diff --git a/oval-schemas/panos-definitions-schema.xsd b/oval-schemas/panos-definitions-schema.xsd
index 4d5604e..28de303 100644
--- a/oval-schemas/panos-definitions-schema.xsd
+++ b/oval-schemas/panos-definitions-schema.xsd
@@ -5,7 +5,7 @@
xmlns:panos-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#panos"
xmlns:sch="http://purl.oclc.org/dsdl/schematron"
targetNamespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#panos"
- elementFormDefault="qualified" version="5.12.2">
+ elementFormDefault="qualified" version="5.12.3">
@@ -24,8 +24,8 @@
Palo Alto (PAN-OS) Definitions
- 5.12.2
- 11/25/2025 09:00:00 AM
+ 5.12.3
+ 05/29/2026 09:00:00 AM
For the portion subject to the copyright in the United States: Copyright (c) 2016 United States Government.
All rights reserved. Copyright (c) 2016, Center for Internet Security. All rights reserved. The contents of
@@ -168,4 +168,97 @@
+
+
+
+
+
+
+ The version_test is used to check the version from a PAN-OS XML API request.
+ This is a request to the API at "https://[PAN-OS-DEVICE]/api/?type=op&cmd=<show><system><info></info></system></show>".
+ The response to this request is an XML payload rooted with a "response" element and including device-specific information.
+ It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a version_object and the optional state element specifies the data to check.
+
+
+ version_test
+ version_object
+ version_state
+ version_item
+
+
+
+
+
+ - the object child element of a version_test must reference a version_object
+
+
+ - the state child element of a version_test must reference a version_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The version_object element is used by a version_test to define the different version information associated with an PANOS system. There is actually only one object relating to version and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check version will reference the same version_object which is basically an empty object element.
+
+
+
+
+
+
+
+
+
+ The version_state element defines the version information held within a PANOS Release.
+
+
+
+
+
+
+
+ The major_version entity is used to check the major version piece of the version string. The value is an integer and in the example 10.1.14-h9 the major version is '10'.
+
+
+
+
+ The minor_version entity is used to check the minor version piece of the version string. The value is an integer and in the example 10.1.14-h9 the minor version is '1'.
+
+
+
+
+ The release entity is used to check the release piece of the version string. The value is an integer and in the example 10.1.14-h9 the release is '14'.
+
+
+
+
+ The Hotfix entity is used to check the hotfix piece of the version string. The value is an integer and in the example 10.1.14-h9 the hotfix is '9'.
+
+
+
+
+ The version_string entity is used to check the sw-version raw string output of a PAN-OS XML API request. The value is an string and the example 10.1.14-h9
+
+
+
+
+ The model_name entity is used to check the model string output of a PAN-OS XML API request.
+
+
+
+
+
+
+
diff --git a/oval-schemas/panos-system-characteristics-schema.xsd b/oval-schemas/panos-system-characteristics-schema.xsd
index b5e0149..08860ca 100644
--- a/oval-schemas/panos-system-characteristics-schema.xsd
+++ b/oval-schemas/panos-system-characteristics-schema.xsd
@@ -4,7 +4,7 @@
xmlns:panos-sc="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#panos"
xmlns:sch="http://purl.oclc.org/dsdl/schematron"
targetNamespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#panos"
- elementFormDefault="qualified" version="5.12.2">
+ elementFormDefault="qualified" version="5.12.3">
@@ -19,8 +19,8 @@
Palo Alto (PAN-OS) Definitions
- 5.12.2
- 11/25/2025 09:00:00 AM
+ 5.12.3
+ 05/29/2026 09:00:00 AM
For the portion subject to the copyright in the United States: Copyright (c) 2016 United States Government.
All rights reserved. Copyright (c) 2016, Center for Internet Security. All rights reserved. The contents of
@@ -63,4 +63,51 @@
+
+
+
+
+
+
+ This item stores results from checking the contents of an XML configuration.
+
+
+
+
+
+
+
+ The major_version entity is used to check the major version piece of the version string. The value is an integer and in the example 10.1.14-h9 the major version is '10'.
+
+
+
+
+ The minor_version entity is used to check the minor version piece of the version string. The value is an integer and in the example 10.1.14-h9 the minor version is '1'.
+
+
+
+
+ The release entity is used to check the release piece of the version string. The value is an integer and in the example 10.1.14-h9 the release is '14'.
+
+
+
+
+ The hotfix entity is used to check the hotfix piece of the version string. The value is an integer and in the example 10.1.14-h9 the hotfix is '9'.
+
+
+
+
+ The version_string entity is used to check the sw-version raw string output of a PAN-OS XML API request. The value is an string and the example 10.1.14-h9. This is entirely controlled by operator attributes.
+
+
+
+
+ The model_name entity is used to check the model string output of a PAN-OS XML API request.
+
+
+
+
+
+
+