diff --git a/Pipfile b/Pipfile
index 402576b..81d5ba3 100644
--- a/Pipfile
+++ b/Pipfile
@@ -14,6 +14,7 @@ PyYAML = ">=\"3.11\""
pytest = ">=\"2.9.2\""
pytest-runner = ">=\"2.11.1\""
sphinxcontrib-napoleon = "*"
+pallets-sphinx-themes = "*"
[packages]
requests = "*"
diff --git a/Pipfile.lock b/Pipfile.lock
index 812b305..41a991e 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -1,7 +1,7 @@
{
"_meta": {
"hash": {
- "sha256": "c99060f3dfc80495e14ff7da7324d98cbd359293f5d8e2be22c8639637e5e8fb"
+ "sha256": "80f114d6895867fb991a17c72898759b23205f88e33bc3b6ed8d7b9cbe38982a"
},
"pipfile-spec": 6,
"requires": {
@@ -260,6 +260,14 @@
],
"version": "==19.0"
},
+ "pallets-sphinx-themes": {
+ "hashes": [
+ "sha256:4d6c2de325ee21c83e0f8f8b3961f75c9c30f0e33df155a832a834dc2ea53b38",
+ "sha256:8d31f57342d5e353528e5883a4e5e05612832e51bbd1a9ecde7f1a7011590c98"
+ ],
+ "index": "pypi",
+ "version": "==1.1.4"
+ },
"pathtools": {
"hashes": [
"sha256:7c35c5421a39bb82e58018febd90e3b6e5db34c5443aaaf742b3f33d4655f1c0"
@@ -353,7 +361,7 @@
"sha256:e170a9e6fcfd19021dd29845af83bb79236068bf5fd4df3327c1be18182b2531"
],
"index": "pypi",
- "version": ">=4.2b1"
+ "version": "==3.13"
},
"requests": {
"hashes": [
diff --git a/docs/_static/activate.png b/docs/_static/activate.png
new file mode 100644
index 0000000..23d7c2b
Binary files /dev/null and b/docs/_static/activate.png differ
diff --git a/docs/_static/activation.png b/docs/_static/activation.png
new file mode 100644
index 0000000..e72e765
Binary files /dev/null and b/docs/_static/activation.png differ
diff --git a/docs/_static/authorization.png b/docs/_static/authorization.png
new file mode 100644
index 0000000..d934c5c
Binary files /dev/null and b/docs/_static/authorization.png differ
diff --git a/docs/_static/authorize.png b/docs/_static/authorize.png
new file mode 100644
index 0000000..7904884
Binary files /dev/null and b/docs/_static/authorize.png differ
diff --git a/docs/_static/consentform.png b/docs/_static/consentform.png
new file mode 100644
index 0000000..374a9ee
Binary files /dev/null and b/docs/_static/consentform.png differ
diff --git a/docs/_static/cortexhub.png b/docs/_static/cortexhub.png
new file mode 100644
index 0000000..4e555fb
Binary files /dev/null and b/docs/_static/cortexhub.png differ
diff --git a/docs/_static/generate.png b/docs/_static/generate.png
new file mode 100644
index 0000000..13de3ae
Binary files /dev/null and b/docs/_static/generate.png differ
diff --git a/docs/_static/generation.png b/docs/_static/generation.png
new file mode 100644
index 0000000..9b38580
Binary files /dev/null and b/docs/_static/generation.png differ
diff --git a/docs/_static/redirectlogin.png b/docs/_static/redirectlogin.png
new file mode 100644
index 0000000..4d125bf
Binary files /dev/null and b/docs/_static/redirectlogin.png differ
diff --git a/docs/_static/requirements.jpeg b/docs/_static/requirements.jpeg
new file mode 100644
index 0000000..6a177ac
Binary files /dev/null and b/docs/_static/requirements.jpeg differ
diff --git a/docs/_static/sdk.png b/docs/_static/sdk.png
new file mode 100644
index 0000000..d3b0e8c
Binary files /dev/null and b/docs/_static/sdk.png differ
diff --git a/docs/_templates/sidebarindex.html b/docs/_templates/sidebarindex.html
index 557c8ea..1bf2e3f 100755
--- a/docs/_templates/sidebarindex.html
+++ b/docs/_templates/sidebarindex.html
@@ -1,6 +1,6 @@
-  }} "Palo Alto Networks")
+  }} "Palo Alto Networks")
@@ -31,7 +31,7 @@
- The Palo Alto Networks Cloud Python SDK is maintained by the Tools, Integrations and Developer Relations team (TIDR).
+ The Palo Alto Networks Cloud Python SDK is maintained by the Developer Relations team.
diff --git a/docs/_templates/sidebarleft.html b/docs/_templates/sidebarleft.html
index 06f2395..c143604 100755
--- a/docs/_templates/sidebarleft.html
+++ b/docs/_templates/sidebarleft.html
@@ -1,6 +1,6 @@
-
+
@@ -31,7 +31,7 @@
- The Palo Alto Networks Cloud Python SDK is maintained by the Tools, Integrations and Developer Relations team (TIDR).
+ The Palo Alto Networks Cloud Python SDK is maintained by the Developer Relations team.
diff --git a/docs/authorize.png b/docs/authorize.png
new file mode 100644
index 0000000..2a554bc
Binary files /dev/null and b/docs/authorize.png differ
diff --git a/docs/conf.py b/docs/conf.py
index a9c9142..8a84c6e 100755
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -23,7 +23,7 @@
# -- Project information -----------------------------------------------------
project = u'pancloud'
-copyright = u'2018, Palo Alto Networks'
+copyright = u'2019, Palo Alto Networks'
author = u'sserrata@paloaltonetworks.com'
# The short X.Y version
@@ -46,7 +46,8 @@
'sphinx.ext.coverage',
'sphinx.ext.viewcode',
'sphinxcontrib.napoleon',
- 'sphinx.ext.intersphinx'
+ 'sphinx.ext.intersphinx',
+ 'pallets_sphinx_themes',
]
intersphinx_mapping = {
@@ -89,7 +90,7 @@ def setup(app):
exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
# The name of the Pygments (syntax highlighting) style to use.
-pygments_style = 'flask_theme_support.FlaskyStyle'
+# pygments_style = 'flask_theme_support.FlaskyStyle'
# -- Options for HTML output -------------------------------------------------
@@ -98,20 +99,21 @@ def setup(app):
# a list of builtin themes.
#
# html_theme = 'alabaster'
-html_theme = 'sphinx_rtd_theme'
+# html_theme = 'sphinx_rtd_theme'
+html_theme = 'flask'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
#
-html_theme_options = {
- 'show_powered_by': True,
- 'github_user': 'PaloAltoNetworks',
- 'github_repo': 'pancloud',
- 'github_banner': True,
- 'show_related': True,
- 'note_bg': '#999999'
-}
+# html_theme_options = {
+# 'show_powered_by': True,
+# 'github_user': 'PaloAltoNetworks',
+# 'github_repo': 'pancloud',
+# 'github_banner': True,
+# 'show_related': True,
+# 'note_bg': '#999999'
+# }
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
diff --git a/docs/guides/credentials.rst b/docs/guides/credentials.rst
index 5db872e..a7239ca 100755
--- a/docs/guides/credentials.rst
+++ b/docs/guides/credentials.rst
@@ -4,12 +4,12 @@ Credentials
===========
The Application Framework implements OAuth 2.0 for delegating access to
-your Logging, Event and Directory Sync services.
+the Logging, Event and Directory Sync services.
The ``pancloud`` SDK comes packaged with OAuth 2.0 support to ease the process of:
- - Generating authorization URL
- - Exchanging authorization code for tokens (authorization code grant)
+ - Generating the authorization URL
+ - Exchanging and authorization code for tokens (authorization code grant)
- Refreshing tokens
- Revoking tokens
- Token caching
@@ -17,17 +17,34 @@ The ``pancloud`` SDK comes packaged with OAuth 2.0 support to ease the process o
Obtaining and Using Tokens
--------------------------
+Starting in version 1.5.0, ``pancloud`` now supports two types of
+credentials:
-Work with your Developer Relations representative to register your
-application and receive the credentials needed to obtain an ``access_token``.
-Minimally, you'll need a ``client_id``, ``client_secret``, and ``refresh_token``.
-If you're working on an application without a user agent,
-``API Explorer`` may optionally be used to obtain a ``refresh_token``,
-i.e. perform authorization code grant.
+ - OAuth 2.0 credentials (`client_id`, `client_secret` and `refresh_token`)
+ - Developer Tokens (obtained from `API Explorer`_)
-Once acquired, you can generate a ``credentials.json`` file using the
+.. _API Explorer: https://app.apiexplorer.rocks
+
+.. note::
+ The difference between the two is that the first requires developers
+ to write an application capable of performing the OAuth 2.0 authorization
+ code grant flow whereas the second enables developers to quickly get started,
+ by leveraging API Explorer's built-in `access_token` redemption service.
+
+OAuth 2.0 Credentials
+---------------------
+If you are looking to build your own web app, work with your Developer Relations
+representative to register your application to receive the minimum credentials
+needed to perform the OAuth 2.0 authorization code grant flow: `client_id` and `client_secret`.
+
+A successful authorization will grant a `refresh_token` that can be
+combined with the `client_id` and `client_secret` to perform API requests using ``pancloud``.
+
+The following illustrates how to generate a ``credentials.json`` file using the
``summit.py`` command-line utility or the ``credentials_generate.py``
-script included in the ``pancloud`` GitHub repo examples folder.
+script included in the ``pancloud`` GitHub repo `examples`_ folder.
+
+.. _examples: https://github.com/PaloAltoNetworks/pancloud/tree/master/examples
summit.py:
@@ -61,6 +78,122 @@ Once your ``credentials.json`` file is generated, you should be ready
to run the examples packaged with the ``pancloud`` repo or use the ``pancloud``
SDK in your own project.
+Developer Tokens
+----------------
+Developer Tokens is a new concept introduced in ``pancloud`` v1.5.0 that
+enables developers to quickly get started by offloading the OAuth 2.0
+authorization code grant flow to API Explorer, in exchange for a `developer_token`.
+
+What exactly is a `developer_token` anyway? In a nutshell, a `developer_token` is
+used to authenticate with API Explorer's built-in `access_token` redemption
+service. It's intended to eliminate the need to acquire and store a `client_id`,
+`client_secret` and `refresh_token` in your own credentials store, which
+could be risky without implementing the proper security best practices.
+
+The following sections illustrate how to activate and authorize API Explorer
+so it can be used to generate a `developer_token`.
+
+Activating API Explorer
+-----------------------
+
+ 1. Login to the `Cortex Hub`_:
+
+ .. image:: ../../_static/cortexhub.png
+ :scale: 10 %
+
+ .. _Cortex Hub: https://apps.paloaltonetworks.com/apps
+
+ 2. Ensure both Logging and Directory Sync Service are activated:
+
+ .. image:: ../../_static/requirements.jpeg
+ :scale: 10 %
+
+ 3. Activate API Explorer:
+
+ .. image:: ../../_static/activate.png
+ :scale: 10 %
+
+ 4. Complete activation:
+
+ .. image:: ../../_static/activation.png
+ :scale: 10 %
+
+ 5. Click tile to login to your API Explorer instance:
+
+ .. image:: ../../_static/redirectlogin.png
+ :scale: 10 %
+
+ 6. Click the `Authorize` button corresponding to your instance (if not already authorized):
+
+ .. image:: ../../_static/authorize.png
+ :scale: 10 %
+
+ 7. Complete the authorization form (if not already authorized):
+
+ .. image:: ../../_static/authorization.png
+ :scale: 10 %
+
+ 8. Give consent to API Explorer for accessing your data:
+
+ .. image:: ../../_static/consentform.png
+ :scale: 10 %
+
+Now that API Explorer has been authorized, let's move on to generate a `developer_token`!
+
+Generating a Developer Token
+----------------------------
+
+ 1. Click the `key` icon corresponding with your authorized instance:
+
+ .. image:: ../../_static/generate.png
+ :scale: 10 %
+
+ 2. Review the `NOTICE` and select an appropriate expiration for your `developer_token`:
+
+ .. image:: ../../_static/generation.png
+ :scale: 10 %
+
+ 3. Click the `Generate` button to generate your `developer_token`. Note that
+ it will only be displayed once, so be sure to copy and store it securely
+ if appropriate.
+
+.. note::
+
+ At this point, you will be given an opportunity to record your Developer Token
+ for safe keeping. Whatever you choose to do, keep it secret and keep it safe, as
+ it allows anyone in possession of it to potentially access your data.
+
+Using a Developer Token
+-----------------------
+
+There are two primary ways to use a `developer_token` with `pancloud`:
+
+- Export a `PAN_DEVELOPER_TOKEN` environment variable
+
+ .. code-block:: console
+
+ export PAN_DEVELOPER_TOKEN=
+
+- Pass a `developer_token` kwarg into your `Credentials` class constructor (as illustrated below):
+
+ .. code-block:: python
+
+ from pancloud import Credentials
+
+ c = Credentials(developer_token=)
+
+From this point forward, your `Credentials` object should be capable of
+obtaining and refreshing an `access_token` using API Explorer's built-in
+token redemption service.
+
+.. note::
+
+ You may notice that your `credentials.json` file only stores and updates
+ the `access_token` value when using a `developer_token`. This is by design,
+ as API Explorer, acting as the token redemption service, is responsible
+ for storing the additional credentials needed to perform an `access_token`
+ refresh.
+
Credential Resolver
-------------------
The ``pancloud`` :class:`~pancloud.credentials.Credentials` class implements
@@ -111,20 +244,17 @@ with an incomplete set of credentials will raise a :exc:`~pancloud.exceptions.Pa
the default (``TinyDB``) which would result in credentials being stored
outside of ``credentials.json``.
-Auto-refresh/Auto-retry
------------------------
-By default, ``Credentials`` supports ``auto_refresh`` and ``auto_retry``
-when valid credentials are present (and ``raise_for_status`` is not passed).
+Auto-refresh
+------------
+By default, ``Credentials`` supports ``auto_refresh`` when valid
+credentials are present (and ``raise_for_status`` is not passed).
``pancloud`` will auto-refresh and apply the ``access_token`` to the
``"Authorization: Bearer"`` header under the following conditions:
* ``auto_refresh`` is set to ``True``.
* ``access_token`` is ``None``.
-* ``pancloud`` receives an ``HTTP 401`` status code from the Application Framework API and the cached token is the same as the ``access token`` to refresh.
-
-Additionally, ``pancloud`` will ``auto_retry`` a request if an
-``auto_refresh`` occurred due to an ``HTTP 401`` status code.
+* ``exp`` field in `access_token` is expired.
Access Token Caching
--------------------
diff --git a/docs/guides/quickstart.rst b/docs/guides/quickstart.rst
index e06b6ff..13f824a 100755
--- a/docs/guides/quickstart.rst
+++ b/docs/guides/quickstart.rst
@@ -11,7 +11,9 @@ Let's start with a basic example.
.. note::
- Example below assumes a credentials.json file has been properly :ref:`generated `
+ The examples below assume the existence of a :ref:`Developer Token ` or a
+ credentials.json file that has been properly :ref:`generated `. Please see
+ the :ref:`Credentials ` page for specific usage details.
Querying Logging Service
------------------------
@@ -75,7 +77,8 @@ Cool. Let's take a peek at the results:
{"queryId":"222a45ff-4f38-4418-be7d-45b511f191db","sequenceNo":0,"queryStatus":"JOB_FINISHED","clientParameters":{},"result":{"esResult":{"took":183,"hits":{"total":73708,"maxScore":2,"hits":[{"_index":"147278001_panw.all_2018071000-2018072000_000000","_type":"traffic","_id":"147278001_lcaas:1:261405:0","_score":2,"_source":{"risk-of-app":"4","logset":"ForwardToLoggingService","bytes_received":1987,"natsport":41050,"sessionid":696398,"type":"traffic","parent_start_time":0,"packets":15,"characteristic-of-app":["able-to-transfer-file","has-known-vulnerability","tunnel-other-application","prone-to-misuse","is-saas"],"dg_hier_level_4":0,"dg_hier_level_1":11,"dg_hier_level_3":0,"dg_hier_level_2":0,"action":"allow","recsize":1524,"from":"L3-Untrust","parent_session_id":0,"repeatcnt":1,"app":"ms-rdp","vsys":"vsys1","nat":1,"technology-of-app":"client-server","pkts_received":7,"chunks_sent":0,"receive_time":1531180883,"non-standard-dport":0,"subcategory-of-app":"remote-access","chunks_received":0,"users":"99.145.249.194","fwd":1,"config_ver":2049,"cloud_hostname":"ignite-ngfw","customer-id":"147278001","proto":"tcp","tunneled-app":"untunneled","is-saas-of-app":0,"natdport":3389,"action_source":"from-policy","assoc_id":0,"dst":"10.0.0.100","natdst":"10.0.1.20","chunks":0,"flags":4194369,"rule":"RDP 3389 Inbound","dport":3389,"elapsed":2,"sanctioned-state-of-app":0,"inbound_if":"ethernet1/1","device_name":"ignite-ngfw","subtype":"end","time_received":1531180921,"actionflags":-9223372036854776000,"tunnelid_imsi":0,"session_end_reason":"tcp-rst-from-client","natsrc":"10.0.1.11","seqno":1765767,"src":"99.145.249.194","start":1531180903,"time_generated":1531180921,"outbound_if":"ethernet1/2","category-of-app":"networking","bytes_sent":1604,"srcloc":"US","pkts_sent":8,"dstloc":"10.0.0.0-10.255.255.255","serial":"","bytes":3591,"vsys_id":1,"to":"L3-Trust","category":"0","sport":65416,"tunnel":0}},{"_index":"147278001_panw.all_2018071000-2018072000_000000","_type":"traffic","_id":"147278001_lcaas:1:261405:1","_score":2,"_source":{"risk-of-app":"4","logset":"ForwardToLoggingService","bytes_received":2193,"natsport":54952,"sessionid":696397,"type":"traffic","parent_start_time":0,"packets":23,"characteristic-of-app":["able-to-transfer-file","has-known-vulnerability","tunnel-other-application","prone-to-misuse","is-saas"],"dg_hier_level_4":0,"dg_hier_level_1":11,"dg_hier_level_3":0,"dg_hier_level_2":0,"action":"allow","recsize":1523,"from":"L3-Untrust","parent_session_id":0,"repeatcnt":1,"app":"ms-rdp","vsys":"vsys1","nat":1,"technology-of-app":"client-server","pkts_received":8,"chunks_sent":0,"receive_time":1531180883,"non-standard-dport":0,"subcategory-of-app":"remote-access","chunks_received":0,"users":"5.39.216.193","fwd":1,"config_ver":2049,"cloud_hostname":"ignite-ngfw","customer-id":"147278001","proto":"tcp","tunneled-app":"untunneled","is-saas-of-app":0,"natdport":3389,"action_source":"from-policy","assoc_id":0,"dst":"10.0.0.100","natdst":"10.0.1.20","chunks":0,"flags":4194369,"rule":"RDP 3389 Inbound","dport":3389,"elapsed":4,"sanctioned-state-of-app":0,"inbound_if":"ethernet1/1","device_name":"ignite-ngfw","subtype":"end","time_received":1531180922,"actionflags":-9223372036854776000,"tunnelid_imsi":0,"session_end_reason":"tcp-rst-from-client","natsrc":"10.0.1.11","seqno":1765768,"src":"5.39.216.193","start":1531180902,"time_generated":1531180922,"outbound_if":"ethernet1/2","category-of-app":"networking","bytes_sent":2328,"srcloc":"NL","pkts_sent":15,"dstloc":"10.0.0.0-10.255.255.255","serial":"","bytes":4521,"vsys_id":1,"to":"L3-Trust","category":"0","sport":30231,"tunnel":0}},{"_index":"147278001_panw.all_2018071000-2018072000_000000","_type":"traffic","_id":"147278001_lcaas:1:261405:5","_score":2,"_source":{"risk-of-app":"4","logset":"ForwardToLoggingService","bytes_received":1987,"natsport":54007,"sessionid":696401,"type":"traffic","parent_start_time":0,"packets":16,"characteristic-of-app":["able-to-transfer-file","has-known-vulnerability","tunnel-other-application","prone-to-misuse","is-saas"],"dg_hier_level_4":0,"dg_hier_level_1":11,"dg_hier_level_3":0,"dg_hier_level_2":0,"action":"allow","recsize":1523,"from":"L3-Untrust","parent_session_id":0,"repeatcnt":1,"app":"ms-rdp","vsys":"vsys1","nat":1,"technology-of-app":"client-server","pkts_received":7,"chunks_sent":0,"receive_time":1531180883,"non-standard-dport":0,"subcategory-of-app":"remote-access","chunks_received":0,"users":"103.92.24.220","fwd":1,"config_ver":2049,"cloud_hostname":"ignite-ngfw","customer-id":"147278001","proto":"tcp","tunneled-app":"untunneled","is-saas-of-app":0,"natdport":3389,"action_source":"from-policy","assoc_id":0,"dst":"10.0.0.100","natdst":"10.0.1.20","chunks":0,"flags":4194369,"rule":"RDP 3389 Inbound","dport":3389,"elapsed":4,"sanctioned-state-of-app":0,"inbound_if":"ethernet1/1","device_name":"ignite-ngfw","subtype":"end","time_received":1531180929,"actionflags":-9223372036854776000,"tunnelid_imsi":0,"session_end_reason":"tcp-rst-from-client","natsrc":"10.0.1.11","seqno":1765772,"src":"103.92.24.220","start":1531180909,"time_generated":1531180929,"outbound_if":"ethernet1/2","category-of-app":"networking","bytes_sent":1680,"srcloc":"VN","pkts_sent":9,"dstloc":"10.0.0.0-10.255.255.255","serial":"","bytes":3667,"vsys_id":1,"to":"L3-Trust","category":"0","sport":50905,"tunnel":0}},{"_index":"147278001_panw.all_2018071000-2018072000_000000","_type":"traffic","_id":"147278001_lcaas:1:261405:6","_score":2,"_source":{"risk-of-app":"4","logset":"ForwardToLoggingService","bytes_received":2253,"natsport":54992,"sessionid":696402,"type":"traffic","parent_start_time":0,"packets":25,"characteristic-of-app":["able-to-transfer-file","has-known-vulnerability","tunnel-other-application","prone-to-misuse","is-saas"],"dg_hier_level_4":0,"dg_hier_level_1":11,"dg_hier_level_3":0,"dg_hier_level_2":0,"action":"allow","recsize":1523,"from":"L3-Untrust","parent_session_id":0,"repeatcnt":1,"app":"ms-rdp","vsys":"vsys1","nat":1,"technology-of-app":"client-server","pkts_received":9,"chunks_sent":0,"receive_time":1531180883,"non-standard-dport":0,"subcategory-of-app":"remote-access","chunks_received":0,"users":"5.39.216.193","fwd":1,"config_ver":2049,"cloud_hostname":"ignite-ngfw","customer-id":"147278001","proto":"tcp","tunneled-app":"untunneled","is-saas-of-app":0,"natdport":3389,"action_source":"from-policy","assoc_id":0,"dst":"10.0.0.100","natdst":"10.0.1.20","chunks":0,"flags":4194369,"rule":"RDP 3389 Inbound","dport":3389,"elapsed":5,"sanctioned-state-of-app":0,"inbound_if":"ethernet1/1","device_name":"ignite-ngfw","subtype":"end","time_received":1531180930,"actionflags":-9223372036854776000,"tunnelid_imsi":0,"session_end_reason":"tcp-rst-from-client","natsrc":"10.0.1.11","seqno":1765773,"src":"5.39.216.193","start":1531180909,"time_generated":1531180930,"outbound_if":"ethernet1/2","category-of-app":"networking","bytes_sent":2404,"srcloc":"NL","pkts_sent":16,"dstloc":"10.0.0.0-10.255.255.255","serial":"","bytes":4657,"vsys_id":1,"to":"L3-Trust","category":"0","sport":34914,"tunnel":0}},{"_index":"147278001_panw.all_2018071000-2018072000_000000","_type":"traffic","_id":"147278001_lcaas:1:261405:8","_score":2,"_source":{"risk-of-app":"4","logset":"ForwardToLoggingService","bytes_received":1987,"natsport":12657,"sessionid":696405,"type":"traffic","parent_start_time":0,"packets":15,"characteristic-of-app":["able-to-transfer-file","has-known-vulnerability","tunnel-other-application","prone-to-misuse","is-saas"],"dg_hier_level_4":0,"dg_hier_level_1":11,"dg_hier_level_3":0,"dg_hier_level_2":0,"action":"allow","recsize":1523,"from":"L3-Untrust","parent_session_id":0,"repeatcnt":1,"app":"ms-rdp","vsys":"vsys1","nat":1,"technology-of-app":"client-server","pkts_received":7,"chunks_sent":0,"receive_time":1531180883,"non-standard-dport":0,"subcategory-of-app":"remote-access","chunks_received":0,"users":"212.92.116.46","fwd":1,"config_ver":2049,"cloud_hostname":"ignite-ngfw","customer-id":"147278001","proto":"tcp","tunneled-app":"untunneled","is-saas-of-app":0,"natdport":3389,"action_source":"from-policy","assoc_id":0,"dst":"10.0.0.100","natdst":"10.0.1.20","chunks":0,"flags":4194369,"rule":"RDP 3389 Inbound","dport":3389,"elapsed":2,"sanctioned-state-of-app":0,"inbound_if":"ethernet1/1","device_name":"ignite-ngfw","subtype":"end","time_received":1531180932,"actionflags":-9223372036854776000,"tunnelid_imsi":0,"session_end_reason":"tcp-rst-from-client","natsrc":"10.0.1.11","seqno":1765775,"src":"212.92.116.46","start":1531180914,"time_generated":1531180932,"outbound_if":"ethernet1/2","category-of-app":"networking","bytes_sent":1616,"srcloc":"NL","pkts_sent":8,"dstloc":"10.0.0.0-10.255.255.255","serial":"","bytes":3603,"vsys_id":1,"to":"L3-Trust","category":"0","sport":51144,"tunnel":0}}]},"id":"222a45ff-4f38-4418-be7d-45b511f191db","from":0,"size":5,"completed":true,"state":"COMPLETED","timed_out":false},"esQuery":{"table":["panw.traffic"],"query":{"aggregations":{},"size":5},"selections":[],"params":{}}}}
-Finally, let's use the :meth:`~pancloud.logging.LoggingService.delete` method to clean up after ourselves (`Note that queries eventually age-out on their own`):
+Use the :meth:`~pancloud.logging.LoggingService.delete` method to cancel
+long running jobs you don't need anymore:
.. code:: python
diff --git a/docs/index.rst b/docs/index.rst
index 4b557e0..c208373 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -15,15 +15,18 @@ Welcome to pancloud's documentation!
====================================
The Palo Alto Networks Cloud Python SDK (or ``pancloud`` for short) was created to empower
-developers to write innovative security solutions using the Palo Alto Networks Application Framework.
+developers to write innovative security solutions using the Palo Alto Networks Application Framework
+(now known as `Cortex`_).
-The primary goal of this library is to provide full, low-level coverage for the following Application Framework services:
+.. _Cortex: https://www.paloaltonetworks.com/products/cortex
+
+The primary goal of this library is to provide full, low-level coverage of the following Application Framework services:
- Logging Service
- Directory Sync Service
- Event Service
-The secondary goal is to provide coverage, in the form of helpers, for common tasks/operations.
+The secondary goal is to provide coverage, in the form of helpers, for common tasks/operations:
- Log/event pagination
- OAuth 2.0 and token refreshing
diff --git a/requirements_dev.txt b/requirements_dev.txt
index 24051d4..71903e4 100644
--- a/requirements_dev.txt
+++ b/requirements_dev.txt
@@ -10,3 +10,4 @@ PyYAML >= "3.11"
pytest >= "2.9.2"
pytest-runner >= "2.11.1"
pancloud >= "1.4.0"
+Pallets-Sphinx-Themes>=1.1.4