. \nBy integrating\ - \ this API into your workflow, you can automatically submit configuration files\ - \ from \nPalo Alto Networks Panorama or Next-Generation Firewalls (NGFW) and receive\ - \ a comprehensive assessment\nbased on industry-standard security benchmarks.\n\ - The service parses your configuration, identifies potential security gaps, and\n\ - returns a detailed JSON-formatted report. This allows your team to ingest data\ - \ directly \ninto custom dashboards, SIEMs, or other automations.\n\nKey Features\ - \ and Security\n\n We understand that configuration files contain sensitive\ - \ architectural data. \n This API is built with a security-first architecture\ - \ to ensure your data remains protected:\n - Secure Transmission: All data\ - \ is encrypted in transit using industry-standard TLS protocols.\n - Privacy\ - \ Control (Zero Persistence): The API includes an optional flag that instructs\ - \ the service \n to delete the configuration file immediately after the report\ - \ is generated. \n This ensures that none of your sensitive information is\ - \ stored in the cloud environment.\n - Actionable JSON Output: Instead of static\ - \ PDFs, the API delivers structured data, \n making it machine readable and\ - \ easily processed.\n\nWorkflow Overview\n\n 1. Export: Generate a configuration\ - \ file from your Panorama or NGFW.\n 2. Upload: Submit the file to the config\ - \ upload endpoint via a secure POST request.\n 3. Process: The engine analyzes\ - \ the configuration against hundreds of best-practice checks.\n 4. Retrieve:\ - \ Receive the results instantly in a structured JSON schema.\n 5. Purge: (Optional)\ - \ The service automatically deletes the source configuration file upon completion.\ - \ This Open API spec file was created on April 10, 2026. \xA9 2026 Palo Alto Networks,\ + title: 'Posture Management and Assessment API: BPA, Custom Checks, and Compliance' + version: '1.0' + description: "The Posture Management and Assessment API suite provides a streamlined,\ + \ programmatic way for organizations to audit, manage, and enforce their security\ + \ posture. By integrating these APIs into your workflow, you can automate security\ + \ assessments, manage customized posture checks, and ensure continuous alignment\ + \ with industry-standard security benchmarks and your organization's unique requirements.\n\ + Best Practice Assessment (BPA) Config Upload API\nThe Best Practice Assessment\ + \ (BPA) Config Upload API enables automated submission of configuration files\ + \ from Palo Alto Networks Panorama or Next-Generation Firewalls (NGFW) to receive\ + \ a comprehensive assessment based on predefined, industry-standard security best\ + \ practices. The service parses your configuration, identifies potential security\ + \ gaps, and returns a detailed JSON-formatted report, allowing your team to ingest\ + \ data directly into custom dashboards, SIEMs, or other automations.\n\nKey Features\ + \ and Security\n\nWe understand that configuration files contain sensitive architectural\ + \ data. This API is built with a security-first architecture to ensure your data\ + \ remains protected\n\n - Secure Transmission- All data is encrypted in transit\ + \ using industry-standard TLS protocols.\n - Privacy Control (Zero Persistence)-\ + \ The API includes an optional flag that instructs the service to delete the configuration\ + \ file immediately after the report is generated. This ensures that none of your\ + \ sensitive information is stored in the cloud environment.\n - Actionable JSON\ + \ Output- Instead of static PDFs, the API delivers structured data, making it\ + \ machine-readable and easily processed.\n\nBPA Workflow Overview\n\n - Export-\ + \ Generate a configuration file from your Panorama or NGFW.\n - Upload- Submit\ + \ the file to the config upload endpoint via a secure POST request.\n - Process-\ + \ The engine analyzes the configuration against hundreds of pre-defined best-practice\ + \ checks.\n - Retrieve- Receive the results instantly in a structured JSON schema.\n\ + \ - Purge- (Optional) The service automatically deletes the source configuration\ + \ file upon completion.\n \nCustom Posture Check Management (Pro License Required)\n\ + \n While the BPA Config Upload API validates against pre-defined best practices,\ + \ our Custom Posture Check endpoints give Pro-licensed users the ability to manage\ + \ and report on user-defined posture checks tailored to specific organizational\ + \ policies.\n\nThese endpoints provide full lifecycle management for Custom Posture\ + \ Checks\n\n - List Checks- Retrieve all custom posture checks in your environment.\n\ + \ - Create Checks- Define new custom security posture rules.\n - Retrieve (Get)\ + \ Checks- Fetch the details of a specific posture check by its ID.\n - Update\ + \ Checks- Modify existing checks to adapt to evolving security policies.\n -\ + \ Delete Checks- Remove outdated or unnecessary checks by ID.\n - Clone Checks-\ + \ Quickly duplicate an existing check to use as a template for a new one.\n -\ + \ Batch Upsert- Create or update multiple custom posture checks in a single API\ + \ call for efficient bulk management.\n - Batch Delete- Remove multiple posture\ + \ checks simultaneously.\n\n**Note** These endpoints are strictly for the management\ + \ and reporting of Custom Posture Checks and require a Pro license.\n\n**Coming\ + \ Soon** Compliance Management and Reporting\n\n We are continuously expanding\ + \ our API capabilities to help you maintain a robust security posture. Soon,\n\ + \ we will be introducing endpoints for Compliance Management and Reporting. This\ + \ upcoming feature set will \n allow organizations to automatically map their\ + \ network security configurations and posture check results\n directly against\ + \ major regulatory frameworks and compliance standards, streamlining audit preparations,\ + \ \n continuous compliance tracking and evidence collection.\n This Open API\ + \ spec file was created on April 10, 2026. \xA9 2026 Palo Alto Networks, Inc.\ + \ Palo Alto Networks \n is a registered trademark of Palo Alto Networks. \n \ + \ A list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html.\ + \ \n All other marks mentioned herein may be trademarks of their respective companies.\ + \ This Open API spec file was created on May 18, 2026. \xA9 2026 Palo Alto Networks,\ \ Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list\ \ of our trademarks can be found at [https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html).\ \ All other marks mentioned herein may be trademarks of their respective companies." @@ -69,337 +98,19 @@ components: format: uuid description: The request ID for troubleshooting purposes. example: eb18eb0c-d5b7-43f3-9e38-38464ee11e2f - PostureCheck: - type: object - required: - - id - - name - - object_type - - type - - severity - properties: - id: - type: string - description: Unique identifier for the posture check. - example: '1001' - name: - type: string - description: Human-readable name of the posture check. - example: Security Rule has logging enabled - description: - type: string - description: Detailed description of what the check validates. - rationale: - type: string - description: Explanation of why this check is important. - object_type: - type: string - description: The configuration object type this check applies to. - example: security_rule - type: - type: string - enum: - - custom - - predefined - description: Whether this is a custom or predefined check. - severity: - type: string - enum: - - Critical - - High - - Warning - - Informational - description: Severity level of the check. - management_type: - type: string - enum: - - cloud - - panorama - description: Management platform this check applies to. - sub_type: - type: string - description: Sub-category of the check. - action: - type: string - enum: - - alert - - failCommit - description: Action to take when check fails. - data: - type: object - additionalProperties: true - description: Check rule definition/expression (custom checks only). - fields_affected: - type: array - items: - type: string - description: List of config fields this check evaluates. - recommendation: - type: string - description: Recommended action for this check. - impact: - type: string - description: Impact description if the check fails. - created_at: - type: string - format: date-time - description: Timestamp when the check was created. - updated_at: - type: string - format: date-time - description: Timestamp when the check was last updated. - PostureCheckCreateRequest: - type: object - required: - - name - - object_type - - data - - severity - properties: - name: - type: string - description: Human-readable name of the posture check. - description: - type: string - rationale: - type: string - object_type: - type: string - description: The configuration object type this check applies to. - sub_type: - type: string - description: Sub-category of the check. - severity: - type: string - enum: - - Critical - - High - - Warning - - Informational - management_type: - type: string - enum: - - cloud - - panorama - default: cloud - action: - type: string - enum: - - alert - - failCommit - default: alert - data: - type: object - additionalProperties: true - description: Check rule definition/expression. - sub_feature: - type: object - additionalProperties: true - description: Sub-feature configuration for rule-specific checks. - PostureCheckUpdateRequest: - type: object - required: - - name - - object_type - - data - - severity - properties: - name: - type: string - description: - type: string - rationale: - type: string - object_type: - type: string - sub_type: - type: string - severity: - type: string - enum: - - Critical - - High - - Warning - - Informational - management_type: - type: string - enum: - - cloud - - panorama - action: - type: string - enum: - - alert - - failCommit - data: - type: object - additionalProperties: true - sub_feature: - type: object - additionalProperties: true - PostureCheckCloneRequest: - type: object - properties: - name: - type: string - description: Optional new name for the cloned check. Defaults to "{original_name} - (Copy)". - maxLength: 256 - PostureCheckBatchUpsertRequest: - type: object - required: - - checks - properties: - checks: - type: array - items: - $ref: '#/components/schemas/PostureCheckUpsertItem' - minItems: 1 - maxItems: 100 - description: Array of posture checks to create or update. - PostureCheckUpsertItem: - type: object - required: - - name - - object_type - - data - - severity - properties: - id: - type: string - description: If provided, the check will be updated. If omitted, a new check - will be created. - name: - type: string - description: - type: string - rationale: - type: string - object_type: - type: string - sub_type: - type: string - severity: - type: string - enum: - - Critical - - High - - Warning - - Informational - management_type: - type: string - enum: - - cloud - - panorama - default: cloud - action: - type: string - enum: - - alert - - failCommit - default: alert - data: - type: object - additionalProperties: true - fields_affected: - type: array - items: - type: string - sub_feature: - type: object - additionalProperties: true - PostureCheckBatchUpsertResponse: - type: object - properties: - created: - type: array - items: - $ref: '#/components/schemas/PostureCheck' - description: List of newly created posture checks. - updated: - type: array - items: - $ref: '#/components/schemas/PostureCheck' - description: List of updated posture checks. - errors: - type: array - items: - $ref: '#/components/schemas/BatchOperationError' - description: List of errors for checks that failed to create/update. - PostureCheckBatchDeleteRequest: - type: object - required: - - ids - properties: - ids: - type: array - items: - type: string - minItems: 1 - maxItems: 100 - description: Array of posture check IDs to delete. - PostureCheckBatchDeleteResponse: - type: object - properties: - deleted: - type: array - items: - type: string - description: List of successfully deleted posture check IDs. - errors: - type: array - items: - $ref: '#/components/schemas/BatchOperationError' - description: List of errors for checks that failed to delete. - BatchOperationError: - type: object - properties: - id: - type: string - description: The ID or index of the item that failed. - message: - type: string - description: Error message describing why the operation failed. - PostureCheckListResponse: - type: object - properties: - data: - type: array - items: - $ref: '#/components/schemas/PostureCheck' - total: - type: integer - description: Total number of posture checks matching the query. - limit: - type: integer - description: Maximum number of results returned. - offset: - type: integer - description: Number of results skipped. ExternalTags: Config File Upload: title: Config File Upload description: Config file upload for BPA result tags: - Config File Upload - Custom Posture Checks: - title: Custom Posture Checks - description: Operations for managing custom posture checks including CRUD and - batch operations. - tags: - - Custom Posture Checks paths: /posture/checks/v1/reports/config-file-upload: post: summary: Initiate a Configuration Upload - description: "Generates a tracking Identifier and a presigned GCS Uniform Resource\ - \ Locator for file upload using device metadata.\n\n## Using the Signed Uniform\ - \ Resource Locator\n\nAfter receiving the `upload_url` in the response, upload\ - \ your Configuration file using a PUT request:\n\n```bash\ncurl -X PUT \"\ - \" \\\n -H \"Content-Type: plain/text\" \\\n -H \"Content-Encoding:\ - \ gzip\" \\\n --data-binary @/path/to/your/Configuration.xml\n```\n\n**Required\ - \ headers:**\n- `Content-Type: plain/text`\n- `Content-Encoding: gzip`." - operationId: InitiateConfigUpload + description: Generates a tracking Identifier and a presigned GCS Uniform Resource + Locator for file upload using device metadata. + operationId: initiateConfigUpload responses: '201': description: Successfully initiated config upload. @@ -464,7 +175,7 @@ paths: summary: Get BPA Processing Status description: Returns the status (QUEUED, IN_PROGRESS, COMPLETED, FAILED) and final result. - operationId: GetBpaResultByID + operationId: getBpaResult responses: '200': description: Status retrieved successfully. @@ -509,364 +220,3 @@ paths: description: The task ID provided during initiation. tags: - Config File Upload - /posture/checks/v1: - get: - summary: List Posture Checks - description: Returns a paginated list of posture checks (both custom and predefined). - operationId: ListPostureChecks - responses: - '200': - description: List of posture checks. - content: - application/json: - schema: - $ref: '#/components/schemas/PostureCheckListResponse' - '400': - description: Bad request. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - parameters: - - in: query - name: type - schema: - type: string - enum: - - custom - - predefined - description: Filter by check type. - - in: query - name: object_type - schema: - type: string - description: Filter by configuration object type (e.g., "security_rule", "address"). - - in: query - name: severity - schema: - type: string - enum: - - Critical - - High - - Warning - - Informational - description: Filter by severity level. - - in: query - name: management_type - schema: - type: string - enum: - - cloud - - panorama - description: Filter by management platform. - - in: query - name: limit - schema: - type: integer - minimum: 1 - maximum: 200 - default: 100 - description: Maximum number of results to return. - - in: query - name: offset - schema: - type: integer - minimum: 0 - default: 0 - description: Number of results to skip for pagination. - tags: - - Custom Posture Checks - post: - summary: Create Posture Check - description: Creates a new custom posture check. Requires SCM Pro license. - operationId: CreatePostureChecks - responses: - '201': - description: Posture check created successfully. - content: - application/json: - schema: - $ref: '#/components/schemas/PostureCheck' - '400': - description: Bad request - validation error. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden - SCM Pro license required. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - parameters: [] - tags: - - Custom Posture Checks - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/PostureCheckCreateRequest' - /posture/checks/v1/{id}: - get: - summary: Get Posture Check - description: Returns a specific posture check by Identifier. - operationId: GetPostureChecksByID - responses: - '200': - description: Posture check details. - content: - application/json: - schema: - $ref: '#/components/schemas/PostureCheck' - '404': - description: Posture check not found. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - parameters: - - in: path - name: id - schema: - type: string - required: true - description: The posture check ID. - tags: - - Custom Posture Checks - put: - summary: Update Posture Check - description: Updates an existing custom posture check. Requires SCM Pro license. - operationId: UpdatePostureChecksByID - responses: - '200': - description: Posture check updated successfully. - content: - application/json: - schema: - $ref: '#/components/schemas/PostureCheck' - '400': - description: Bad request - validation error. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden - SCM Pro license required. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '404': - description: Posture check not found. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - parameters: - - in: path - name: id - schema: - type: string - required: true - description: The posture check ID. - tags: - - Custom Posture Checks - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/PostureCheckUpdateRequest' - delete: - summary: Delete Posture Check - description: Deletes a custom posture check. Requires SCM Pro license. - operationId: DeletePostureChecksByID - responses: - '204': - description: Posture check deleted successfully. - '403': - description: Forbidden - SCM Pro license required. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '404': - description: Posture check not found. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - parameters: - - in: path - name: id - schema: - type: string - required: true - description: The posture check ID. - tags: - - Custom Posture Checks - /posture/checks/v1/{id}:clone: - post: - summary: Clone Posture Check - description: Creates a copy of an existing posture check with a new Identifier. - Requires SCM Pro license. - operationId: ClonePostureChecksByID - responses: - '201': - description: Posture check cloned successfully. - content: - application/json: - schema: - $ref: '#/components/schemas/PostureCheck' - '400': - description: Bad request - validation error (e.g., duplicate name). - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden - SCM Pro license required. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '404': - description: Posture check not found. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - parameters: - - in: path - name: id - schema: - type: string - required: true - description: The posture check ID to clone. - tags: - - Custom Posture Checks - requestBody: - required: false - content: - application/json: - schema: - $ref: '#/components/schemas/PostureCheckCloneRequest' - /posture/checks/v1/batch-upsert: - post: - summary: Batch Upsert Posture Checks - description: Creates or updates multiple posture checks in a single call. Objects - with an existing Identifier will be updated, new objects will be created. - Requires SCM Pro license. - operationId: BatchUpsertPostureChecks - responses: - '200': - description: Batch upsert completed. - content: - application/json: - schema: - $ref: '#/components/schemas/PostureCheckBatchUpsertResponse' - '400': - description: Bad request - validation error. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden - SCM Pro license required. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - parameters: [] - tags: - - Custom Posture Checks - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/PostureCheckBatchUpsertRequest' - /posture/checks/v1/batch-delete: - post: - summary: Batch Delete Posture Checks - description: Deletes multiple posture checks in a single call. Requires SCM - Pro license. - operationId: BatchDeletePostureChecks - responses: - '200': - description: Batch delete completed. - content: - application/json: - schema: - $ref: '#/components/schemas/PostureCheckBatchDeleteResponse' - '400': - description: Bad request - validation error. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden - SCM Pro license required. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error. - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - parameters: [] - tags: - - Custom Posture Checks - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/PostureCheckBatchDeleteRequest' diff --git a/products/scm/sidebars.ts b/products/scm/sidebars.ts index 547c4a844..d1a12da1e 100644 --- a/products/scm/sidebars.ts +++ b/products/scm/sidebars.ts @@ -307,14 +307,7 @@ module.exports = { type: "category", label: "Checks", collapsed: true, - items: [ - { - type: "category", - label: "Reports", - collapsed: true, - items: [require("./api/config/posture-management/sidebar")], - }, - ], + items: [require("./api/config/posture-management/sidebar")], }, ], },