User-ID provides many out-of-the box methods for obtaining
user mapping information. However, you might have applications or
devices that capture user information but cannot natively integrate
with User-ID. For example, you might have a custom, internally developed
application or a device that no standard user mapping method supports.
In such cases, you can use the PAN-OS XML API to create custom scripts that
send the information to the PAN-OS integrated User-ID agent or directly
to the firewall. The PAN-OS XML API uses standard HTTP requests
to send and receive data. API calls can be made directly from command
line utilities such as cURL or using any scripting or application
framework that supports POST and GET requests.
To enable an external system to send user mapping information
to the PAN-OS integrated User-ID agent, create scripts that extract
user login and logout events and use the events as input to the
PAN-OS XML API request. Then define the mechanisms for submitting
the XML API requests to the firewall (using cURL, for example) and
use the API key of the firewall for secure communication. For more
details, refer to the PAN-OS XML API Usage Guide.