Xshield CLI Command Reference
Table of Contents
- agent-north-south-config
- collect-agent-diagnostics
- configure-agent-debug-logs
- decommission-agents
- get-agents
- show-offline-agents
- upgrade-agents
- asset-malicious-ip-blocking
- enforce-asset
- get-asset-policies
- get-assets
- get-risk-score
- get-vulnerabilities
- quarantine-restore-assets
- synchronize-asset-firewall
- crowdstrike
- attach-named-network-to-asset
- create-named-network
- delete-named-network
- detach-named-network-from-asset
- get-named-networks
- attach-named-network-to-segment
- attach-template-to-segment
- configure-policy-automation-segment
- create-segment
- delete-segment
- detach-named-network-from-segment
- detach-template-from-segment
- generate-segment-report
- get-segment-rules
- get-segments
- create-tag-label-rule
- delete-tag-label-rule
- assign-asset-tags
- create-custom-tag
- get-asset-tags
- attach-template-to-asset
- create-template
- delete-template
- detach-template-from-asset
- get-templates
- update-template
agent-north-south-config
Description:
python3 xshield_util.py agent-north-south-config --help
usage: xshield_util.py agent-north-south-config [-h] [--filter FILTER]
[--action ACTION]
[--output-file OUTPUT_FILE]
Configure north-south traffic for agents
options:
-h, --help show this help message and exit
--filter FILTER Criteria to filter agents for configuration, e.g.
"application:app1,app2;role:role1"
--action ACTION valid values: enabled, disabled
--output-file OUTPUT_FILE
Output file for north-south traffic configuration
(default: config/util_data/output_csv_files/agent_nort
h_south_config.csv)
collect-agent-diagnostics
Description:
python3 xshield_util.py collect-agent-diagnostics --help
usage: xshield_util.py collect-agent-diagnostics [-h] [--filter FILTER]
[--output-file OUTPUT_FILE]
Collect diagnostics from agents
options:
-h, --help show this help message and exit
--filter FILTER Criteria to filter agents for diagnostics collection,
e.g. "application:app1,app2;role:role1"
--output-file OUTPUT_FILE
Output file for diagnostics collection (default: confi
g/util_data/output_csv_files/agent_diagnostics.csv)
configure-agent-debug-logs
Description:
python3 xshield_util.py configure-agent-debug-logs --help
usage: xshield_util.py configure-agent-debug-logs [-h] [--filter FILTER]
[--action ACTION]
[--output-file OUTPUT_FILE]
Enable/disable debug logs in agents
options:
-h, --help show this help message and exit
--filter FILTER Criteria to filter agents for upgrade, e.g.
"application:app1,app2;role:role1"
--action ACTION Use True/False to Enable/Disable, default: True
--output-file OUTPUT_FILE
Output file for debug logs configuration (default: con
fig/util_data/output_csv_files/agent_debug_logs_config
.csv)
decommission-agents
Description:
python3 xshield_util.py decommission-agents --help
usage: xshield_util.py decommission-agents [-h]
(--asset-list-csv ASSET_LIST_CSV |
--serial-number-csv SERIAL_NUMBER_CSV |
--duplicate-serial-numbers |
--filter FILTER)
[--agent-status AGENT_STATUS]
[--agent-type AGENT_TYPE]
[--num-of-days NUM_OF_DAYS]
[--dry-run DRY_RUN]
[--output-file OUTPUT_FILE]
Decommission agents from Xshield platform (only server and endpoint type
agents)
options:
-h, --help show this help message and exit
--asset-list-csv ASSET_LIST_CSV
CSV file with asset names to decommission (refer
sample file in config/util_data/input_csv_files/asset_
list_decommission.csv)
--serial-number-csv SERIAL_NUMBER_CSV
CSV file with serial numbers to decommission (refer
sample file in config/util_data/input_csv_files/serial
_number_decommission.csv)
--duplicate-serial-numbers
Decommission agents with duplicate serial numbers
(platform fetch)
--filter FILTER Tag filter string, e.g.
"application:app1,app2;role:role1"
--agent-status AGENT_STATUS
Status of agents to filter, (valid status: active or
absent)
--agent-type AGENT_TYPE
Agent type (valid types: server, endpoint)
--num-of-days NUM_OF_DAYS
Decommissioning timeline for agents in days
--dry-run DRY_RUN Dry run: only output agents to be decommissioned,
default: True
--output-file OUTPUT_FILE
Output file for decommissioned agents (default: config
/util_data/output_csv_files/decommission_agents_output
.csv)
get-agents
Description:
python3 xshield_util.py get-agents --help
usage: xshield_util.py get-agents [-h] [--status STATUS] [--type TYPE]
[--name NAME]
[--traffic-config TRAFFIC_CONFIG]
[--firewall-coexistence FIREWALL_COEXISTENCE]
[--policy-status POLICY_STATUS]
[--policy-tamper-monitoring POLICY_TAMPER_MONITORING]
[--agent-version AGENT_VERSION]
[--filter FILTER]
[--output-file OUTPUT_FILE] [--all]
Export agents based on criteria to an output CSV file
options:
-h, --help show this help message and exit
--status STATUS Filter by agent status (valid values: active, absent)
--type TYPE Filter by asset type (valid values: server, endpoint)
--name NAME Filter by agent name
--traffic-config TRAFFIC_CONFIG
Filter by traffic configuration
--firewall-coexistence FIREWALL_COEXISTENCE
Filter by firewall coexistence configuration (valid
values: enabled, disabled)
--policy-status POLICY_STATUS
Filter by policy status
--policy-tamper-monitoring POLICY_TAMPER_MONITORING
Filter by policy tamper monitoring configuration
(valid value: disabled)
--agent-version AGENT_VERSION
Filter by agent version (e.g., 25.4.1)
--filter FILTER Raw filter string for agent search (overrides other
filter args), e.g. "application:app1,app2;role:role1"
--output-file OUTPUT_FILE
Output file for agent data (default: config/util_data/
output_csv_files/get_agents_output.csv)
--all Fetch all agents (no filters) CAUTION: This is a heavy
request to Xshield platform, may take a long time and
consume a lot of memory.
show-offline-agents
Description:
python3 xshield_util.py show-offline-agents --help
usage: xshield_util.py show-offline-agents [-h] [--filter FILTER]
[--output-file OUTPUT_FILE]
Fetch and export offline agents to an output CSV file
options:
-h, --help show this help message and exit
--filter FILTER Criteria to filter offline agents, "e.g.
application:app1,app2;role:role1"
--output-file OUTPUT_FILE
Output file for offline agents (default:
config/util_data/output_csv_files/offline_agents.csv)
upgrade-agents
Description:
python3 xshield_util.py upgrade-agents --help
usage: xshield_util.py upgrade-agents [-h] [--filter FILTER]
[--current-agent-version CURRENT_AGENT_VERSION]
--upgrade-agent-version UPGRADE_AGENT_VERSION
[--output-file OUTPUT_FILE]
Upgrade agents to a higher version
options:
-h, --help show this help message and exit
--filter FILTER Criteria to filter agents for upgrade, e.g.
"application:app1,app2;role:role1"
--current-agent-version CURRENT_AGENT_VERSION
Current agent version
--upgrade-agent-version UPGRADE_AGENT_VERSION
Agent version to upgrade to
--output-file OUTPUT_FILE
Output file for upgraded agents (default:
config/util_data/output_csv_files/upgraded_agents.csv)
asset-malicious-ip-blocking
Description:
python3 xshield_util.py asset-malicious-ip-blocking --help
usage: xshield_util.py asset-malicious-ip-blocking [-h]
(--input-file INPUT_FILE |
--asset-name ASSET_NAME |
--segment-name SEGMENT_NAME |
--filter FILTER)
[--action ACTION]
[--output-file OUTPUT_FILE]
Blocking malicious IP addresses for assets
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
CSV file with asset names (refer sample file in
asset_malicious_ip_blocking_input.csv file under
config/util_data/input_csv_files folder)
--asset-name ASSET_NAME
Name of the asset(s) to enforce (Provide comma
separated asset names for multiple assets e.g.
--asset-name Asset1,Asset2)
--segment-name SEGMENT_NAME
Name of the segment(s) to apply the malicious IP
blocking (Provide comma separated segment names for
multiple segments e.g. --segment-name
"Segment1,Segment2")
--filter FILTER Filter string for asset search, e.g.
"application:myapp;type:server"
--action ACTION Action to take (valid values: enabled, disabled)
--output-file OUTPUT_FILE
Output file to store results (default: config/util_dat
a/output_csv_files/asset_malicious_ip_blocking_output.
csv)
enforce-asset
Description:
python3 xshield_util.py enforce-asset --help
usage: xshield_util.py enforce-asset [-h] [--asset-name ASSET_NAME]
[--direction DIRECTION] [--state STATE]
[--input-file INPUT_FILE]
[--filter FILTER]
[--segment-name SEGMENT_NAME]
[--output-file OUTPUT_FILE]
Securing assets with ZeroTrust enforcement
options:
-h, --help show this help message and exit
--asset-name ASSET_NAME
Name of the asset(s) to enforce (Provide comma
separated asset names for multiple assets e.g.
--asset-name Asset1,Asset2)
--direction DIRECTION
Direction of enforcement (valid values: inbound,
outbound, both)
--state STATE State of enforcement (valid values: unsecured,
simulate-secure-internet, secure-internet, simulate-
secure-all, secure-all)
--input-file INPUT_FILE
CSV file with asset names (refer sample file in
enforce_asset_input.csv file under
config/util_data/input_csv_files folder)
--filter FILTER Filter string for asset search, e.g.
"application:myapp;type:server"
--segment-name SEGMENT_NAME
Name of the segment(s) to apply the enforcement
(Provide comma separated segment names for multiple
segments e.g. --segment-name "Segment1,Segment2")
--output-file OUTPUT_FILE
Output file to store results (default: config/util_dat
a/output_csv_files/enforce_asset_output.csv)
get-asset-policies
Description:
python3 xshield_util.py get-asset-policies --help
usage: xshield_util.py get-asset-policies [-h] (--input-file INPUT_FILE |
--asset-name ASSET_NAME |
--filter FILTER |
--segment-name SEGMENT_NAME | --all)
[--output-file OUTPUT_FILE]
Export policies (named networks and templates) for assets to an output CSV
file
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
CSV file with asset names (column: assetName)
--asset-name ASSET_NAME
Comma-separated asset names
--filter FILTER Filter string for asset search, e.g. "application:app1
,app2;environment:prod,dev;type:server,endpoint"
--segment-name SEGMENT_NAME
Name of the segment(s) to fetch matching assets
policies (Provide comma separated segment names for
multiple segments e.g. --segment-name
"Segment1,Segment2")
--all Fetch policies for all assets (criteria: *) CAUTION:
This is a heavy request to Xshield platform, may take
a long time and consume a lot of memory.
--output-file OUTPUT_FILE
Output file path for the policies (default: config/uti
l_data/output_csv_files/get_asset_policies_output.csv)
get-assets
Description:
python3 xshield_util.py get-assets --help
usage: xshield_util.py get-assets [-h] (--input-file INPUT_FILE |
--asset-name ASSET_NAME | --filter FILTER |
--segment-name SEGMENT_NAME | --all)
[--output-file OUTPUT_FILE] [--detail]
Export asset info to an output CSV file (fetch asset summary or detail,
default: summary)
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
CSV file with asset names (column: assetName)
--asset-name ASSET_NAME
Comma-separated asset names
--filter FILTER Filter string for asset search, e.g. "application:app1
,app2;environment:prod,dev;type:server,endpoint"
--segment-name SEGMENT_NAME
Name of the segment(s) to fetch assets (Provide comma
separated segment names for multiple segments e.g.
--segment-name "Segment1,Segment2")
--all Fetch all assets (criteria: *)
--output-file OUTPUT_FILE
Path for output CSV (default: config/util_data/output_
csv_files/get_assets_output.csv)
--detail Fetch and output detailed asset data
get-risk-score
Description:
python3 xshield_util.py get-risk-score --help
usage: xshield_util.py get-risk-score [-h] (--filter FILTER |
--segment-name SEGMENT_NAME | --all)
[--output-file OUTPUT_FILE]
Fetch risk score info for assets
options:
-h, --help show this help message and exit
--filter FILTER Filter string with tags or asset names for fetching
risk score , e.g.
"application:app1,app2;environment:prod,dev" or
"assetname:Asset-1,Asset-2"
--segment-name SEGMENT_NAME
Filter with comma-separated segment names
--all Fetch risk score for all assets on the
tenant(criteria: *)
--output-file OUTPUT_FILE
Path for output CSV (default: config/util_data/output_
csv_files/get_risk_score_output.csv)
get-vulnerabilities
Description:
python3 xshield_util.py get-vulnerabilities --help
usage: xshield_util.py get-vulnerabilities [-h] (--input-file INPUT_FILE |
--asset-name ASSET_NAME |
--filter FILTER |
--segment-name SEGMENT_NAME |
--all) [--unique]
[--output-file OUTPUT_FILE]
Export vulnerabilities for tenant's assets to an output CSV file
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
CSV file with asset names (column: assetName)
--asset-name ASSET_NAME
Comma-separated asset names
--filter FILTER Filter string for asset search, e.g. "application:app1
,app2;environment:prod,dev;type:server,endpoint"
--segment-name SEGMENT_NAME
Name of the segment(s) to fetch vulnerabilities for
assets (Provide comma separated segment names for
multiple segments e.g. --segment-name
"Segment1,Segment2")
--all Fetch vulnerabilities for all assets (criteria: *)
CAUTION: This is a heavy request to Xshield platform,
may take a long time and consume a lot of memory.
--unique Fetch unique vulnerabilities for all assets or
filtered assets
--output-file OUTPUT_FILE
Output file path for the vulnerabilities (default: con
fig/util_data/output_csv_files/asset_vulnerabilities_o
utput.csv)
quarantine-restore-assets
Description:
python3 xshield_util.py quarantine-restore-assets --help
usage: xshield_util.py quarantine-restore-assets [-h] [--action ACTION]
[--assetName ASSETNAME]
[--segmentName SEGMENTNAME]
[--tagValue TAGVALUE]
Quarantine/Restore Assets by assigning/removing the Quarantine tag (will be
deprecated in next release)
options:
-h, --help show this help message and exit
--action ACTION quarantine or restore
--assetName ASSETNAME
Name of the asset to be assigned with the tag
--segmentName SEGMENTNAME
Name of the segment to quarantine assets (optional)
--tagValue TAGVALUE Tag value for quarantine (only needed for quarantine
action)
synchronize-asset-firewall
Description:
python3 xshield_util.py synchronize-asset-firewall --help
usage: xshield_util.py synchronize-asset-firewall [-h]
[--asset-name ASSET_NAME]
[--direction DIRECTION]
[--filter FILTER]
[--segment-name SEGMENT_NAME]
[--input-file INPUT_FILE]
[--output-file OUTPUT_FILE]
Synchronize an assets firewall
options:
-h, --help show this help message and exit
--asset-name ASSET_NAME
Name of the asset(s) to synchronize (Provide comma
separated asset names for multiple assets e.g.
--asset-name Asset1,Asset2)
--direction DIRECTION
Direction of synchronization
--filter FILTER Filter string for asset search, e.g.
"application:myapp;type:server"
--segment-name SEGMENT_NAME
Name of the segment(s) to search for assets (Provide
comma separated segment names for multiple segments
e.g. --segment-name "Segment1,Segment2")
--input-file INPUT_FILE
CSV file with asset names (refer sample file in
synchronize_asset_firewall_input.csv file under
config/util_data/input_csv_files folder)
--output-file OUTPUT_FILE
Output file to store results (default: config/util_dat
a/output_csv_files/synchronize_asset_firewall_output.c
sv)
crowdstrike
Description:
python3 xshield_util.py crowdstrike --help
usage: xshield_util.py crowdstrike [-h] [--action ACTION]
[--hostgroup HOSTGROUP]
CrowdStrike Integration
options:
-h, --help show this help message and exit
--action ACTION Use options activate-integration/deactivate-
integration/activate-hostgroup/deactivate-hostgroup
--hostgroup HOSTGROUP
Provide hostgroupname to be activated/deactivated
based on action parameter
attach-named-network-to-asset
Description:
python3 xshield_util.py attach-named-network-to-asset --help
usage: xshield_util.py attach-named-network-to-asset [-h]
(--input-file INPUT_FILE |
--asset-name ASSET_NAME |
--filter FILTER)
[--named-network-name NAMED_NETWORK_NAME]
Attach named network(s) to asset(s)
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
CSV file with asset and named network names (refer
sample file in attach_named_network_to_asset_input.csv
file under config/util_data/input_csv_files folder)
--asset-name ASSET_NAME
Comma-separated asset names (eg: --asset-name
Asset1,Asset2)
--filter FILTER Filter string for asset search, e.g.
"application:myapp;type:server"
--named-network-name NAMED_NETWORK_NAME
Comma-separated named network names (eg: --named-
network-name "Network1,Network2")
create-named-network
Description:
python3 xshield_util.py create-named-network --help
usage: xshield_util.py create-named-network [-h] (--input-file INPUT_FILE |
--name NAME)
[--description DESCRIPTION]
[--ip-ranges IP_RANGES]
Create a named network from input file or CLI arguments
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
CSV file path for named networks (refer sample CSV
file in config/util_data/input_csv_files/create_named_
network_input.csv)
--name NAME Name of the Named Network to create
--description DESCRIPTION
Description for the Named Network
--ip-ranges IP_RANGES
IP Ranges for the Named Network (format:
"<range1;range2>")
delete-named-network
Description:
python3 xshield_util.py delete-named-network --help
usage: xshield_util.py delete-named-network [-h] (--input-file INPUT_FILE |
--name NAME)
[--output-file OUTPUT_FILE]
Delete named networks from input file or by name
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
CSV file path with namedNetworkName for batch deletion
(refer sample CSV file in config/util_data/input_csv_f
iles/delete_named_network_input.csv)
--name NAME Name of the Named Network to delete
--output-file OUTPUT_FILE
Output file to log deletion status (default: config/ut
il_data/output_csv_files/delete_named_network_output.c
sv)
detach-named-network-from-asset
Description:
python3 xshield_util.py detach-named-network-from-asset --help
usage: xshield_util.py detach-named-network-from-asset [-h]
(--input-file INPUT_FILE |
--asset-name ASSET_NAME |
--filter FILTER)
[--named-network-name NAMED_NETWORK_NAME]
[--output-file OUTPUT_FILE]
Detach named network(s) from asset(s)
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
CSV file with asset and named network names (refer
sample file in
detach_named_network_from_asset_input.csv file under
config/util_data/input_csv_files folder)
--asset-name ASSET_NAME
Comma-separated asset names (eg: --asset-name
Asset1,Asset2)
--filter FILTER Filter string for asset search, e.g.
"application:myapp;type:server"
--named-network-name NAMED_NETWORK_NAME
Comma-separated named network names (eg: --named-
network-name "Network1,Network2")
--output-file OUTPUT_FILE
Output file for detached named networks per asset
(default: config/util_data/output_csv_files/detach_nam
ed_network_from_asset_output.csv)
get-named-networks
Description:
python3 xshield_util.py get-named-networks --help
usage: xshield_util.py get-named-networks [-h] [--name NAME]
[--network-provider NETWORK_PROVIDER]
[--program-intranet PROGRAM_INTRANET]
[--system-network SYSTEM_NETWORK]
[--all] [--detail]
[--wildcard-search WILDCARD_SEARCH]
[--input-file INPUT_FILE]
[--output-file OUTPUT_FILE]
Fetch details of named networks and export to CSV
options:
-h, --help show this help message and exit
--name NAME Comma-separated names of Named Networks to fetch
--network-provider NETWORK_PROVIDER
Comma-separated network providers to filter Named
Networks
--program-intranet PROGRAM_INTRANET
Filter by program intranet status (valid: true, false)
--system-network SYSTEM_NETWORK
Filter by system network status (valid: true, false)
--all Fetch all Named Networks (CAUTION: This will be very
expensive query for platform)
--detail Fetch detailed Named Networks
--wildcard-search WILDCARD_SEARCH
Wildcard search for Named Networks (eg: 10.10.10.0/24
or SampleNN)
--input-file INPUT_FILE
CSV file to read the named network names (refer to
sample file in config/util_data/input_csv_files/get_na
med_networks_input.csv)
--output-file OUTPUT_FILE
Output file for named networks (default: config/util_d
ata/output_csv_files/get_named_networks_output.csv)
attach-named-network-to-segment
Description:
python3 xshield_util.py attach-named-network-to-segment --help
usage: xshield_util.py attach-named-network-to-segment [-h]
[--input-file INPUT_FILE]
[--segment-name SEGMENT_NAME]
[--named-network NAMED_NETWORK]
[--output-file OUTPUT_FILE]
Attach Named Networks to a Segment
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
Path to CSV input file containing segment details,
refer to sample file in config/util_data/input_csv_fil
es/attach_named_network_to_segment_input.csv
--segment-name SEGMENT_NAME
Name of the segment to which named networks are to be
assigned (supports single segment name)
--named-network NAMED_NETWORK
Name of the named networks to be assigned to segment
(e.g: "Network-1,Network-2")
--output-file OUTPUT_FILE
Output file to log assignment status (default: config/
util_data/output_csv_files/attach_named_network_to_seg
ment_output.csv)
attach-template-to-segment
Description:
python3 xshield_util.py attach-template-to-segment --help
usage: xshield_util.py attach-template-to-segment [-h]
[--input-file INPUT_FILE]
[--segment-name SEGMENT_NAME]
[--template-name TEMPLATE_NAME]
[--output-file OUTPUT_FILE]
Attach Templates to a Segment
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
Path to CSV input file containing segment details,
refer to sample file in config/util_data/input_csv_fil
es/attach_template_to_segment_input.csv
--segment-name SEGMENT_NAME
Name of the segment to which templates are to be
assigned (supports single segment name)
--template-name TEMPLATE_NAME
Name of the templates to be assigned to segment (e.g:
"Template-1,Template-2")
--output-file OUTPUT_FILE
Output file to log assignment status (default: config/
util_data/output_csv_files/attach_template_to_segment_
output.csv)
configure-policy-automation-segment
Description:
python3 xshield_util.py configure-policy-automation-segment --help
usage: xshield_util.py configure-policy-automation-segment [-h]
[--input-file INPUT_FILE]
[--segment-name SEGMENT_NAME]
[--inbound-progressive INBOUND_PROGRESSIVE]
[--outbound-progressive OUTBOUND_PROGRESSIVE]
[--auto-synchronize AUTO_SYNCHRONIZE]
[--output-file OUTPUT_FILE]
Configure Policy Automation for a Segment
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
Path to CSV input file containing segment details,
refer to sample file in config/util_data/input_csv_fil
es/configure_policy_automation_segment_input.csv
--segment-name SEGMENT_NAME
Name of the segment to configure policy automation
(supports single segment name)
--inbound-progressive INBOUND_PROGRESSIVE
Inbound progressive state to be assigned (e.g: "any or
allow-all or allow-with-bandwidth or zerotrust")
--outbound-progressive OUTBOUND_PROGRESSIVE
Outbound progressive state to be assigned (e.g: "any
or zerotrust")
--auto-synchronize AUTO_SYNCHRONIZE
Auto push to firewall state to be enabled/disabled
(e.g: "true or false")
--output-file OUTPUT_FILE
Output file to log configuration status (default: conf
ig/util_data/output_csv_files/configure_policy_automat
ion_segment_output.csv)
create-segment
Description:
python3 xshield_util.py create-segment --help
usage: xshield_util.py create-segment [-h] [--input-file INPUT_FILE]
[--segment-name SEGMENT_NAME]
[--criteria CRITERIA] [--score SCORE]
[--timeline TIMELINE]
[--segment-description SEGMENT_DESCRIPTION]
[--template-name TEMPLATE_NAME]
[--named-network NAMED_NETWORK]
[--output-file OUTPUT_FILE]
Create Segment (Read from input csv file or provide arguments)
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
Path to CSV input file containing segment details,
refer to sample file in config/util_data/input_csv_fil
es/create_segment_input.csv
--segment-name SEGMENT_NAME
Name of the segment to be created (only creates one
segment via --segment-name argument)
--criteria CRITERIA Criteria string for segment creation, (e.g:
"application:app1,app2;environment:prod,dev;custom1")
--score SCORE Target Breach Impact Score to reach (0-100)
--timeline TIMELINE Timeline for the segment to reach the score (e.g: 30,
60, 90)
--segment-description SEGMENT_DESCRIPTION
Description for the segment
--template-name TEMPLATE_NAME
Name of the templates to be attached to segment (e.g:
"Base Template;Template-1;Template-2")
--named-network NAMED_NETWORK
Name of the named networks to be attached to segment
(e.g: "Network-1;Network-2")
--output-file OUTPUT_FILE
Output file for segment creation (default: config/util
_data/output_csv_files/create_segment_output.csv)
delete-segment
Description:
python3 xshield_util.py delete-segment --help
usage: xshield_util.py delete-segment [-h] (--input-file INPUT_FILE |
--segment-name SEGMENT_NAME)
[--output-file OUTPUT_FILE]
Delete a segment
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
Path to CSV file containing segment names (refer
sample CSV file in config/util_data/input_csv_files/de
lete_segment_input.csv)
--segment-name SEGMENT_NAME
Name of the segment to delete (Comma separated segment
names (e.g: "Segment-1,Segment-2"))
--output-file OUTPUT_FILE
Output file to log deletion status (default: config/ut
il_data/output_csv_files/delete_segment_output.csv)
detach-named-network-from-segment
Description:
python3 xshield_util.py detach-named-network-from-segment --help
usage: xshield_util.py detach-named-network-from-segment [-h]
[--input-file INPUT_FILE]
[--segment-name SEGMENT_NAME]
[--named-network NAMED_NETWORK]
[--output-file OUTPUT_FILE]
Detach Named Networks from a Segment
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
Path to CSV input file containing segment details,
refer to sample file in config/util_data/input_csv_fil
es/detach_named_network_from_segment_input.csv
--segment-name SEGMENT_NAME
Name of the segment from which named networks are to
be detached (supports single segment name)
--named-network NAMED_NETWORK
Name of the named networks to be detached from segment
(e.g: "Network-1,Network-2")
--output-file OUTPUT_FILE
Output file to log detachment status (default: config/
util_data/output_csv_files/detach_named_network_from_s
egment_output.csv)
detach-template-from-segment
Description:
python3 xshield_util.py detach-template-from-segment --help
usage: xshield_util.py detach-template-from-segment [-h]
[--input-file INPUT_FILE]
[--segment-name SEGMENT_NAME]
[--template-name TEMPLATE_NAME]
[--output-file OUTPUT_FILE]
Detach Templates from a Segment
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
Path to CSV input file containing segment details,
refer to sample file in config/util_data/input_csv_fil
es/detach_template_from_segment_input.csv
--segment-name SEGMENT_NAME
Name of the segment from which templates are to be
detached (supports single segment name)
--template-name TEMPLATE_NAME
Name of the templates to be detached from segment
(e.g: "Template-1,Template-2")
--output-file OUTPUT_FILE
Output file to log detachment status (default: config/
util_data/output_csv_files/detach_template_from_segmen
t_output.csv)
generate-segment-report
Description:
python3 xshield_util.py generate-segment-report --help
usage: xshield_util.py generate-segment-report [-h] (--input-file INPUT_FILE |
--segment-name SEGMENT_NAME |
--filter FILTER)
[--output-file OUTPUT_FILE]
Generate report for segments
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
Path to CSV file containing segment names (refer
sample CSV file in
config/util_data/input_csv_files/generate-report-
input.csv)
--segment-name SEGMENT_NAME
Name of the segment to export rules (Comma separated
segment names (e.g: "Segment-1,Segment-2"))
--filter FILTER Filter string with criteria for generating report,
e.g. "application:app1,app2;environment:prod,dev"
--output-file OUTPUT_FILE
Output file to log report status (default:
config/util_data/output_csv_files/generate-report-
output.csv)
get-segment-rules
Description:
python3 xshield_util.py get-segment-rules --help
usage: xshield_util.py get-segment-rules [-h] [--input-file INPUT_FILE]
[--segment-name SEGMENT_NAME] [--all]
[--output-file OUTPUT_FILE]
Fetch and export all port and path rules associated with segments to an output
CSV file
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
Path to CSV file containing segment names (refer
sample CSV file in config/util_data/input_csv_files/ge
t_segment_rules_input.csv)
--segment-name SEGMENT_NAME
Name of the segment to export rules (Comma separated
segment names (e.g: "Segment-1,Segment-2"))
--all Export rules for all segments
--output-file OUTPUT_FILE
Output file to log export status (default: config/util
_data/output_csv_files/get_segment_rules_output.csv)
get-segments
Description:
python3 xshield_util.py get-segments --help
usage: xshield_util.py get-segments [-h] [--input-file INPUT_FILE]
[--output-file OUTPUT_FILE]
[--segment-name SEGMENT_NAME]
[--filter FILTER] [--all]
[--wildcard-search WILDCARD_SEARCH]
Fetch segment and it's details and export to CSV
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
Input file with Segment name to fetch details (refer
sample csv file in config/util_data/input_csv_files/ge
t_segments_input.csv)
--output-file OUTPUT_FILE
Output file for segment details (default: config/util_
data/output_csv_files/get_segment_output.csv)
--segment-name SEGMENT_NAME
Comma-separated names of segments to fetch
--filter FILTER Filter by criteria, e.g.
"application:app1,app2;environment:prod,dev"
--all Fetch all segments (Caution: This will be very
expensive query for platform)
--wildcard-search WILDCARD_SEARCH
Wildcard search for segments (eg: SampleSegment)
create-tag-label-rule
Description:
python3 xshield_util.py create-tag-label-rule --help
usage: xshield_util.py create-tag-label-rule [-h] [--csv_file CSV_FILE]
[--rule_name RULE_NAME]
[--type TYPE]
[--conditions CONDITIONS]
[--description DESCRIPTION]
[--tags TAGS] [--labels LABELS]
[--priority PRIORITY]
[--enabled ENABLED]
Create tag label rule (basic or advanced)
options:
-h, --help show this help message and exit
--csv_file CSV_FILE Path to CSV file containing rule definitions (see
sample file for reference: config/util_data/input_csv_
files/create_taglabelrules_input.csv)
--rule_name RULE_NAME
Name of the rule
--type TYPE Type of the rule
--conditions CONDITIONS
Conditions for the rule
--description DESCRIPTION
Description of the rule
--tags TAGS Comma-separated list of tags (basic mode)
--labels LABELS Semicolon-separated label actions (advanced mode)
--priority PRIORITY Rule priority
--enabled ENABLED Rule enabled status
delete-tag-label-rule
Description:
python3 xshield_util.py delete-tag-label-rule --help
usage: xshield_util.py delete-tag-label-rule [-h] [--csv_file CSV_FILE]
[--rule_name RULE_NAME]
Delete a tag label rule
options:
-h, --help show this help message and exit
--csv_file CSV_FILE Path to CSV file containing rule names (refer sample
file in config/util_data/input_csv_files/delete_taglab
elrules_input.csv)
--rule_name RULE_NAME
Name of the tag label rule to delete
assign-asset-tags
Description:
python3 xshield_util.py assign-asset-tags --help
usage: xshield_util.py assign-asset-tags [-h] (--input-file INPUT_FILE |
--asset-name ASSET_NAME |
--filter FILTER) [--tags TAGS]
Assign tags to assets via input file, asset names, or filter criteria.
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
CSV file with asset tags to assign (refer to sample
file assign_asset_tags_input.csv under
config/util_data/input_csv_files)
--asset-name ASSET_NAME
Comma-separated asset names (tags taken from arguments
or defaults)
--filter FILTER Filter string for asset search, (e.g.
"application:app1,app2;environment:prod,dev")
--tags TAGS Tags to assign in format (e.g.
"application:app1;environment:prod;role:web" required
with --asset-name or --filter)
create-custom-tag
Description:
python3 xshield_util.py create-custom-tag --help
usage: xshield_util.py create-custom-tag [-h] (--input-file INPUT_FILE |
--tag-name TAG_NAME)
Create custom tags (max 5 per tenant).
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
CSV file with custom tag names (refer to sample file
create_custom_tags_input.csv under
config/util_data/input_csv_files)
--tag-name TAG_NAME Comma-separated custom tag names (eg: tag1,tag2)
get-asset-tags
Description:
python3 xshield_util.py get-asset-tags --help
usage: xshield_util.py get-asset-tags [-h] (--input-file INPUT_FILE |
--asset-name ASSET_NAME |
--filter FILTER |
--segment-name SEGMENT_NAME)
[--output-file OUTPUT_FILE]
Fetch tags for assets provided via input file, asset names, or filter
criteria.
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
CSV file with asset names, refer to sample file in
get_asset_tags_input.csv file under
config/util_data/input_csv_files
--asset-name ASSET_NAME
Comma-separated asset names
--filter FILTER Filter string for asset search, e.g. "application:app1
,app2;environment:prod,dev;type:server,endpoint"
--segment-name SEGMENT_NAME
Name of the segment(s) to fetch the tags for matching
assets (Provide comma separated segment names for
multiple segments e.g. --segment-name
"Segment1,Segment2")
--output-file OUTPUT_FILE
Path for output CSV (default:
get_asset_tags_output.csv under
config/util_data/output_csv_files)
attach-template-to-asset
Description:
python3 xshield_util.py attach-template-to-asset --help
usage: xshield_util.py attach-template-to-asset [-h]
(--input-file INPUT_FILE |
--asset-name ASSET_NAME |
--filter FILTER)
[--template-name TEMPLATE_NAME]
Attach template(s) to asset(s)
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
CSV file with asset and template names (refer sample
file in attach_template_to_asset_input.csv file under
config/util_data/input_csv_files)
--asset-name ASSET_NAME
Comma-separated asset names (eg: --asset-name
Asset1,Asset2)
--filter FILTER Filter string for asset search, e.g.
"application:myapp;type:server"
--template-name TEMPLATE_NAME
Comma-separated template names (eg: --template-name
"Template1,Template2")
create-template
Description:
python3 xshield_util.py create-template --help
usage: xshield_util.py create-template [-h] [--input-file INPUT_FILE]
Create a template from input file or CLI arguments
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
CSV file path for template creation (refer sample file
in config/util_data/input_csv_files/create_template_in
put.csv)
delete-template
Description:
python3 xshield_util.py delete-template --help
usage: xshield_util.py delete-template [-h] [--template-name TEMPLATE_NAME]
[--input-file INPUT_FILE]
Delete templates by name or input-file
options:
-h, --help show this help message and exit
--template-name TEMPLATE_NAME
Name of the template to delete, comma separated names
for multiple templates
--input-file INPUT_FILE
CSV file path for template deletion with template
names (refer sample file in config/util_data/input_csv
_files/delete_template_input.csv)
detach-template-from-asset
Description:
python3 xshield_util.py detach-template-from-asset --help
usage: xshield_util.py detach-template-from-asset [-h]
(--input-file INPUT_FILE |
--asset-name ASSET_NAME |
--filter FILTER)
[--template-name TEMPLATE_NAME]
[--output-file OUTPUT_FILE]
Detach template(s) from asset(s)
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
CSV file with asset and template names(refer sample
file in detach_template_from_asset_input.csv file
under config/util_data/input_csv_files folder)
--asset-name ASSET_NAME
Comma-separated asset names (eg: --asset-name
Asset1,Asset2)
--filter FILTER Filter string for asset search, e.g.
"application:myapp;type:server"
--template-name TEMPLATE_NAME
Comma-separated template names (eg: --template-name
"Template1,Template2")
--output-file OUTPUT_FILE
Output file for detached templates per asset (default:
config/util_data/output_csv_files/detach_template_from
_asset_output.csv)
get-templates
Description:
python3 xshield_util.py get-templates --help
usage: xshield_util.py get-templates [-h] [--input-file INPUT_FILE]
[--output-file OUTPUT_FILE] [--name NAME]
[--category CATEGORY] [--type TYPE]
[--system-template SYSTEM_TEMPLATE]
[--all]
[--wildcard-search WILDCARD_SEARCH]
Fetch template and it's details and export to CSV
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
Input file for template details (refer sample csv file
in config/util_data/input_csv_files/get_templates_inpu
t.csv)
--output-file OUTPUT_FILE
Output file for template details (default: config/util
_data/output_csv_files/get_templates_output.csv)
--name NAME Comma-separated names of templates to fetch
--category CATEGORY Comma-separated categories to filter templates
--type TYPE Filter by template type (valid: allow, block)
--system-template SYSTEM_TEMPLATE
Filter by system template status (valid: true, false)
--all Fetch all templates (Caution: This will be very
expensive query for platform)
--wildcard-search WILDCARD_SEARCH
Wildcard search for templates (eg: SampleTemplate)
update-template
Description:
python3 xshield_util.py update-template --help
usage: xshield_util.py update-template [-h] [--input-file INPUT_FILE]
[--action {append,deduct,edit}]
Update a template configuration from input file or CLI arguments
options:
-h, --help show this help message and exit
--input-file INPUT_FILE
CSV file path for template edit (refer sample file in
config/util_data/input_csv_files/update_template_input
.csv)
--action {append,deduct,edit}
Action to perform on the template (valid values:
append, deduct or edit), append/deduct for port and
path data , edit for template field modifications