PaloAltoNetworks · alperenkose · Oct 21, 2024 · Oct 18, 2024
diff --git a/...ices/IncidentFields/incidentfield-PAN-OS_Network_Operations_-_Panorama_Instance_Name.json b/...ices/IncidentFields/incidentfield-PAN-OS_Network_Operations_-_Panorama_Instance_Name.json
@@ -0,0 +1,68 @@
+{
+	"XDRBuiltInField": false,
+	"XsiamIncidentFieldExtraData": {
+		"incidentsFilter": null,
+		"slaGoals": null,
+		"slaTimer": null,
+		"timerConditions": null
+	},
+	"aliasTo": "",
+	"aliases": null,
+	"associatedToAll": false,
+	"associatedTypes": [
+		"PAN-OS Network Operations - Device Upgrade",
+		"PAN-OS Network Operations - Upgrade Assurance"
+	],
+	"autoCompleteTags": null,
+	"breachScript": "",
+	"cacheVersn": 0,
+	"caseInsensitive": true,
+	"cliName": "panosnetworkoperationspanoramainstancename",
+	"closeForm": false,
+	"columns": null,
+	"content": false,
+	"defaultRows": null,
+	"definitionId": "",
+	"description": "The XSOAR PAN-OS integration instance used in playbook",
+	"editForm": true,
+	"fieldCalcScript": "GetPanoramaInstances",
+	"fromServerVersion": "",
+	"group": 0,
+	"hidden": false,
+	"id": "incident_panosnetworkoperationspanoramainstancename",
+	"ipVersion": "",
+	"isReadOnly": false,
+	"itemVersion": "",
+	"locked": false,
+	"mergeStrategy": "",
+	"name": "PAN-OS Network Operations - Panorama Instance Name",
+	"neverSetAsRequired": false,
+	"openEnded": false,
+	"orgType": "singleSelect",
+	"ownerOnly": false,
+	"packID": "",
+	"packName": "",
+	"placeholder": "",
+	"pretty_name": "PAN-OS Network Operations - Panorama Instance Name",
+	"required": false,
+	"runScriptAfterUpdate": false,
+	"script": "",
+	"selectValues": [
+		""
+	],
+	"selectValuesMap": null,
+	"sla": 0,
+	"system": false,
+	"systemAssociatedTypes": null,
+	"template": "",
+	"threshold": 72,
+	"toServerVersion": "",
+	"type": "singleSelect",
+	"unmapped": false,
+	"unsearchable": false,
+	"useAsKpi": false,
+	"validatedError": "",
+	"validationRegex": "",
+	"version": -1,
+	"x2_fields": ""
+}
diff --git a/...Upgrade_Services/Layouts/layoutscontainer-PAN-OS_Network_Operations_-_Device_Upgrade.json b/...Upgrade_Services/Layouts/layoutscontainer-PAN-OS_Network_Operations_-_Device_Upgrade.json
@@ -713,7 +713,7 @@
 						"isVisible": true
 					},
 					{
-						"fieldId": "incident_panosnetworkoperationspanoramainstance",
+						"fieldId": "incident_panosnetworkoperationspanoramainstancename",
 						"isVisible": true
 					}
 				],

diff --git a/...rvices/Layouts/layoutscontainer-PAN-OS_Network_Operations_-_Upgrade_Assurance_Layout.json b/...rvices/Layouts/layoutscontainer-PAN-OS_Network_Operations_-_Upgrade_Assurance_Layout.json
@@ -547,7 +547,7 @@
 						"isVisible": true
 					},
 					{
-						"fieldId": "incident_panosnetworkoperationspanoramainstance",
+						"fieldId": "incident_panosnetworkoperationspanoramainstancename",
 						"isVisible": true
 					}
 				],

diff --git a/Packs/PAN_OS_Upgrade_Services/Playbooks/PAN-OS_Network_Operations_-_Device_Upgrade.yml b/Packs/PAN_OS_Upgrade_Services/Playbooks/PAN-OS_Network_Operations_-_Device_Upgrade.yml
@@ -1,5 +1,14 @@
 description: Upgrades a single or HA pair of PAN-OS firewalls.
+dirtyInputs: true
 id: PAN-OS Network Operations - Device Upgrade
+inputSections:
+- description: Generic group for inputs
+  inputs:
+  - target_device
+  - peer_device
+  - target_version
+  - panorama_instance
+  name: General (Inputs group)
 inputs:
 - description: Target Firewall for upgrade
   key: target_device
@@ -19,7 +28,17 @@ inputs:
   required: false
   value:
     simple: ${incident.panosnetworkoperationsupgradetargetversion}
+- description: Instance name for Panorama Integration to use
+  key: panorama_instance
+  playbookInputQuery: null
+  required: false
+  value:
+    simple: ${incident.panosnetworkoperationspanoramainstancename}
 name: PAN-OS Network Operations - Device Upgrade
+outputSections:
+- description: Generic group for outputs
+  name: General (Outputs group)
+  outputs: []
 outputs: []
 starttaskid: "0"
 tasks:
@@ -49,7 +68,7 @@ tasks:
       {
         "position": {
           "x": 520,
-          "y": -3250
+          "y": -3070
         }
       }
   "40":
@@ -374,6 +393,9 @@ tasks:
       - "59"
     note: false
     quietmode: 0
+    scriptarguments:
+      instance:
+        simple: ${inputs.panorama_instance}
     separatecontext: false
     skipunavailable: false
     task:
@@ -396,16 +418,16 @@ tasks:
           "y": -1930
         }
       }
-version: 9
+version: 10
 view: |-
   {
     "linkLabelsPosition": {},
     "paper": {
       "dimensions": {
-        "height": 1945,
+        "height": 1765,
         "width": 610,
         "x": 520,
-        "y": -3250
+        "y": -3070
       }
     }
   }
diff --git a/Packs/PAN_OS_Upgrade_Services/Playbooks/PAN-OS_Network_Operations_-_Upgrade_Assurance.yml b/Packs/PAN_OS_Upgrade_Services/Playbooks/PAN-OS_Network_Operations_-_Upgrade_Assurance.yml
@@ -2,14 +2,30 @@ description: Runs a series of tests based on the upgrade assurance commands and
   if any fail - also generates reports and other information that is useful in the
   assurance process.
 id: PAN-OS Network Operations - Upgrade Assurance
+inputSections:
+- description: Generic group for inputs
+  inputs:
+  - target
+  - panorama_instance
+  name: General (Inputs group)
 inputs:
 - description: Target firewall - helpful if running this playbook in a loop.
   key: target
   playbookInputQuery: null
   required: true
   value:
     simple: ${incident.panosnetworkoperationstarget}
+- description: Instance name for Panorama Integration to use
+  key: panorama_instance
+  playbookInputQuery: null
+  required: false
+  value:
+    simple: ${incident.panosnetworkoperationspanoramainstancename}
 name: PAN-OS Network Operations - Upgrade Assurance
+outputSections:
+- description: Generic group for outputs
+  name: General (Outputs group)
+  outputs: []
 outputs: []
 starttaskid: "0"
 tasks:
@@ -21,7 +37,7 @@ tasks:
     isoversize: false
     nexttasks:
       '#none#':
-      - "9"
+      - "11"
     note: false
     quietmode: 0
     separatecontext: false
@@ -39,7 +55,7 @@ tasks:
       {
         "position": {
           "x": 450,
-          "y": 50
+          "y": -370
         }
       }
   "6":
@@ -251,16 +267,93 @@ tasks:
           "y": 880
         }
       }
-version: 29
+  "11":
+    conditions:
+    - condition:
+      - - left:
+            iscontext: true
+            value:
+              simple: incident.panosnetworkoperationspanoramainstance
+          operator: isNotEmpty
+          right:
+            value: {}
+      label: yes
+    continueonerrortype: ""
+    id: "11"
+    ignoreworker: false
+    isautoswitchedtoquietmode: false
+    isoversize: false
+    nexttasks:
+      '#default#':
+      - "12"
+      yes:
+      - "9"
+    note: false
+    quietmode: 0
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: ""
+      id: 7a614239-695e-4796-8ab7-377f82056013
+      iscommand: false
+      name: Is Panorama Instance Set?
+      type: condition
+      version: -1
+    taskid: 7a614239-695e-4796-8ab7-377f82056013
+    timertriggers: []
+    type: condition
+    view: |-
+      {
+        "position": {
+          "x": 450,
+          "y": -220
+        }
+      }
+  "12":
+    continueonerrortype: ""
+    id: "12"
+    ignoreworker: false
+    isautoswitchedtoquietmode: false
+    isoversize: false
+    nexttasks:
+      '#none#':
+      - "9"
+    note: false
+    quietmode: 0
+    scriptarguments:
+      instance:
+        simple: ${inputs.panorama_instance}
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: ""
+      description: "This will set the Panorama instance field (panosnetworkoperationspanoramainstance) if it isn't already set.  "
+      id: d191eeb8-f8e3-4299-8244-3c0ccf7c9470
+      iscommand: false
+      name: Set Panorama Instance
+      script: SetPanoramaInstance
+      type: regular
+      version: -1
+    taskid: d191eeb8-f8e3-4299-8244-3c0ccf7c9470
+    timertriggers: []
+    type: regular
+    view: |-
+      {
+        "position": {
+          "x": 450,
+          "y": 20
+        }
+      }
+version: 30
 view: |-
   {
     "linkLabelsPosition": {},
     "paper": {
       "dimensions": {
-        "height": 925,
+        "height": 1345,
         "width": 790,
         "x": 450,
-        "y": 50
+        "y": -370
       }
     }
   }
diff --git a/Packs/PAN_OS_Upgrade_Services/Scripts/GetPanoramaInstances/GetPanoramaInstances.py b/Packs/PAN_OS_Upgrade_Services/Scripts/GetPanoramaInstances/GetPanoramaInstances.py
@@ -0,0 +1,48 @@
+import demistomock as demisto  # noqa: F401
+from CommonServerPython import *  # noqa: F401
+from typing import Dict, Any
+import traceback
+
+
+def get_panorama_instances() -> Dict[str, Any]:
+    """
+        Get instances of Panorama integration for SingleSelect field.
+
+        :rtype: ``dict``
+        :return: dict with the ids as options for SingleSelect field e.g
+        {"hidden": False, "options": sorted(panorama_instance_names)}
+    """
+    res = demisto.executeCommand("GetInstanceName", {
+        "integration_name": "Panorama",
+        "return_all_instances": True
+    })
+    if is_error(res):
+        return_error(get_error(res))
+
+    if not res:
+        raise DemistoException('Got an empty list object after executing the command !GetPanoramaInstances')
+
+    panorama_instances = res[0].get('Contents', [])
+
+    panorama_instance_names = []
+    # panorama_instances is a list of dict(instanceName, integrationName)
+    for instance in panorama_instances:
+        panorama_instance_names.append(instance.get('instanceName'))
+
+    return {"hidden": False, "options": sorted(panorama_instance_names)}
+
+
+def main():
+    try:
+        result = get_panorama_instances()
+        return_results(result)
+
+    except Exception as ex:
+        demisto.error(traceback.format_exc())  # print the traceback
+        return_error(f'Failed to execute GetPanoramaInstances. Error: {str(ex)}')
+
+
+''' ENTRY POINT '''
+
+if __name__ in ('__main__', '__builtin__', 'builtins'):
+    main()
diff --git a/Packs/PAN_OS_Upgrade_Services/Scripts/GetPanoramaInstances/GetPanoramaInstances.yml b/Packs/PAN_OS_Upgrade_Services/Scripts/GetPanoramaInstances/GetPanoramaInstances.yml
@@ -0,0 +1,18 @@
+comment: Gets all instances of Panorama integration, in the output format of a single select field.
+commonfields:
+  id: GetPanoramaInstances
+  version: -1
+dockerimage: demisto/python3:3.11.10.111526
+enabled: true
+engineinfo: {}
+mainengineinfo: {}
+name: GetPanoramaInstances
+pswd: ''
+runas: DBotWeakRole
+runonce: false
+script: ''
+scripttarget: 0
+subtype: python3
+tags:
+- field-display
+type: python
diff --git a/Packs/PAN_OS_Upgrade_Services/Scripts/GetPanoramaInstances/README.md b/Packs/PAN_OS_Upgrade_Services/Scripts/GetPanoramaInstances/README.md
diff --git a/Packs/PAN_OS_Upgrade_Services/Scripts/SetPanoramaInstance/SetPanoramaInstance.py b/Packs/PAN_OS_Upgrade_Services/Scripts/SetPanoramaInstance/SetPanoramaInstance.py
@@ -7,6 +7,7 @@
     args = demisto.args()
     integration = args.get('integration')
     field_name = args.get('field')
+    instance_name = args.get('instance')
     override = argToBoolean(args.get('override'))
 
     # find the current field value
@@ -27,8 +28,12 @@
         if data.get('brand', '') == integration and data.get('state', '') == 'active':
             instance_names.append(name)
 
-    # if multiple active instances, join to preserve the default 'using' behavior
-    instance_names = ','.join(instance_names)
+    # if a specific instance is requested expilicitly
+    if instance_name and instance_name in instance_names:
+        instance_names = instance_name
+    else:
+        # if multiple active instances, join to preserve the default 'using' behavior
+        instance_names = ','.join(instance_names)
 
     if not current_value or override:
         execute_command('setIncident', {field_name: instance_names})