Schedule filter for expired by days ago
bethatasitmay opened this issue · 6 comments
Is your feature request related to a problem?
Yes. We are required to remove rules that have schedules that expired more than 90 days ago (in other words, only schedules that have expired within 90 days plus any that expire in the future should be in the policy).
Describe the solution you'd like
I'd like an automated way to filter on rules with schedules that have expired more than 90 days ago so that I may perform various actions on them.
Describe alternatives you've considered
Currently, we do some of this manually: filter policy by schedule names (we name our schedules with the expiration date) and manually tag rules
Afterward, we use PAN-OS-PHP to run an exportToExcel report of to-be-deleted rules and then delete the tagged rules.
Additional context
It can take a long time to manually filter and tag rules. Plus rules can be missed or tagged in error. Automating this part with PAN-OS-PHP would greatly speed up the process and reduce/eliminate errors.
please check if the actual fix in develop docker container is helping you.
after this I will publish this next week in the latest docker container:
docker run --name panosphp --rm -v ${PWD}:/share -it swaschkut/pan-os-php:develop
all rules with schedule expired 90 days ago and also in future:
pan-os-php type=rule in=api://mgmt-IP 'filter=(schedule.expire.in.days > -90)' location=any
all rules with schedule expired 90days ago and until now
pan-os-php type=rule in=api://mgmt-IP 'filter=(schedule.expire.in.days > -90) and (schedule.expire.in.days < 0)' location=any
That looks like it would do it - it's very similar to the timestamp filter.
I'm still working on getting my employer to approve going with the Docker solution, so I'll just have to wait to try it (although please see my Discussion Q&A topic I posted a few minutes ago regarding PowerShell, please).
I don't think I read the filters correctly. I want a filter for older than 90 days ago. So, not 90 days ago to present but more than 90 days ago (91 days ago to past).
Right now, I manually filter all of the schedules that expire more than 90 days ago. For example, here are my schedules that meet this criterion:
EXP-2021-05-01
EXP-2021-06-17
EXP-2021-12-15
EXP-2021-12-31
EXP-2022-01-10
EXP-2022-01-17
EXP-2022-01-31
EXP-2022-02-28
EXP-2022-03-21
EXP-2022-03-31
EXP-2022-04-09
EXP-2022-05-03
EXP-2022-05-13
EXP-2022-06-01
EXP-2022-07-10
90 days ago from now is 2022-07-11 - so I would like to filter older than that date.
all this is mathematical logic, and already implemented;
use the existing one:
pan-os-php type=rule in=api://mgmt-IP 'filter=(schedule.expire.in.days < -90)' location=any
some background:
example calculation
1) NOW
| Unix Timestamp | 1665352800 |
|---|---|
| GMT | Sun Oct 09 2022 22:00:00 GMT+0000 |
2) -90 Days from now
| Unix Timestamp | 1657576800 |
|---|---|
| GMT | Mon Jul 11 2022 22:00:00 GMT+0000 |
- 90 days
Unix Timestamp | 7776000
if you have now schedule which expire on 2021-05-01, then:
| Unix Timestamp | 1619820000 |
|---|---|
| GMT | Fri Apr 30 2021 22:00:00 GMT+0000 |
mathematical calculation in the background:
- 2021-05-01 < (2022-10-09 - 90days)
- 2021-05-01 < 2022-07-21
Unix Timestamp
- 1619820000 < ( 1665352800 - 7776000 )
- 1619820000 < 1657576800
I guess I was too tired when I looked at it (I don't know why I didn't think to flip the > ) - makes sense and it worked. Thanks!