Skip to main content

Using Filters Workflow

Choose language for code snippet

Python Php Go

In this section we present a workflow example to create a set of filters with one goal in mind. During the development of this section, we will learn on the usage of predefined filters, simple filters, complex filters and combination filters; as well on the task related to their creation, monitoring on their execution state and collection of filtered results.

This code can be found at the following link:

https://conversionupdates.paloaltonetworks.com/expedition2/examples/workflows.zip

Preamble A. Filter characteristics#

Expedition 2 allows creating filters on the different objects that a configuration contains. restrict the target of actions, specifying the objects that should appear in reports, identifying objects that should be deleted, etc. One filters may be desirable for multiple goals, therefore, the filters have been designed for sharing and reuse.

As main characteristics, we can state that filters are

  • named, so we can identify them and refer to them
  • executed in background, as tasks that can be monitored and are non-blocking
  • stored, so we can get back to the results of a filter at any given point
  • reusable, in order to combine them in other filters
  • exportable between projects and between Expeditions, to be shared in the community or applied to multiple projects in an easy manner

Preamble B. Filters Types#

Filter TypeDescriptionExample
PredefinedPredefined filters. This do not require parameters as the logic is intrinsic to the filterfi1: [address] is ipv4
SimpleFilters that specifyfi2: [address,addressGroup] name contains 'DNS'
CombinationFilters that use other filters' results to evaluate the filter logicfi3: [securityRule] source contains filter 'fi2'
OperationFilters that perform boolean logic operations on other defined filtersfi4: (filter 'fi1' and filter 'fi2') or filter 'fi3'
Last updated on by Didac Gil de la Iglesia