Skip to main content

Cortex Data Lake Quickstart

note

The following guide will walk you through making your first API request to the Cortex Data Lake.

Choose a Language#

Python NodeJS Java

SDK Installation#

pip install pan-cortex-data-lake

Authentication#

Perhaps the easiest way to get started is by leveraging a Developer Token provided by the API Explorer's token redemption service. See Developer Tokens for details.

Export environment variables:#

export PAN_DEVELOPER_TOKEN=<your_developer_token>export PAN_DEVELOPER_TOKEN_PROVIDER=https://app.apiexplorer.rocks/request_token

Instantiate credentials object#

from pan_cortex_data_lake import Credentials

c = Credentials()

Verify credentials#

Next, let's test to make sure the credentials object is working as expected:

c.refresh()

Example output:

>>> c.refresh()'eyJ...<your_access_token>'

Basic usage#

Now that your credentials are set, let's make our first API request!

1. Import the package:#

from pan_cortex_data_lake import QueryService

2. Construct a Query Service object#

qs = QueryService(credentials=c)

3. Define a SQL statement#

SQL = "SELECT source_ip, dest_ip from `<tenant_id>.firewall.traffic` LIMIT 5"

4. Perform the query#

q = qs.create_query(query_params={"query": SQL})

5. Print the output#

job_id = q.json()["jobId"]
for p in qs.iter_job_results(job_id=job_id):    print(p.text)

Example output:

(output formatted for display purposes)

{  "jobId": "9c276960-d0ef-49e5-8da8-31aaab27ee96",  "state": "DONE",  "rowsInJob": 5,  "rowsInPage": 5,  "page": {    "pageCursor": null,    "result": {      "data": [        {          "source_ip": {            "value": "10.154.1.20",            "hex": "00000000000000000000ffff0a9a0114"          },          "dest_ip": {            "value": "212.180.157.132",            "hex": "00000000000000000000ffffd4b49d84"          }        },        {          "source_ip": {            "value": "10.154.1.20",            "hex": "00000000000000000000ffff0a9a0114"          },          "dest_ip": {            "value": "212.180.157.132",            "hex": "00000000000000000000ffffd4b49d84"          }        },        {          "source_ip": {            "value": "10.154.1.20",            "hex": "00000000000000000000ffff0a9a0114"          },          "dest_ip": {            "value": "212.180.157.132",            "hex": "00000000000000000000ffffd4b49d84"          }        },        {          "source_ip": {            "value": "10.154.1.20",            "hex": "00000000000000000000ffff0a9a0114"          },          "dest_ip": {            "value": "212.180.157.132",            "hex": "00000000000000000000ffffd4b49d84"          }        },        {          "source_ip": {            "value": "10.154.1.20",            "hex": "00000000000000000000ffff0a9a0114"          },          "dest_ip": {            "value": "212.180.157.132",            "hex": "00000000000000000000ffffd4b49d84"          }        }      ]    }  },  "resultFormat": "valuesDictionary"}

Complete Example#

(Previous code snippets in a single block)

from pan_cortex_data_lake import Credentials, QueryService

c = Credentials()qs = QueryService(credentials=c)
SQL = "SELECT source_ip, dest_ip from `<tenant_id>.firewall.traffic` LIMIT 5"q = qs.create_query(query_params={"query": SQL})job_id = q.json()["jobId"]
for p in qs.iter_job_results(job_id=job_id):    print(p.text)