Proposal: Add version_item Element to PAN-OS OVAL Schema #283#331
Open
sharathshivalingappa wants to merge 1 commit into
Conversation
A-Biggs
requested changes
May 29, 2026
| <xsd:complexContent> | ||
| <xsd:extension base="oval-def:StateType"> | ||
| <xsd:sequence> | ||
| <xsd:element name="major_version" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> |
Contributor
There was a problem hiding this comment.
I believe EntityStateIntType should be EntityItemIntType.
| <xsd:documentation>The major_version entity is used to check the major version piece of the version string. The value is an integer and in the example 10.1.14-h9 the major version is '10'.</xsd:documentation> | ||
| </xsd:annotation> | ||
| </xsd:element> | ||
| <xsd:element name="minor_version" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> |
Contributor
There was a problem hiding this comment.
I believe EntityStateIntType should be EntityItemIntType.
| <xsd:documentation>The minor_version entity is used to check the minor version piece of the version string. The value is an integer and in the example 10.1.14-h9 the minor version is '1'.</xsd:documentation> | ||
| </xsd:annotation> | ||
| </xsd:element> | ||
| <xsd:element name="release" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> |
Contributor
There was a problem hiding this comment.
I believe EntityStateIntType should be EntityItemIntType.
| <xsd:documentation>The release entity is used to check the release piece of the version string. The value is an integer and in the example 10.1.14-h9 the release is '14'.</xsd:documentation> | ||
| </xsd:annotation> | ||
| </xsd:element> | ||
| <xsd:element name="hotfix" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1"> |
Contributor
There was a problem hiding this comment.
I believe EntityStateIntType should be EntityItemIntType.
| <xsd:documentation>The hotfix entity is used to check the hotfix piece of the version string. The value is an integer and in the example 10.1.14-h9 the hotfix is '9'.</xsd:documentation> | ||
| </xsd:annotation> | ||
| </xsd:element> | ||
| <xsd:element name="version_string" type="oval-def:EntityStateAnySimpleType" minOccurs="0" maxOccurs="1"> |
Contributor
There was a problem hiding this comment.
I believe EntityStateAnySimpleType should be EntityItemAnySimpleType.
| <xsd:documentation>The version_string entity is used to check the sw-version raw string output of a PAN-OS XML API request. The value is an string and the example 10.1.14-h9. This is entirely controlled by operator attributes.</xsd:documentation> | ||
| </xsd:annotation> | ||
| </xsd:element> | ||
| <xsd:element name="model_name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1"> |
Contributor
There was a problem hiding this comment.
I believe EntityStateStringType should be EntityItemStringType
| </xsd:annotation> | ||
| <xsd:complexType> | ||
| <xsd:complexContent> | ||
| <xsd:extension base="oval-def:StateType"> |
Contributor
There was a problem hiding this comment.
I believe StateType should be ItemType
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Abstarct
This PR enhances the PAN-OS OVAL schema by introducing a new element
version_itemin both definitions and system-characteristics schemas. As per the current PAN-OS XSD Statement (OVAL 5.12 and 6.0), the<config_item>element only collects information from:This API is not sufficient to capture full system information.
Real-Time System Analysis Summary:
config_itemDeviceName,DeviceVersion, etc., is missing in the response.version_itemModel Name,Device Version,License Status, etc.➡️
version_itemis proposed as a new schema element to bridge this gap.Real-Time Device Analysis (PA-VM - PAN-OS v11.0.5)
Example CLI Output:
admin@PA-VM> show system info hostname: PA-VM ip-address: 192.168.122.26 family: vm model: PA-VM serial: unknown vm-license: none sw-version: 11.0.5Example API Request Flow:
Example Configuration Output:
➡️ As seen above,
sw-versionand other critical system information are not represented in the configuration XML — hence the need forversion_item.Changes Introduced
version_iteminpanos-definitions-schema.xsdversion_iteminpanos-system-characteristics-schema.xsd