prisma-sdwan-apps

Name: prisma-sdwan-apps
Author: automateyournetwork/netclaw

$npx mdskill add automateyournetwork/netclaw/prisma-sdwan-apps

Lists Prisma SD-WAN application definitions for policy visibility

Helps identify and categorize applications for policy enforcement
Uses OAuth2 authentication with Prisma SD-WAN MCP server
Fetches application definitions including categories and risk levels
Delivers results as a structured list of application data

SKILL.md

.github/skills/prisma-sdwan-appsView on GitHub ↗

---
name: prisma-sdwan-apps
description: "View Prisma SD-WAN application definitions for policy visibility"
license: Apache-2.0
user-invocable: true
metadata:
  openclaw:
    requires:
      bins: ["python3"]
      env: ["PAN_CLIENT_ID", "PAN_CLIENT_SECRET", "PAN_TSG_ID"]
---

# Prisma SD-WAN Application Visibility

View application definitions in your Palo Alto Networks Prisma SD-WAN fabric. Understand which applications are defined for policy enforcement, their categories, and risk levels.

## When to Use

- Listing all application definitions in the fabric
- Finding applications by name or category
- Understanding application risk classifications
- Reviewing SaaS vs on-premise application types
- Auditing application categories for policy decisions

## MCP Server

- **Server**: `prisma-sdwan-mcp` (community MCP from iamdheerajdubey)
- **Command**: `python3 -u mcp-servers/prisma-sdwan-mcp/src/prisma_sdwan_mcp/server.py` (stdio transport)
- **Auth**: OAuth2 via `PAN_CLIENT_ID`, `PAN_CLIENT_SECRET`, `PAN_TSG_ID`
- **Region**: `PAN_REGION` (americas or europe, default: americas)

## Available Tools

| Tool | Parameters | What It Does |
|------|------------|--------------|
| `get_app_defs` | None | List all application definitions with categories and risk |

## Workflow Examples

### Application Discovery

```bash
# List all applications
"Show me all SD-WAN application definitions"

# Find specific application
"Is Office 365 defined as an application?"

# List by category
"What business applications are defined?"
```

### Risk Analysis

```bash
# Find high-risk applications
"Which applications are classified as high risk?"

# Review SaaS applications
"List all SaaS application definitions"
```

### Policy Planning

```bash
# Understand categories
"What application categories are available for policies?"

# Review productivity apps
"Show me all productivity category applications"
```

## Integration with Other Skills

- **prisma-sdwan-config**: View policies that reference these applications
- **prisma-sdwan-topology**: Understand where policies are applied
- **prisma-sdwan-status**: Check if app-based policies are working

## Response Examples

### Application Definitions Response

```json
{
  "applications": [
    {
      "id": "app001",
      "name": "office365",
      "display_name": "Microsoft Office 365",
      "category": "business",
      "subcategory": "productivity",
      "risk": "low",
      "app_type": "saas"
    },
    {
      "id": "app002",
      "name": "zoom",
      "display_name": "Zoom Video Communications",
      "category": "business",
      "subcategory": "conferencing",
      "risk": "low",
      "app_type": "saas"
    }
  ],
  "total_count": 250
}
```

## Error Handling

| Error Code | Meaning | Resolution |
|------------|---------|------------|
| AUTH_FAILED | OAuth2 authentication failed | Verify PAN_CLIENT_ID, PAN_CLIENT_SECRET, PAN_TSG_ID |
| RATE_LIMITED | API rate limit exceeded | Wait and retry |

## Notes

- Read-only operations - no ServiceNow CR gating required
- Application definitions are fabric-wide (not per-site)
- Risk levels: low, medium, high
- App types: saas, on-premise, custom
- All operations logged to GAIT audit trail

More from automateyournetwork/netclaw

Skill	Description
aap-automation	Red Hat Ansible Automation Platform — inventory management, job template execution, project SCM sync, ad-hoc commands, host management, Galaxy content discovery. Use when automating infrastructure with Ansible, running playbooks, managing inventories, or searching for Ansible collections and roles.
aap-eda	Event-Driven Ansible (EDA) — activation lifecycle, rulebook management, decision environments, event stream monitoring. Use when managing event-driven automation triggers, enabling/disabling activations, or reviewing EDA rulebooks.
aap-lint	ansible-lint playbook and role validation — syntax checking, best practice enforcement, project-wide analysis, rule filtering. Use when validating Ansible playbooks, checking code quality, or enforcing automation best practices before deployment.
aci-change-deploy	Safe ACI policy change deployment - ServiceNow CR lifecycle, pre/post-change fault baselines, APIC policy application, automatic rollback on fault delta, and GAIT audit trail. Use when deploying ACI policy changes, creating tenants or EPGs, pushing config to APIC, or running a change window with rollback protection.
aci-fabric-audit	Comprehensive Cisco ACI fabric health audit - node status, tenant/VRF/BD/EPG policy review, contract analysis, fault triage, and endpoint learning verification. Use when auditing ACI fabric health, checking for faults, reviewing tenant policies, or running pre/post-change baselines on APIC.
arista-cvp	Arista CloudVision Portal (CVP) automation via REST API — device inventory, events, connectivity monitoring, tag management (4 tools). Use when managing Arista devices, checking CloudVision events, monitoring network connectivity probes, or tagging devices in CVP.
aruba-cx-config	View and manage Aruba CX switch configurations, perform ISSU upgrades, and firmware operations
aruba-cx-interfaces	Monitor Aruba CX switch interface status, LLDP neighbors, and optical transceiver health
aruba-cx-switching	View and manage Aruba CX switch VLANs and MAC address tables for Layer 2 operations
aruba-cx-system	Discover Aruba CX switch system information, firmware versions, and VSF topology