Palo Alto Networks Prisma Cloud

prisma cloud by palo alto networks the palo alto networks prisma cloud connector enables seamless integration with swimlane turbine, allowing for automated cloud security management and incident response palo alto networks prisma cloud connector provides swimlane turbine users with the ability to integrate their security automation workflows with prisma cloud's comprehensive cloud security platform this integration enables users to manage account groups, retrieve asset inventories, and handle alerts efficiently, thereby enhancing their cloud security posture and response capabilities with this connector, security teams can automate critical tasks, gain better visibility into their cloud environments, and respond to threats with speed and precision prerequisites before integrating palo alto networks prisma cloud with swimlane turbine, ensure you have the following prerequisites access key authentication with the following parameters url endpoint url for prisma cloud api access access key id unique identifier for api access secret key confidential key for api authentication capabilities this connector provides the following capabilities account groups account group info add account group delete account group list account groups list account group names list account group names by cloud type update account group alert rules get alert rule by id list alert rules v2 alerts alert info create on demand notification dismiss alerts download alert csv download alerts list json download policy alerts json get alerts count by status get alert csv job status get alerts list job status get policy alert job status get alert count by policy groups get alert evidence graph get alert count of policies is dismissal note required and so on asset inventory asset inventory view create asset inventory trend view v3 delete saved asset inventory filter get asset inventory trend view v3 get asset inventory view v3 get saved asset inventory filter list inventory dashboard filter autocomplete suggestions v2 list inventory filters v2 list saved asset inventory filters save asset inventory filter update saved asset inventory filter command center list top n assets list top policies list top vulnerabilities list total alerts based on the severity list total vulnerable images and hosts hosts get host scan result iam get cloud identity inventory related assets get existing least privilege access for an asset get iam query v2 get iam query get least privilege access metadata of a resource get least privilege access metadata of an asset get least privilege access suggestion resource get new least privilege access for a resource get new least privilege access for an asset get permission accesses v3 get permission accesses get permissions access next page get permissions next page get permissions role or policy definition v2 and so on vulnerabilities dashboard create remediation request get cve details by id get cve overview v2 get prioritized vulnerabilities v3 get remediation status get top impacting vulnerabilities v2 get vulnerabilities burndown get vulnerabilities by rql get vulnerability impact by stage get vulnerability overview v2 get vulnerable assets by cve get vulnerable assets by rql asset setup to access prisma access key and secret key are required alert info in the response object, field riskdetail is deprecated get resource possible values for input riskfactors as given below \[ critical severity, high severity, medium severity, has fix, remote execution, dos, recent vulnerability,exploit exists, attack complexity low, attack vector network, reachable from the internet, listening ports,container is running as root, no mandatory security profile applied, running as privileged container, package in use ] asset inventory view possible values for input timeunit as given below \[minute, hour, day, week, month, year] possible values for input scan status as given below \[all, passed, failed] the response includes an attribute groupedaggregates , whose content depends on the groupby query parameter the following table shows the attributes that groupedaggregates will include for the specified groupby query parameter groupby groupedaggregates includes not specified cloudtypename cloudtype cloudtypename cloud account accountname cloud region regionname, cloudtypename cloud service servicename, cloudtypename resource type resourcetypename, cloudtypename if you want to specify groupby multiple times, give comma separated list of values by to group response items example cloud type, cloud account, cloud region, cloud service note the asset url for the "get host scan result" action is the path to console when using the time range field in actions, please to refer to the documentation for the various value formats https //pan dev/prisma cloud/api/cspm/ https //pan dev/prisma cloud/api/cspm/api urls/ configurations prisma cloud asset authenticates using access key id and secret key configuration parameters parameter description type required url a url to the target host string required access key id access key id string required secret key secret key string required customer name customer name string optional prisma id unique prisma identifier string optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions account group info retrieve comprehensive details for a specific account group in palo alto networks prisma cloud using the provided id endpoint url /cloud/group/{{id}} method get input argument name type required description parameters includeaccountinfo boolean optional include cloud account information path parameters id string required account group id input example {"parameters" {"includeaccountinfo"\ false},"path parameters" {"id" "59c8256b 835b 4868 9d3e 0c679a2cf421"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier name string name of the resource description string output field description lastmodifiedby string output field lastmodifiedby lastmodifiedts number output field lastmodifiedts accountids array unique identifier accountids file name string unique identifier accountids file string unique identifier nononboardedcloudaccountids array unique identifier nononboardedcloudaccountids file name string unique identifier nononboardedcloudaccountids file string unique identifier autocreated boolean output field autocreated cloudaccountcount number count value childgroupids array unique identifier childgroupids file name string unique identifier childgroupids file string unique identifier output example {"status code" 200,"response headers" {"date" "mon, 15 jul 2024 03 44 32 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x ratelimit remaining" "99","x ratelimit requested tokens" "1","x ratelimit burst capacity" "100","x ratelimit replenish rate" "100","tracer id" "99bbf424962ea9c77c99e2f38f646c99","x content type options" "nosniff","x xss protection" "0","cache control" "no cache, no store, max age=0, must revalidate","pragma" "no c add account group create a new account group in palo alto networks prisma cloud using specified account ids and group name endpoint url /cloud/group method post input argument name type required description accountids array optional cloud account ids cloudaccountinfos array optional cloud account details of account associated with this account group cloudaccountinfos accountid string optional account id cloudaccountinfos cloudtype string optional cloud type cloudaccountinfos lastmodifiedby string optional last modified by description string optional description name string optional name input example {"json body" {"accountids" \["workday prod svc","consumer app int"],"cloudaccountinfos" \[{"accountid" "string","cloudtype" "aws","lastmodifiedby" "string"}],"description" "string","name" "bizfunc biztech 642281869570"}} output parameter type description status code number http status code of the response reason string response reason phrase accountids array unique identifier autocreated boolean output field autocreated cloudaccountcount number count value cloudaccountinfos array output field cloudaccountinfos cloudaccountinfos accountid string unique identifier cloudaccountinfos cloudtype string type of the resource cloudaccountinfos lastmodifiedby string output field cloudaccountinfos lastmodifiedby description string output field description id string unique identifier lastmodifiedby string output field lastmodifiedby lastmodifiedts number output field lastmodifiedts name string name of the resource output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"accountids" \["string"],"autocreated"\ true,"cloudaccountcount" 0,"cloudaccountinfos" \[{}],"description" "string","id" "string","lastmodifiedby" "string","lastmodifiedts" 0,"name" "string"}} alert info retrieve detailed information about a specific alert by providing its id in palo alto networks prisma cloud endpoint url /alert/{{id}} method get input argument name type required description parameters detailed boolean optional return detailed alert data path parameters id string required alert id input example {"parameters" {"detailed"\ true},"path parameters" {"id" "p 411652775"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier status string status value firstseen number output field firstseen lastseen number output field lastseen alerttime number time value lastupdated number output field lastupdated savesearchid string unique identifier metadata object response data metadata savesearchid string response data policy object output field policy policy policyid string unique identifier policy name string name of the resource policy policytype string type of the resource policy systemdefault boolean output field policy systemdefault policy description string output field policy description policy severity string output field policy severity policy compliancemetadata array response data policy compliancemetadata standardname string response data policy compliancemetadata standarddescription string response data policy compliancemetadata requirementid string response data policy compliancemetadata requirementname string response data policy compliancemetadata sectionid string response data policy compliancemetadata sectiondescription string response data output example {"status code" 200,"response headers" {"date" "mon, 15 jul 2024 05 04 03 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x ratelimit remaining" "9","x ratelimit requested tokens" "1","x ratelimit burst capacity" "10","x ratelimit replenish rate" "6","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, opt asset inventory view retrieve compliance status for assets in palo alto networks prisma cloud using specified filters endpoint url /v3/inventory method post input argument name type required description headers object optional http headers for the request headers content type string optional http headers for the request headers accept string optional http headers for the request detailed boolean optional detailed fields array optional array of specific fields to return filters array optional parameter for asset inventory view filters name string required filter name filters operator string optional operator filters value string optional value groupby array optional comma separated list of values by group response items valid values are cloud type, cloud account, cloud region, cloud service, and/or resource type default is cloud type limit number optional maximum number of items to return offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties append \ asc or \ desc to the key to sort by ascending or descending order respectively input example {"json body" {"detailed"\ true,"fields" \["yter"],"filters" \[{"name" "dwe","operator" "tag\ yaml org,2002\ value =","value" "ewr"}],"groupby" \["cloud type"],"limit" 10000,"offset" 0,"pagetoken" "","sortby" \[""]},"headers" {"content type" "application/json","accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase timestamp number output field timestamp requestedtimestamp number output field requestedtimestamp summary object output field summary summary timestamp number output field summary timestamp summary failedresources number output field summary failedresources summary passedresources number output field summary passedresources summary totalresources number output field summary totalresources summary highseverityfailedresources number output field summary highseverityfailedresources summary mediumseverityfailedresources number output field summary mediumseverityfailedresources summary lowseverityfailedresources number output field summary lowseverityfailedresources summary criticalseverityfailedresources number output field summary criticalseverityfailedresources summary informationalseverityfailedresources number output field summary informationalseverityfailedresources summary criticalvulnerabilityfailedresources number output field summary criticalvulnerabilityfailedresources summary highvulnerabilityfailedresources number output field summary highvulnerabilityfailedresources summary mediumvulnerabilityfailedresources number output field summary mediumvulnerabilityfailedresources summary lowvulnerabilityfailedresources number output field summary lowvulnerabilityfailedresources summary totalvulnerabilityfailedresources number output field summary totalvulnerabilityfailedresources groupedaggregates array output field groupedaggregates groupedaggregates cloudtypename string name of the resource groupedaggregates failedresources number output field groupedaggregates failedresources groupedaggregates passedresources number output field groupedaggregates passedresources groupedaggregates totalresources number output field groupedaggregates totalresources groupedaggregates highseverityfailedresources number output field groupedaggregates highseverityfailedresources output example {"status code" 200,"response headers" {"date" "wed, 12 jun 2024 10 00 18 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,con create asset inventory trend view v3 generates a trend view of asset inventory pass/fail statistics in palo alto networks prisma cloud, requiring a json body input endpoint url v3/inventory/trend method post input argument name type required description detailed boolean optional detailed fields array optional array of specific fields to return groupby array optional for asset or data inventory only group returned items by cloud type, cloud service, cloud region, cloud account, and/or resource type filters array optional filtering parameters filters name string optional name filters value string optional value filters operator string optional operator limit number optional maximum number of items to return when data is paginated, maximum number of items per page the maximum cannot exceed 10,000 offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties append \ asc or \ desc to the key to sort by ascending or descending order respectively example sort properties are id \ asc and timestamp \ desc input example {"json body" {"detailed"\ true,"fields" \["cloud region"],"groupby" \["cloud region,cloud service"],"filters" \[{"name" "cloud region","value" "dynamodb","operator" "="}],"limit" 10,"offset" 0,"pagetoken" "vda3456fserte2345342","sortby" \["cloud region"]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "mon, 08 jul 2024 09 07 42 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,con create on demand email notification generates an on demand email notification for a specified alert in palo alto networks prisma cloud using alertid and notification configuration endpoint url /alerts/api/v1/notification/ondemand method post input argument name type required description alertid string optional id of the alert for which notification needs to be sent ondemandnotificationconfig object optional parameter for create on demand email notification ondemandnotificationconfig id string optional id of the alert for which notification needs to be sent ondemandnotificationconfig clientid string optional id to identify the category of request for jira, email, slack, it can be cs ondemandnotificationconfig generatortype string optional for ad hoc notification, its value should be realtime ondemandnotificationconfig integrationtype string required can be either jira, email or slack ondemandnotificationconfig templateid string optional jira template id ondemandnotificationconfig recipients array required list of integration id for jira or email for email or channel for slack etc ondemandnotificationconfig recipients 0 string optional parameter for create on demand email notification ondemandnotificationconfig recipients 1 string optional parameter for create on demand email notification ondemandnotificationconfig recipients 2 string optional parameter for create on demand email notification translation object optional parameter for create on demand email notification translation body string required message body applicable for email and slack translation details object required its a map of key value pair translation details property name string optional name of the resource translation attachments array optional this field contains the list of paths to the s3 file from where the attachment needs to be fetched translation attachments 0 string optional parameter for create on demand email notification translation attachments 1 string optional parameter for create on demand email notification input example {"json body" {"alertid" "string","ondemandnotificationconfig" {"id" "string","clientid" "string","generatortype" "string","integrationtype" "string","templateid" "string","recipients" \[\["email1","email2","email3"]]},"translation" {"body" "string","details" {"property name " "string"},"attachments" \[\["attachmenturl1","attachmenturl2"]]}}} output parameter type description status code number http status code of the response reason string response reason phrase success number whether the operation was successful failed number output field failed successfulevents array whether the operation was successful successfulevents recipient object whether the operation was successful successfulevents recipient generatortype string type of the resource successfulevents recipient integrationtype string type of the resource successfulevents recipient id string unique identifier successfulevents customerid number unique identifier successfulevents clientid string unique identifier successfulevents id string unique identifier successfulevents notificationid string unique identifier failedevents object output field failedevents output example {"status code" 201,"response headers" {},"reason" "ok","json body" {"success" 1,"failed" 0,"successfulevents" \[{}],"failedevents" {}}} create on demand jira notification generates a jira notification for a specified alert using the provided alertid and ondemandnotificationconfig endpoint url /alerts/api/v1/notification/ondemand method post input argument name type required description alertid string optional id of the alert for which notification needs to be sent ondemandnotificationconfig object optional parameter for create on demand jira notification ondemandnotificationconfig id string optional id of the alert for which notification needs to be sent ondemandnotificationconfig clientid string optional id to identify the category of request for jira, email, slack, it can be cs ondemandnotificationconfig generatortype string optional for ad hoc notification, its value should be realtime ondemandnotificationconfig integrationtype string required can be either jira, email or slack ondemandnotificationconfig templateid string required jira template id ondemandnotificationconfig recipients array required list of integration id for jira or email for email or channel for slack etc ondemandnotificationconfig recipients 0 string optional parameter for create on demand jira notification ondemandnotificationconfig recipients 1 string optional parameter for create on demand jira notification ondemandnotificationconfig recipients 2 string optional parameter for create on demand jira notification translation object optional parameter for create on demand jira notification translation body string optional message body applicable for email and slack translation details object optional its a map of key value pair translation details property name string optional name of the resource translation attachments array optional this field contains the list of paths to the s3 file from where the attachment needs to be fetched translation attachments 0 string optional parameter for create on demand jira notification translation attachments 1 string optional parameter for create on demand jira notification input example {"json body" {"alertid" "string","ondemandnotificationconfig" {"id" "string","clientid" "string","generatortype" "string","integrationtype" "string","templateid" "string","recipients" \[\["email1","email2","email3"]]},"translation" {"body" "string","details" {"property name " "string"},"attachments" \[\["attachmenturl1","attachmenturl2"]]}}} output parameter type description status code number http status code of the response reason string response reason phrase success number whether the operation was successful failed number output field failed successfulevents array whether the operation was successful successfulevents recipient object whether the operation was successful successfulevents recipient generatortype string type of the resource successfulevents recipient integrationtype string type of the resource successfulevents recipient id string unique identifier successfulevents customerid number unique identifier successfulevents clientid string unique identifier successfulevents metadata object response data successfulevents metadata jirakey string response data successfulevents notificationid string unique identifier failedevents object output field failedevents output example {"status code" 201,"response headers" {},"reason" "ok","json body" {"success" 1,"failed" 0,"successfulevents" \[{}],"failedevents" {}}} create on demand slack notification create an on demand slack notification for a specific alert in palo alto networks prisma cloud using alertid and notification configuration endpoint url /alerts/api/v1/notification/ondemand method post input argument name type required description alertid string optional id of the alert for which notification needs to be sent ondemandnotificationconfig object optional parameter for create on demand slack notification ondemandnotificationconfig id string optional id of the alert for which notification needs to be sent ondemandnotificationconfig clientid string optional id to identify the category of request for jira, email, slack, it can be cs ondemandnotificationconfig generatortype string optional for ad hoc notification, its value should be realtime ondemandnotificationconfig integrationtype string required can be either jira, email or slack ondemandnotificationconfig templateid string optional jira template id ondemandnotificationconfig recipients array required list of integration id for jira or email for email or channel for slack etc ondemandnotificationconfig recipients 0 string optional parameter for create on demand slack notification ondemandnotificationconfig recipients 1 string optional parameter for create on demand slack notification ondemandnotificationconfig recipients 2 string optional parameter for create on demand slack notification translation object optional parameter for create on demand slack notification translation body string required message body applicable for email and slack translation details object required its a map of key value pair translation details property name string optional name of the resource translation attachments array optional this field contains the list of paths to the s3 file from where the attachment needs to be fetched translation attachments 0 string optional parameter for create on demand slack notification translation attachments 1 string optional parameter for create on demand slack notification input example {"json body" {"alertid" "string","ondemandnotificationconfig" {"id" "string","clientid" "string","generatortype" "string","integrationtype" "string","templateid" "string","recipients" \[\["email1","email2","email3"]]},"translation" {"body" "string","details" {"property name " "string"},"attachments" \[\["attachmenturl1","attachmenturl2"]]}}} output parameter type description status code number http status code of the response reason string response reason phrase success number whether the operation was successful failed number output field failed successfulevents array whether the operation was successful successfulevents recipient object whether the operation was successful successfulevents recipient generatortype string type of the resource successfulevents recipient integrationtype string type of the resource successfulevents recipient id string unique identifier successfulevents customerid number unique identifier successfulevents clientid string unique identifier successfulevents id string unique identifier successfulevents notificationid string unique identifier failedevents object output field failedevents output example {"status code" 201,"response headers" {},"reason" "ok","json body" {"success" 1,"failed" 0,"successfulevents" \[{}],"failedevents" {}}} create remediation request initiate remediation for assets in palo alto networks prisma cloud by creating tasks, jira tickets, merge requests, or suppressing vulnerabilities endpoint url uve/api/v1/remediation/vuln create remediation method post input argument name type required description headers object optional http headers for the request headers template id string optional jira id required only for createtask remediation action headers assignee string optional jira assignee required only for createtask remediation action cveid string optional cve id of the vulnerability prismaid string optional prisma id of the customer remediationaction string optional create a jira/task, create a pr, or suppress the vulnerability assettype string optional asset type required only for group level remediation assetid array optional asset ids required only for asset level remediation assetid assettype string optional asset type assetid assetid string optional uai id of the asset input example {"json body" {"cveid" "cve 2021 44228","prismaid" "807152287759069184","remediationaction" "createtask","assettype" "iac","assetid" \[{"assettype" "iac","assetid" "807152287759069184"}]},"headers" {"template id" "b17d66dd 2f8c 46f0 be1a b3e21ba7990c","assignee" "test"}} output parameter type description status code number http status code of the response reason string response reason phrase message string response message details string output field details timestamp number output field timestamp request id string unique identifier output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"message" "accepted","details" "test","timestamp" 1701778720128,"request id" "b17d66dd 2f8c 46f0 be1a b3e21ba7990c"}} delete account group removes a specified account group from palo alto networks prisma cloud using the unique id provided endpoint url /cloud/group/{{id}} method delete input argument name type required description path parameters id string required account group id input example {"path parameters" {"id" "59c8256b 835b 4868 9d3e 0c679a2cf421"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} delete saved asset inventory filter deletes a specified saved asset inventory filter in palo alto networks prisma cloud using the unique id provided endpoint url filter/inventory/{{id}} method delete input argument name type required description path parameters id string required asset inventory id input example {"path parameters" {"id" "aws all dynamodb"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} dismiss alerts dismiss or snooze alerts on the prisma cloud platform based on specified filters and optional time range endpoint url /alert/dismiss method post input argument name type required description alerts array optional alert ids dismissalnote string optional reason for dismissal dismissaltimerange object optional parameter for dismiss alerts dismissaltimerange type string required type of the resource dismissaltimerange relativetimetype string optional direction in which to count time dismissaltimerange value object required model for relativetimeduration dismissaltimerange value amount number optional number of time units dismissaltimerange value unit string optional time unit filter object optional model for filter filter detailed boolean optional detailed filter fields array optional array of specific fields to return filter filters array optional filtering parameters filter filters name string optional name filter filters operator string optional operator filter filters value string optional value filter groupby array optional for asset or data inventory only filter limit number optional maximum number of items to return filter offset number optional the number of items to skip before selecting items to return filter pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data filter sortby array optional array of sort properties filter timerange object required parameter for dismiss alerts filter timerange relativetimetype string optional direction in which to count time filter timerange type string optional type of the resource filter timerange value object required model for relativetimeduration filter timerange value amount number optional number of time units input example {"json body" {"alerts" \["p 411652775"],"dismissalnote" "string","dismissaltimerange" {"type" "relative","relativetimetype" "backward","value" {"amount" 0,"unit" "minute"}},"filter" {"detailed"\ true,"fields" \["string"],"filters" \[{"name" "string","operator" "=","value" "string"}],"groupby" \["cloud type"],"limit" 0,"offset" 0,"pagetoken" "string","sortby" \["id\ asc","timestamp\ desc"],"timerange" {"relativetimetype" "backward","type" "relative","value" {"amount" 0,"unit" "minute"}}},"policies" \["string"]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} download alert csv downloads a csv file containing the alert list generated by prisma cloud for a given job id endpoint url /alert/csv/{{id}}/download method get input argument name type required description path parameters id string required job id input example {"path parameters" {"id" "937771fea1964b3ab1c768dc62ef6789"}} output parameter type description status code number http status code of the response reason string response reason phrase file object attachment file file string output field file file file file name string name of the resource output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} download alerts list json downloads a json formatted list of alerts for a given job id from palo alto networks prisma cloud endpoint url /alert/jobs/{{id}}/download method get input argument name type required description path parameters id string required job id input example {"path parameters" {"id" "e09b247a62af4e0aafd4bf4c4b12fec7"}} output parameter type description status code number http status code of the response reason string response reason phrase file object attachment file file string output field file file file file name string name of the resource output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} download policy alerts json downloads policy alerts in json format from palo alto networks prisma cloud using a specific job id endpoint url /alert/policy/jobs/{{id}}/download method get input argument name type required description path parameters id string required job id input example {"path parameters" {"id" "b70ac365a19446a59da964785d03142d"}} output parameter type description status code number http status code of the response reason string response reason phrase file object attachment file file string output field file file file file name string name of the resource output example {"status code" 200,"response headers" {"date" "thu, 11 jul 2024 05 54 19 gmt","content type" "application/json;charset=utf 8","content length" "22","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filena get alert count by policy groups retrieve the count of alerts for policy groups in palo alto networks prisma cloud within a specified time range endpoint url /alert/v1/aggregate method post input argument name type required description filters array optional filter parameters filters name string optional name of the resource filters value string optional value for the parameter filters operator string optional parameter for get alert count by policy groups sortby array optional array of sort properties groupby string optional group by field size number optional maximum number of items to return per page when data is paginated the value cannot exceed 500 nextpagetoken string optional the nextpagetoken value from the previous response object, which is used to get the next page of data timerange object optional parameter for get alert count by policy groups timerange time type string optional time type timerange time value object optional value for the parameter timerange field for range string optional field for range timerange type string required type of the resource timerange value object optional value for the parameter timerange value starttime number optional value for the parameter timerange value endtime number optional value for the parameter input example {"json body" {"filters" \[{"name" "string","value" "string","operator" "string"}],"sortby" \["string"],"groupby" "policy type","size" 0,"nextpagetoken" "string","timerange" {"time type" "to now,absolute,relative,from now","time value" {},"field for range" "laststatuschangets","type" "string","value" {"starttime" 0,"endtime" 0}}}} output parameter type description status code number http status code of the response reason string response reason phrase groups array output field groups groups group string output field groups group groups totalalerts number output field groups totalalerts groups totalpolicies number output field groups totalpolicies groups criticalalertcount number count value groups highalertcount number count value groups mediumalertcount number count value groups lowalertcount number count value groups informationalalertcount number count value groups buildpolicycount number count value groups runpolicycount number count value groups findingtypes array type of the resource groups cloudtypes array type of the resource groups policyids array unique identifier groupby string output field groupby countdetails object output field countdetails countdetails totalalerts number output field countdetails totalalerts countdetails totalpolicies number output field countdetails totalpolicies nextpagetoken string output field nextpagetoken output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"groups" \[{}],"groupby" "string","countdetails" {"totalalerts" 100,"totalpolicies" 30},"nextpagetoken" "string"}} get alert count of policies retrieve a count of alerts per policy from palo alto networks prisma cloud within a specified time range endpoint url /alert/v1/policy method post input argument name type required description filters array optional filter parameters filters name string optional name of the resource filters value string optional value for the parameter filters operator string optional parameter for get alert count of policies sortby array optional array of sort properties groupby string optional group by field size number optional maximum number of items to return per page when data is paginated the value cannot exceed 500 nextpagetoken string optional the nextpagetoken value from the previous response object, which is used to get the next page of data timerange object optional parameter for get alert count of policies timerange time type string optional time type timerange time value object optional value for the parameter timerange field for range string optional field for range timerange type string required type of the resource timerange value object optional value for the parameter timerange value starttime number optional value for the parameter timerange value endtime number optional value for the parameter input example {"json body" {"filters" \[{"name" "string","value" "string","operator" "string"}],"sortby" \["id\ asc"],"groupby" "policy type","size" 50,"nextpagetoken" "string","timerange" {"time type" "to now","time value" {},"field for range" "laststatuschangets","type" "string","value" {"starttime" 0,"endtime" 0}}}} output parameter type description status code number http status code of the response reason string response reason phrase policies array output field policies policies alertcount number count value policies policyid string unique identifier policies policyname string name of the resource policies policytype string type of the resource policies severity string output field policies severity policies policylabels array output field policies policylabels policies compliancemetadata array response data policies compliancemetadata standardname string response data policies compliancemetadata standarddescription string response data policies compliancemetadata requirementid string response data policies compliancemetadata requirementname string response data policies compliancemetadata requirementdescription string response data policies compliancemetadata sectionid string response data policies compliancemetadata sectiondescription string response data policies compliancemetadata policyid string response data policies compliancemetadata complianceid string response data policies compliancemetadata sectionlabel string response data policies compliancemetadata sectionvieworder number response data policies compliancemetadata requirementvieworder number response data policies compliancemetadata systemdefault boolean response data policies compliancemetadata policyname string response data policies compliancemetadata customassigned boolean response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"policies" \[{}],"countdetails" {"totalalerts" 100,"totalpolicies" 30},"nextpagetoken" "string"}} get alert csv job status retrieve the current status of a csv generation job for alerts in palo alto networks prisma cloud using the specified job id endpoint url /alert/csv/{{id}}/status method get input argument name type required description path parameters id string required parameters for the get alert csv job status action input example {"path parameters" {"id" "937771fea1964b3ab1c768dc62ef6789"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier customerid number unique identifier status string status value createdby string output field createdby createdon number output field createdon lastmodified number output field lastmodified statusuri string status value output example {"status code" 200,"response headers" {"date" "thu, 11 jul 2024 05 22 33 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redloc get alert evidence graph retrieve the alert evidence graph in json format for a specific alert id from palo alto networks prisma cloud endpoint url /alert/v1/{{id}}/graph method get input argument name type required description path parameters id string required the alert id of the evidence graph input example {"path parameters" {"id" "b70ac365a19446a59da964785d03142d"}} output parameter type description status code number http status code of the response reason string response reason phrase graphs array output field graphs graphs graph object output field graphs graph graphs graph nodes object output field graphs graph nodes graphs graph edges array output field graphs graph edges graphs graph edges id string unique identifier graphs graph edges source string output field graphs graph edges source graphs graph edges target string output field graphs graph edges target graphs graph edges metadata object response data graphs graph edges metadata severity string response data nextpagetoken string output field nextpagetoken output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"graphs" \[{}],"nextpagetoken" "string"}} get alert rule by id retrieve details for a specific alert rule in palo alto networks prisma cloud using the provided id endpoint url /alert/rule/{{id}} method get input argument name type required description path parameters id string required alert rule id input example {"path parameters" {"id" "01bf3f5b 3f5f 483b 8015 7be30cf280a6"}} output parameter type description status code number http status code of the response reason string response reason phrase policyscanconfigid string unique identifier name string name of the resource description string output field description enabled boolean output field enabled scanall boolean output field scanall policies array output field policies policylabels array output field policylabels policylabels file name string name of the resource policylabels file string output field policylabels file excludedpolicies array output field excludedpolicies excludedpolicies file name string name of the resource excludedpolicies file string output field excludedpolicies file target object output field target target accountgroups array output field target accountgroups target excludedaccounts array output field target excludedaccounts target excludedaccounts file name string name of the resource target excludedaccounts file string output field target excludedaccounts file target regions array output field target regions target regions file name string name of the resource target regions file string output field target regions file target tags array output field target tags target tags file name string name of the resource target tags file string output field target tags file output example {"status code" 200,"response headers" {"date" "mon, 08 jul 2024 14 34 26 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redloc get alerts count by status retrieve the count of palo alto networks prisma cloud alerts filtered by a specific status endpoint url /alert/count/{{status}} method get input argument name type required description path parameters status string required alert status input example {"path parameters" {"status" "open"}} output parameter type description status code number http status code of the response reason string response reason phrase count number count value output example {"status code" 200,"response headers" {"date" "wed, 10 jul 2024 12 46 53 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x ratelimit remaining" "9","x ratelimit requested tokens" "1","x ratelimit burst capacity" "10","x ratelimit replenish rate" "3","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, opt get alerts list job status retrieve the current status of a specific alerts list job in palo alto networks prisma cloud using the job id endpoint url /alert/jobs/{{id}}/status method get input argument name type required description path parameters id string required parameters for the get alerts list job status action input example {"path parameters" {"id" "a5bb74f1876d43bd971369d3349fcc07"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier customerid number unique identifier status string status value createdby string output field createdby createdon number output field createdon lastmodified number output field lastmodified statusuri string status value output example {"status code" 200,"response headers" {"date" "thu, 11 jul 2024 04 00 32 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redloc get asset inventory trend view v3 retrieve pass/fail trends of asset inventory from palo alto networks prisma cloud, based on specified parameters endpoint url v3/inventory/trend method get input argument name type required description parameters cloud account string optional cloud account parameters account group string optional account group parameters cloud type string optional cloud type parameters cloud region string optional cloud region parameters cloud service string optional cloud service parameters resource type string optional resource type parameters groupby string optional comma separated list of values by to group response items valid values are cloud type, cloud account, cloud region, cloud service, and/or resource type default is cloud type parameters scan status string optional whether or not the resources passed or failed the scan all includes both scanned and unscanned resources parameters policy compliancestandard string optional policy compliance standard name parameters policy compliancerequirement string optional policy compliance requirement name parameters asset severity string optional policy severity parameters vulnerability severity string optional vulnerability severity input example {"parameters" {"cloud account" "test","account group" " group","cloud type" "gcp","cloud region" "gcp global","cloud service" "test service","resource type" "test resource type","groupby" "cloud account,cloud service","scan status" "all","policy compliancestandard" "compliance standard","policy compliancerequirement" "policy compliance requirement","asset severity" "high","vulnerability severity" "high"}} output parameter type description status code number http status code of the response reason string response reason phrase output example \[] get asset inventory view v3 retrieve pass/fail compliance data for assets within palo alto networks prisma cloud using specified parameters endpoint url v3/inventory method get input argument name type required description parameters cloud account string optional cloud account parameters account group string optional account group parameters cloud type string optional cloud type parameters cloud region string optional cloud region parameters cloud service string optional cloud service parameters resource type string optional resource type parameters groupby string optional comma separated list of values by to group response items valid values are cloud type, cloud account, cloud region, cloud service, and/or resource type default is cloud type parameters scan status string optional whether or not the resources passed or failed the scan all includes both scanned and unscanned resources parameters policy compliancestandard string optional policy compliance standard name parameters policy compliancerequirement string optional policy compliance requirement name parameters asset severity string optional policy severity parameters vulnerability severity string optional vulnerability severity input example {"parameters" {"cloud account" "test","account group" " group","cloud type" "gcp","cloud region" "gcp global","cloud service" "test service","resource type" "test resource type","groupby" "cloud account,cloud service","scan status" "all","policy compliancestandard" "compliance standard","policy compliancerequirement" "policy compliance requirement","asset severity" "high","vulnerability severity" "high"}} output parameter type description status code number http status code of the response reason string response reason phrase timestamp number output field timestamp requestedtimestamp number output field requestedtimestamp summary object output field summary summary timestamp number output field summary timestamp summary failedresources number output field summary failedresources summary passedresources number output field summary passedresources summary totalresources number output field summary totalresources summary highseverityfailedresources number output field summary highseverityfailedresources summary mediumseverityfailedresources number output field summary mediumseverityfailedresources summary lowseverityfailedresources number output field summary lowseverityfailedresources summary criticalseverityfailedresources number output field summary criticalseverityfailedresources summary informationalseverityfailedresources number output field summary informationalseverityfailedresources summary criticalvulnerabilityfailedresources number output field summary criticalvulnerabilityfailedresources summary highvulnerabilityfailedresources number output field summary highvulnerabilityfailedresources summary mediumvulnerabilityfailedresources number output field summary mediumvulnerabilityfailedresources summary lowvulnerabilityfailedresources number output field summary lowvulnerabilityfailedresources summary totalvulnerabilityfailedresources number output field summary totalvulnerabilityfailedresources groupedaggregates array output field groupedaggregates groupedaggregates cloudtypename string name of the resource groupedaggregates failedresources number output field groupedaggregates failedresources groupedaggregates passedresources number output field groupedaggregates passedresources groupedaggregates totalresources number output field groupedaggregates totalresources groupedaggregates highseverityfailedresources number output field groupedaggregates highseverityfailedresources output example {"status code" 200,"response headers" {"date" "mon, 08 jul 2024 06 36 25 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redloc get cloud identity inventory related assets retrieve assets associated with a specific cloud identity inventory resource by using the provided asset id endpoint url iam/api/v1/asset/{{asset id}}/related asset method post input argument name type required description path parameters asset id string required the asset uai where you want to find it related assets parameters limit number optional query client records limit, return max(0, min(client limit, service limit)) relationshiptype string optional relationship type lastaccessfromtime number optional last accessed from epoch (epoch) lastaccesstotime number optional last accessed to epoch (epoch) nextpagetoken string optional page token input example {"parameters" {"limit" 5},"json body" {"relationshiptype" "aws policy role","lastaccessfromtime" 1678785157,"lastaccesstotime" 1678785157,"nextpagetoken" "++fdfkjsdlfsdfdfdsfdfsdfdfdssfdfds"},"path parameters" {"asset id" "681390424b288d835f5cd03e7bfb0993"}} output parameter type description status code number http status code of the response reason string response reason phrase items array output field items items targetassetid string unique identifier items targetcloudresourceid string unique identifier items targetdisplayname string name of the resource items targetresourcetype string type of the resource items lastaccessdate string date value items lastaccessstatus string status value items grantedbyleveltype string type of the resource nextpagetoken string output field nextpagetoken totalrows number output field totalrows output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"items" \[{}],"nextpagetoken" "iam/api/{apiversion}/{apipath}?page token=q74589g444gg","totalrows" 1243}} get cve details by id retrieve detailed cve information and impacted assets from palo alto networks prisma cloud in gzip csv format, requiring a specific cveid endpoint url uve/api/v1/vulnerabilities/download method post input argument name type required description cveid string optional cve id riskfactors array optional list of risk factors assettype string optional asset type input example {"json body" {"cveid" "cve 2021 44228","riskfactors" \["risk factor"],"assettype" "package"}} output parameter type description status code number http status code of the response reason string response reason phrase file object attachment file file string output field file file file file name string name of the resource output example {"status code" 200,"response headers" {},"reason" "ok","file" {}} get cve overview v2 retrieve detailed information for a given cve id, including epss, cvss scores, and exploits from palo alto networks prisma cloud endpoint url uve/api/v1/cve overview method get input argument name type required description parameters cve id string required cve id input example {"parameters" {"cve id" "cve 2021 44228"}} output parameter type description status code number http status code of the response reason string response reason phrase cveid string unique identifier cvss number output field cvss lifecycle array output field lifecycle riskfactors array output field riskfactors severity string output field severity impacteddistroslist array output field impacteddistroslist impacteddistroslist distro string output field impacteddistroslist distro impacteddistroslist impactcount number count value impacteddistroslist highestcvss number output field impacteddistroslist highestcvss impacteddistroslist highestseverity string output field impacteddistroslist highestseverity impacteddistroslist firstpublisheddate number date value impacteddistroslist lastmodifieddate number date value impacteddistroslist distrodetailslist array output field impacteddistroslist distrodetailslist impacteddistroslist distrodetailslist cvss number output field impacteddistroslist distrodetailslist cvss impacteddistroslist distrodetailslist packagename string name of the resource impacteddistroslist distrodetailslist release string output field impacteddistroslist distrodetailslist release impacteddistroslist distrodetailslist severity string output field impacteddistroslist distrodetailslist severity impacteddistroslist distrodetailslist affectedversion string output field impacteddistroslist distrodetailslist affectedversion impacteddistroslist distrodetailslist fixedtime number time value impacteddistroslist distrodetailslist publisheddate number date value impacteddistroslist distrodetailslist modifieddate number date value impactedassetscount number count value impactedassetsruntimecount number count value output example {"status code" 200,"response headers" {"date" "sat, 13 jul 2024 15 55 35 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x content type options" "nosniff","x xss protection" "1; mode=block","cache control" "no cache, no store, max age=0, must revalidate","pragma" "no cache","expires" "0","strict transport security" "max age=31536000 ; includesubdomains","x frame options" "deny","vary" "origin, access control request method, access control request h get existing least privilege access for an asset suggests the minimal policies/roles for an asset in prisma cloud, considering actions from the past specified days endpoint url iam/api/v1/assets/{{asset id}}/existing least privileged access method get input argument name type required description path parameters asset id string required the uai asset id parameters output format string required output format type output format type parameters lookback duration days number required amount of days to look back for used actions input example {"parameters" {"output format" "json","lookback duration days" 90},"path parameters" {"asset id" "681390424b288d835f5cd03e7bfb0993"}} output parameter type description status code number http status code of the response reason string response reason phrase nextpagetoken string output field nextpagetoken permissionsinassetcount number count value permissionsinleastprivilegedcount number count value analysis array output field analysis analysis action string output field analysis action analysis configurationname string name of the resource analysis keep boolean output field analysis keep value array value for the parameter value iamresourcename string name of the resource value iamresourceid string unique identifier value iamresourcetype string type of the resource value formattype string type of the resource value snippet string value for the parameter output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"nextpagetoken" "++fdfkjsdlfsdfdfdsfdfsdfdfdssfdfds","permissionsinassetcount" 10,"permissionsinleastprivilegedcount" 10,"analysis" \[{}],"value" \[{}]}} get host scan results retrieve detailed vulnerability scan reports for specific hosts from palo alto networks prisma cloud endpoint url /api/v32 06/hosts method get input argument name type required description parameters offset number optional offsets the result to a specific report count offset starts from 0 parameters limit number optional limit is the amount to fix parameters sort string optional sorts the result using a key parameters reverse boolean optional sorts the result in reverse order parameters hostname array optional filters the result based on hostnames parameters distro array optional filters the result based on os distribution names parameters compact boolean optional provides the minimal image data information about vulnerabilities, compliance, and extended image metadata are skipped parameters clusters array optional filters the result based on cluster names parameters complianceids array optional filters the result based on compliance ids parameters complianceids file name string required parameters for the get host scan results action parameters complianceids file string required parameters for the get host scan results action parameters compliancerulename string optional filters the result based on applied compliance rule name parameters agentless boolean optional retrieves the host names that were scanned by the agentless scanner parameters csa boolean optional filters only images scanned by csa parameters stopped boolean optional retrieves the host names that were skipped during an agentless scan parameters normalizedseverity boolean optional retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level parameters uaiid string optional filters results by uaiid parameters issuetype array optional filters results by issue type input example {"parameters" {"offset" 123,"limit" 123,"sort" "string","reverse"\ true,"hostname" \["string"],"distro" \["string"],"compact"\ true,"clusters" \["string"],"complianceids" \[{"file name" "example name","file" "string"}],"compliancerulename" "example name","agentless"\ true,"csa"\ true,"stopped"\ true,"normalizedseverity"\ true,"uaiid" "string","issuetype" \["string"]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" \[{"secrets" \[]," id" "string","agentless"\ true,"aisuuid" "string","allcompliance" {},"appembedded"\ true,"applications" \[],"baseimage" "string","binaries" \[],"cloudmetadata" {},"clustertype" \[],"clusters" \[],"collections" \[],"compliancedistribution" {},"complianceissues" \[]}]} get iam query retrieve the iam query for a given alert id from palo alto networks prisma cloud, requiring an 'alertid' parameter endpoint url api/v1/permission/alert/search method get input argument name type required description parameters alertid string required alert id input example {"parameters" {"alertid" "p 23213241"}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data query string output field query timerange object output field timerange timerange type string type of the resource timerange value string value for the parameter output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"data" \["string"],"query" "query 1","timerange" {"type" "to now","value" "epoch"}}} get iam query v2 retrieves the iam query for a given alert using the specified alert id in palo alto networks prisma cloud endpoint url iam/api/v2/alert/{{alert id}}/query method get input argument name type required description path parameters alert id string required the alert id input example {"path parameters" {"alert id" "i 34537"}} output parameter type description status code number http status code of the response reason string response reason phrase timerange string output field timerange query string output field query output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"timerange" "{''type' 'relative', 'value' {'unit' 'day', 'amount' 7} }","query" "config from iam where source cloud type = 'aws'"}} get least privilege access metadata of a resource retrieve metadata for optimizing resource access based on least privilege principles in palo alto networks prisma cloud, requiring a resource id endpoint url iam/api/v1/resources/{{resource id}}/over permissive metadata method get input argument name type required description path parameters resource id string required the resource id input example {"path parameters" {"resource id" "3fab987adf7c268519219cdfe5a4c4c2d4dc"}} output parameter type description status code number http status code of the response reason string response reason phrase nextpagetoken string output field nextpagetoken permissionsinassetcount number count value permissionsinleastprivilegedcount number count value analysis array output field analysis analysis action string output field analysis action analysis configurationname string name of the resource analysis keep boolean output field analysis keep value array value for the parameter value iamresourcename string name of the resource value iamresourceid string unique identifier value iamresourcetype string type of the resource value formattype string type of the resource value snippet string value for the parameter output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"nextpagetoken" "++fdfkjsdlfsdfdfdsfdfsdfdfdssfdfds","permissionsinassetcount" 10,"permissionsinleastprivilegedcount" 10,"analysis" \[{}],"value" \[{}]}} get least privilege access metadata of an asset retrieve metadata and suggestions for enhancing an asset's least privilege access in prisma cloud using the provided asset id endpoint url iam/api/v1/assets/{{asset id}}/over permissive metadata method get input argument name type required description path parameters asset id string required the uai asset id input example {"path parameters" {"asset id" "681390424b288d835f5cd03e7bfb0993"}} output parameter type description status code number http status code of the response reason string response reason phrase totaliamresourcecount number count value overpermissivecount number count value iscustomleastprivilegedsupported boolean output field iscustomleastprivilegedsupported isexistingleastprivilegedsupported boolean output field isexistingleastprivilegedsupported iamresourcetype string type of the resource output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"totaliamresourcecount" 15,"overpermissivecount" 10,"iscustomleastprivilegedsupported"\ true,"isexistingleastprivilegedsupported"\ true,"iamresourcetype" "aws iam policy"}} get least privilege access suggestion resource generates least privilege access suggestions for a resource in palo alto networks prisma cloud, based on iam configurations and activity from the specified lookback duration endpoint url iam/api/v1/resources/{{resource id}}/existing least privileged access method get input argument name type required description parameters output format string required output format type output format type parameters lookback duration days number required amount of days to look back for used actions path parameters resource id string required the resource id input example {"parameters" {"output format" "json","lookback duration days" 90},"path parameters" {"resource id" "3fab987adf7c268519219cdfe5a4c4c2d4dc"}} output parameter type description status code number http status code of the response reason string response reason phrase nextpagetoken string output field nextpagetoken permissionsinassetcount number count value permissionsinleastprivilegedcount number count value analysis array output field analysis analysis action string output field analysis action analysis configurationname string name of the resource analysis keep boolean output field analysis keep value array value for the parameter value iamresourcename string name of the resource value iamresourceid string unique identifier value iamresourcetype string type of the resource value formattype string type of the resource value snippet string value for the parameter output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"nextpagetoken" "++fdfkjsdlfsdfdfdsfdfsdfdfdssfdfds","permissionsinassetcount" 10,"permissionsinleastprivilegedcount" 10,"analysis" \[{}],"value" \[{}]}} get new least privilege access for a resource generates a custom least privileged access configuration for a resource in palo alto networks prisma cloud based on past actions within a specified lookback period endpoint url iam/api/v1/resources/{{resource id}}/custom least privileged access method get input argument name type required description parameters output format string required output format type output format type parameters lookback duration days number required amount of days to look back for used actions path parameters resource id string required the resource id input example {"parameters" {"output format" "json","lookback duration days" 90},"path parameters" {"resource id" "3fab987adf7c268519219cdfe5a4c4c2d4dc"}} output parameter type description status code number http status code of the response reason string response reason phrase nextpagetoken string output field nextpagetoken permissionsinassetcount number count value permissionsinleastprivilegedcount number count value analysis array output field analysis analysis action string output field analysis action analysis configurationname string name of the resource analysis keep boolean output field analysis keep value array value for the parameter value formattype string type of the resource value snippet string value for the parameter output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"nextpagetoken" "++fdfkjsdlfsdfdfdsfdfsdfdfdssfdfds","permissionsinassetcount" 10,"permissionsinleastprivilegedcount" 10,"analysis" \[{}],"value" \[{}]}} get new least privilege access for an asset generates a least privileged access configuration for a specified asset in palo alto networks prisma cloud, considering the last x days of activity to optimize policy and role usage endpoint url iam/api/v1/assets/{{asset id}}/custom least privileged access method get input argument name type required description path parameters asset id string required the uai asset id parameters output format string required output format type output format type parameters lookback duration days number required amount of days to look back for used actions input example {"parameters" {"output format" "json","lookback duration days" 90},"path parameters" {"asset id" "681390424b288d835f5cd03e7bfb0993"}} output parameter type description status code number http status code of the response reason string response reason phrase nextpagetoken string output field nextpagetoken permissionsinassetcount number count value permissionsinleastprivilegedcount number count value analysis array output field analysis analysis action string output field analysis action analysis configurationname string name of the resource analysis keep boolean output field analysis keep value array value for the parameter value formattype string type of the resource value snippet string value for the parameter output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"nextpagetoken" "++fdfkjsdlfsdfdfdsfdfsdfdfdssfdfds","permissionsinassetcount" 10,"permissionsinleastprivilegedcount" 10,"analysis" \[{}],"value" \[{}]}} get permission accesses retrieve usage data for a specific permission in palo alto networks prisma cloud, including last access details and requires permissionid and query endpoint url api/v1/permission/access method post input argument name type required description limit number optional maximun number of items to return for the given query permissionid string optional permission id query string optional query string input example {"json body" {"limit" 5,"permissionid" "111111","query" "config from iam where "}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data items array response data data items destcloudresourcename string response data data items lastaccessdate string response data data nextpagetoken string response data data totalrows number response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"data" {"items" \[],"nextpagetoken" "++fdfkjsdlfsdfdfdsfdfsdfdfdssfdfds","totalrows" 1243}}} get permission accesses v3 retrieve a paginated list of the last accesses for a specific permission in palo alto networks prisma cloud, including a token for subsequent pages endpoint url iam/api/v3/permission/{{permission id}}/list access method post input argument name type required description path parameters permission id string required the permission id can be retrieved from search/permission api parameters limit number optional query records limit query string optional query string nextpagetoken string optional page token input example {"parameters" {"limit" 5},"json body" {"query" "config from iam where source cloud type = 'aws'","nextpagetoken" "++fdfkjsdlfsdfdfdsfdfsdfdfdssfdfds"},"path parameters" {"permission id" "06c3cb4403ac276ff59679139b8e6afca2afe93100c8b39014f033ca0339ff0f"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data items array response data data items destcloudresourcename string response data data items lastaccessdate string response data data items destcloudregion string response data data items destcloudaccount string response data data nextpagetoken string response data data totalrows number response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"data" {"items" \[],"nextpagetoken" "iam/api/{apiversion}/{apipath}?page token=q74589g444gg","totalrows" 1243}}} get permissions obtain iam permissions from palo alto networks prisma cloud using query parameters with a defined result limit endpoint url api/v1/permission method post input argument name type required description id string optional request user id limit number optional maximun number of items to return for the given query query string optional iam rql query input example {"json body" {"id" "123456","limit" 5,"query" "config from iam where "}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data items array response data data items accessedresourcescount number response data data items destcloudaccount string response data data items destcloudregion string response data data items destcloudresourcerrn string response data data items destcloudservicename string response data data items destcloudtype string response data data items destresourceid string response data data items destresourcename string response data data items destresourcetype string response data data items effectiveactionname string response data data items exceptions array response data data items exceptions messagecode string response data data items grantedbycloudentityid string response data data items grantedbycloudentityname string response data data items grantedbycloudentityrrn string response data data items grantedbycloudentitytype string response data data items grantedbycloudpolicyid string response data data items grantedbycloudpolicyname string response data data items grantedbycloudpolicyrrn string response data data items grantedbycloudpolicytype string response data data items grantedbycloudtype string response data output example {"data" {"items" \[{}],"nextpagetoken" "string","searcheddestcloudresourcenames" \[{}],"totalrows" 123},"description" "string","id" "12345678 1234 1234 1234 123456789abc","name" "example name","query" "string","saved"\ true,"searchtype" "string","timerange" {"type" "string","value" "string"}} get permissions access next page retrieve the next page of permissions data from palo alto networks prisma cloud using a pagetoken endpoint url api/v1/permission/access/page method post input argument name type required description limit number optional maximun number of items to return for the given query pagetoken string optional page token input example {"json body" {"limit" 5,"pagetoken" "++fdfkjsdlfsdfdfdsfdfsdfdfdssfdfds"}} output parameter type description status code number http status code of the response reason string response reason phrase items array output field items items destcloudresourcename string name of the resource items lastaccessdate string date value nextpagetoken string output field nextpagetoken totalrows number output field totalrows output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"items" \[{}],"nextpagetoken" "++fdfkjsdlfsdfdfdsfdfsdfdfdssfdfds","totalrows" 1243}} get permissions next page retrieve the next page of permissions from palo alto networks prisma cloud with a given pagetoken endpoint url api/v1/permission/page method post input argument name type required description limit number optional maximun number of items to return pagetoken string optional page token from the response object of an earlier request to get permissions input example {"json body" {"limit" 0,"pagetoken" "asdfvr3456575432wesdfs24assd"}} output parameter type description status code number http status code of the response reason string response reason phrase items array output field items items accessedresourcescount number count value items destcloudaccount string count value items destcloudregion string output field items destcloudregion items destcloudresourcerrn string output field items destcloudresourcerrn items destcloudservicename string name of the resource items destcloudtype string type of the resource items destresourceid string unique identifier items destresourcename string name of the resource items destresourcetype string type of the resource items effectiveactionname string name of the resource items exceptions array output field items exceptions items exceptions messagecode string response message items grantedbycloudentityid string unique identifier items grantedbycloudentityname string name of the resource items grantedbycloudentityrrn string output field items grantedbycloudentityrrn items grantedbycloudentitytype string type of the resource items grantedbycloudpolicyid string unique identifier items grantedbycloudpolicyname string name of the resource items grantedbycloudpolicyrrn string output field items grantedbycloudpolicyrrn items grantedbycloudpolicytype string type of the resource items grantedbycloudtype string type of the resource items id string unique identifier output example {"items" \[{"accessedresourcescount" 123,"destcloudaccount" "string","destcloudregion" "string","destcloudresourcerrn" "string","destcloudservicename" "example name","destcloudtype" "string","destresourceid" "string","destresourcename" "example name","destresourcetype" "string","effectiveactionname" "example name","exceptions" \[],"grantedbycloudentityid" "string","grantedbycloudentityname" "example name","grantedbycloudentityrrn" "string","grantedbycloudentitytype" "string"}],"nextpagetoken" "str get permissions role or policy definition v2 retrieve configuration details for a specific permission id in palo alto networks prisma cloud endpoint url iam/api/v2/search/iam config method post input argument name type required description permissionid string optional permissionid to get the raw config for can be obtain form calling search/permission api input example {"json body" {"permissionid" "06c3cb4403ac276ff59679139b8e6afca2afe93100c8b39014f033ca0339ff0f"}} output parameter type description status code number http status code of the response reason string response reason phrase raw string output field raw output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"raw" "test raw"}} get permissions v4 retrieves permissions grouped by fields and provides a page token for subsequent queries in palo alto networks prisma cloud requires a 'query' json body input endpoint url iam/api/v4/search/permission method post input argument name type required description parameters limit number optional query records limit query string optional rql query searchid string optional saved search id nextpagetoken string optional page token groupbyfields array optional fields to group results by empty or missing array is considered the same as an array with all possible fields input example {"parameters" {"limit" 5},"json body" {"query" "config from iam where dest cloud type='aws'","searchid" "ff4fcb80 03f6 41dd 8bd8 6179fd46b3a4","nextpagetoken" "++fdfkjsdlfsdfdfdsfdfsdfdfdssfdfds","groupbyfields" \["source","sourcecloudaccount","grantedbyentity","entitycloudaccount","grantedbypolicy","policycloudaccount","grantedbylevel","action","destination","destcloudaccount","lastaccess"]}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data items array response data data items id string response data data items sourcepublic boolean response data data items sourcecloudtype string response data data items sourcecloudaccount string response data data items sourcecloudregion string response data data items sourcecloudservicename string response data data items sourceresourcename string response data data items sourceresourcetype string response data data items sourceresourceid string response data data items sourcecloudresourceuai string response data data items sourceidpservice string response data data items sourceidpdomain string response data data items sourceidpemail string response data data items sourceidpuserid string response data data items sourceidpusername string response data data items sourceidpgroup string response data data items sourceidpuai string response data data items destcloudtype string response data data items destcloudaccount string response data data items destcloudregion string response data data items destcloudservicename string response data output example {"data" {"items" \[{}],"nextpagetoken" "string","totalrows" 123,"searcheddestcloudresourcenames" \[{}]},"query" "string","id" "12345678 1234 1234 1234 123456789abc","saved"\ true,"name" "example name","timerange" "string","searchtype" "string","description" "string","cloudtype" "string"} get policy alert job status retrieves the current status of a policy alert job in palo alto networks prisma cloud using the provided job id endpoint url /alert/policy/jobs/{{id}}/status method get input argument name type required description path parameters id string required job id input example {"path parameters" {"id" "b70ac365a19446a59da964785d03142d"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier customerid number unique identifier status string status value createdby string output field createdby createdon number output field createdon lastmodified number output field lastmodified timetaken number output field timetaken recordcount number count value statusuri string status value downloaduri string output field downloaduri output example {"status code" 200,"response headers" {"date" "thu, 11 jul 2024 05 48 19 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redloc get prioritized vulnerabilities v3 retrieve top priority vulnerabilities from palo alto networks prisma cloud, categorized by urgency and exploitability, including asset impact endpoint url uve/api/v3/dashboard/vulnerabilities/prioritised method get input argument name type required description parameters asset type string required type of asset parameters life cycle string required life cycle stage input example {"parameters" {"asset type" "iac","life cycle" "code"}} output parameter type description status code number http status code of the response reason string response reason phrase lastupdateddatetime number time value totalvulnerabilities number output field totalvulnerabilities urgent object output field urgent urgent vulnerabilitycount number count value urgent assetcount number count value patchable object output field patchable patchable vulnerabilitycount number count value patchable assetcount number count value exploitable object output field exploitable exploitable vulnerabilitycount number count value exploitable assetcount number count value internetexposed object output field internetexposed internetexposed vulnerabilitycount number count value internetexposed assetcount number count value packageinuse object output field packageinuse packageinuse vulnerabilitycount number count value packageinuse assetcount number count value output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"lastupdateddatetime" 0,"totalvulnerabilities" 0,"urgent" {"vulnerabilitycount" 0,"assetcount" 0},"patchable" {"vulnerabilitycount" 0,"assetcount" 0},"exploitable" {"vulnerabilitycount" 0,"assetcount" 0},"internetexposed" {"vulnerabilitycount" 0,"assetcount" 0},"packageinuse" {"vulnerabilitycount" 0,"assetcount" 0}}} get query suggestions provides auto complete suggestions and validity checks for partial iam queries in palo alto networks prisma cloud endpoint url api/v1/suggest method post input argument name type required description query string optional query to validate input example {"json body" {"query" "config from iam where dest cloud type='aws'"}} output parameter type description status code number http status code of the response reason string response reason phrase needsoffsetupdate boolean date value offset number output field offset suggestions array output field suggestions translate boolean output field translate valid boolean unique identifier output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"needsoffsetupdate"\ true,"offset" 43,"suggestions" \["and"],"translate"\ false,"valid"\ true}} get query suggestions v2 offers auto completion suggestions and syntax validation for rql queries in palo alto networks prisma cloud endpoint url iam/api/v2/suggestion method post input argument name type required description query string optional query to validate input example {"json body" {"query" "config from iam where dest cloud type = 'aws'"}} output parameter type description status code number http status code of the response reason string response reason phrase valid boolean unique identifier suggestions array output field suggestions translate boolean output field translate needsoffsetupdate boolean date value offset number output field offset output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"valid"\ true,"suggestions" \["and"],"translate"\ false,"needsoffsetupdate"\ true,"offset" 43}} get remediation retrieve a list of remediation actions for specified alert ids in palo alto networks prisma cloud endpoint url api/v1/permission/alert/remediation method post input argument name type required description alerts array optional list of relevant alerts input example {"json body" {"alerts" \["i 1234","i 1235"]}} output parameter type description status code number http status code of the response reason string response reason phrase alertidvscliscript object unique identifier alertidvscliscript i 1234 string unique identifier alertidvscliscript i 1235 string unique identifier clidescription string unique identifier output example {"status code" 200,"response headers" {"date" "sat, 13 jul 2024 11 00 15 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x ratelimit remaining" "49","x ratelimit requested tokens" "1","x ratelimit burst capacity" "50","x ratelimit replenish rate" "50","vary" "origin, access control request method, access control request headers, x redlock ","x xss protection" "1; mode=block","strict transport security" "max age=31536000; includesubdomains","x fra get remediation command retrieve a specific remediation command for an alert by using the unique alert id in palo alto networks prisma cloud endpoint url iam/api/v2/alert/{{alert id}}/remediation command method get input argument name type required description path parameters alert id string required the alert id input example {"path parameters" {"alert id" "i 34537"}} output parameter type description status code number http status code of the response reason string response reason phrase clicommand string output field clicommand clidescription string unique identifier output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"clicommand" "cli command","clidescription" "the following are cli command is required for remediation successful execution "}} get remediation status retrieve remediation action statuses for assets in palo alto networks prisma cloud using cveid, prismaid, and assettype endpoint url uve/api/v1/remediation/vuln remediation status method post input argument name type required description cveid string optional cve id of the vulnerability prismaid string optional prisma id allocated to the customer assettype string optional asset type assetid array optional list of asset uai ids input example {"json body" {"cveid" "cve 2021 44228","prismaid" "807152287759069184","assettype" "iac","assetid" \["80715228775906918412312"]}} output parameter type description status code number http status code of the response reason string response reason phrase values array value for the parameter values prismaid string unique identifier values unifiedassetid string unique identifier values assettype string type of the resource values assetlifecycle string value for the parameter values cveid string unique identifier values source string value for the parameter values remediationaction array value for the parameter values remediationaction action string value for the parameter values remediationaction status string status value values remediationaction actionresult string value for the parameter values remediationaction message string value for the parameter values lastupdatedtimestamp number value for the parameter output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"values" \[{}]}} get saved asset inventory filter retrieves a saved asset inventory filter by id from palo alto networks prisma cloud, enabling targeted asset management endpoint url filter/inventory/{{id}} method get input argument name type required description path parameters id string required asset inventory id input example {"path parameters" {"id" "aws all dynamodb"}} output parameter type description status code number http status code of the response reason string response reason phrase customerid number unique identifier filterid string unique identifier name string name of the resource description string output field description createdby string output field createdby lastmodifiedby string output field lastmodifiedby createdon number output field createdon filtertarget string output field filtertarget filters array output field filters filters name string name of the resource filters value string value for the parameter filters operator string output field filters operator output example {"status code" 200,"response headers" {"date" "mon, 08 jul 2024 04 14 44 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redloc get top impacting vulnerabilities v2 retrieve critical vulnerabilities with risk scores, severity, cvss, and impacted assets from palo alto networks prisma cloud requires 'life cycle' and 'top' parameters endpoint url uve/api/v2/dashboard/vulnerabilities/prioritised vuln method get input argument name type required description parameters life cycle string required life cycle stage parameters top number required number of results to be returned input example {"parameters" {"life cycle" "code","top" 5}} output parameter type description status code number http status code of the response reason string response reason phrase lastupdateddatetime number time value cve array output field cve cve id string unique identifier cve cvssscore number score value cve epssscore number score value cve completeepssscore number score value cve epssscoreprevious number output field cve epssscoreprevious cve severity string output field cve severity cve riskfactors array output field cve riskfactors cve assetsimpacted object output field cve assetsimpacted cve assetsimpacted codecount number count value cve assetsimpacted buildcount number count value cve assetsimpacted deploycount number count value cve assetsimpacted runtimecount number count value cve assetsatrisk number output field cve assetsatrisk output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"lastupdateddatetime" 0,"cve" \[{}]}} get vulnerabilities burndown retrieve vulnerability burndown data for specified asset types, life cycles, and severities in palo alto networks prisma cloud endpoint url uve/api/v2/dashboard/vulnerabilities/burndown method get input argument name type required description parameters asset type string required type of asset parameters life cycle string required life cycle stage parameters severities string required severity input example {"parameters" {"asset type" "iac","life cycle" "code","severities" "medium"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" \[{"daynum" 0,"totalcount" 0,"remediatedcount" 0,"epochtimestamp" 0}]} get vulnerabilities by rql retrieve a detailed list of vulnerabilities from palo alto networks prisma cloud using an rql query requires a 'query' in the json body endpoint url uve/api/v1/vulnerabilities/search method post input argument name type required description parameters page token string optional token for pagination query string optional search query id string optional saved search id input example {"parameters" {"page token" "324234t5sfewefge32412343"},"json body" {"query" "vulnerability where age > 30 days","id" "234134345423423"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier name string name of the resource description string output field description searchtype string type of the resource saved boolean output field saved timerange object output field timerange timerange type string type of the resource timerange value string value for the parameter query string output field query data object response data data totalrows number response data data totalvulnerabilities number response data data totalassets number response data data items array response data data items cveid string response data data items name string response data data items cvssscore number response data data items epssscore number response data data items epssscoreprevious number response data data items completeepssscore number response data data items totalimpactedassets number response data data items riskfactors array response data data items code object response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"id" "string","name" "string","description" "string","searchtype" "string","saved"\ true,"timerange" {"type" "string","value" "string"},"query" "string","data" {"totalrows" 0,"totalvulnerabilities" 0,"totalassets" 0,"items" \[],"nextpagetoken" "string"}}} get vulnerability impact by stage provides a summary of vulnerabilities by application stage in palo alto networks prisma cloud, segmented by lifecycle and severity endpoint url uve/api/v1/dashboard/vulnerabilities/impact stage method get input argument name type required description parameters asset type string required type of asset parameters life cycle string required life cycle stage parameters severities string required severity input example {"parameters" {"asset type" "iac","life cycle" "code","severities" "medium"}} output parameter type description status code number http status code of the response reason string response reason phrase value object value for the parameter value code object value for the parameter value code package number value for the parameter value code iac number value for the parameter value build object value for the parameter value run object value for the parameter value run serverlessfunction number value for the parameter value run host number value for the parameter value run deployedimage number value for the parameter value deploy object value for the parameter value deploy registryimage number value for the parameter value deploy vmimage number value for the parameter output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"value" {"code" {},"build" {},"run" {},"deploy" {}}}} get vulnerability overview v2 provides a categorized summary of total runtime vulnerabilities by asset and remediation status in palo alto networks prisma cloud endpoint url uve/api/v2/dashboard/vulnerabilities/overview method get output parameter type description status code number http status code of the response reason string response reason phrase overviewsummary object output field overviewsummary overviewsummary totalvulnerableruntimeassets object output field overviewsummary totalvulnerableruntimeassets overviewsummary totalvulnerableruntimeassets totalcount number count value overviewsummary totalvulnerableruntimeassets deployedimagecount number count value overviewsummary totalvulnerableruntimeassets serverlessfunctioncount number count value overviewsummary totalvulnerableruntimeassets hostcount number count value overviewsummary totalvulnerabilitiesinruntime object time value overviewsummary totalvulnerabilitiesinruntime totalcount number count value overviewsummary totalvulnerabilitiesinruntime criticalcount number count value overviewsummary totalvulnerabilitiesinruntime highcount number count value overviewsummary totalvulnerabilitiesinruntime mediumcount number count value overviewsummary totalvulnerabilitiesinruntime lowcount number count value overviewsummary totalremediatedinruntime object time value overviewsummary totalremediatedinruntime totalcount number count value overviewsummary totalremediatedinruntime criticalcount number count value overviewsummary totalremediatedinruntime highcount number count value overviewsummary totalremediatedinruntime mediumcount number count value overviewsummary totalremediatedinruntime lowcount number count value values array value for the parameter values lastupdateddatetime number value for the parameter values totalvulnerabilitycount number value for the parameter values totalvulnerableasset number value for the parameter values totalremediationcount number value for the parameter output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"overviewsummary" {"totalvulnerableruntimeassets" {},"totalvulnerabilitiesinruntime" {},"totalremediatedinruntime" {}},"values" \[{}]}} get vulnerable assets by cve retrieve a list of assets impacted by a specified cve id from palo alto networks prisma cloud, requiring the cve id endpoint url uve/api/v1/dashboard/vulnerabilities/vuln assets method post input argument name type required description query string optional parameter for get vulnerable assets by cve cve id string optional unique identifier risk factors array optional parameter for get vulnerable assets by cve sort by string optional parameter for get vulnerable assets by cve asset type string optional type of the resource page offset number optional parameter for get vulnerable assets by cve page size number optional parameter for get vulnerable assets by cve filter suppressed boolean optional parameter for get vulnerable assets by cve input example {"json body" {"query" "query","cve id" "cve 2021 44228","risk factors" \["attack vector network","critical severity"],"sort by" "cvssscore","asset type" "iac","page offset" 0,"page size" 0,"filter suppressed"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase value object value for the parameter value severity array value for the parameter value riskfactors array value for the parameter value serverlessfunction object value for the parameter value serverlessfunction count number value for the parameter value serverlessfunction repositorycount number value for the parameter value serverlessfunction fiximpact object value for the parameter value serverlessfunction fiximpact percentagevulns number value for the parameter value serverlessfunction fiximpact across number value for the parameter value serverlessfunction remediationavailable array value for the parameter value serverlessfunction remediationavailable action string value for the parameter value serverlessfunction remediationavailable status string status value value serverlessfunction remediationavailable actionresult object value for the parameter value serverlessfunction remediationavailable message object value for the parameter value cvssscore number value for the parameter value cveid string unique identifier value host object value for the parameter value host count number value for the parameter value host repositorycount number value for the parameter value host fiximpact object value for the parameter value host fiximpact percentagevulns number value for the parameter value host fiximpact across number value for the parameter value host remediationavailable array value for the parameter output example {"status code" 200,"response headers" {"date" "sat, 13 jul 2024 16 25 53 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x content type options" "nosniff","x xss protection" "1; mode=block","cache control" "no cache, no store, max age=0, must revalidate","pragma" "no cache","expires" "0","strict transport security" "max age=31536000 ; includesubdomains","x frame options" "deny","vary" "origin, access control request method, access control request h get vulnerable assets by rql retrieve a list of assets vulnerable to specific cves using an rql query in palo alto networks prisma cloud, including asset ids, lifecycle, and type endpoint url uve/api/v1/vulnerabilities/search/asset method post input argument name type required description parameters page token string optional token for pagination query string optional search query cveid string optional cve id assetlifecycle string optional asset lifecycle assettype string optional asset type input example {"parameters" {"page token" "3456234532456234"},"json body" {"query" "vulnerability where age > 30 days","cveid" "cve 2021 44228","assetlifecycle" "code","assettype" "package"}} output parameter type description status code number http status code of the response reason string response reason phrase value array value for the parameter value id string unique identifier value name string name of the resource value atrisk boolean value for the parameter value internetexposed boolean value for the parameter nextpagetoken string output field nextpagetoken output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"value" \[{}],"nextpagetoken" "string"}} is dismissal note required determines if a dismissal note is mandatory when dismissing an alert in palo alto networks prisma cloud endpoint url /alert/dismiss/require dismissal note method get output parameter type description status code number http status code of the response reason string response reason phrase requiredismissalnote boolean output field requiredismissalnote output example {"status code" 200,"response headers" {"date" "wed, 10 jul 2024 12 11 19 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,con list account group names retrieve a list of account group names, their ids, and auto creation status from palo alto networks prisma cloud endpoint url /cloud/group/name method get input argument name type required description parameters include auto created boolean optional include account groups that were automatically created during cloud onboarding input example {"parameters" {"include auto created"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "mon, 08 jul 2024 12 56 50 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x ratelimit remaining" "39","x ratelimit requested tokens" "1","x ratelimit burst capacity" "40","x ratelimit replenish rate" "40","tracer id" "e6d3dfc7310e5d8cb9529097fb0ccf7d","x content type options" "nosniff","x xss protection" "0","cache control" "no cache, no store, max age=0, must revalidate","pragma" "no cac list account group names by cloud type retrieve account group ids and names from palo alto networks prisma cloud, filtered by specified cloud type endpoint url /cloud/group/name/{{cloud type}} method get input argument name type required description path parameters cloud type string required cloud type input example {"path parameters" {"cloud type" "aws"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "mon, 08 jul 2024 13 30 19 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x ratelimit remaining" "4","x ratelimit requested tokens" "1","x ratelimit burst capacity" "5","x ratelimit replenish rate" "5","tracer id" "0b2c8db9ce63fd1aa372abf3419c7533","x content type options" "nosniff","x xss protection" "0","cache control" "no cache, no store, max age=0, must revalidate","pragma" "no cache" list account groups retrieve an array of account groups the user has access to within palo alto networks prisma cloud endpoint url /cloud/group method get input argument name type required description parameters excludecloudaccountdetails boolean optional exclude cloud account details input example {"parameters" {"excludecloudaccountdetails"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "mon, 08 jul 2024 09 08 24 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x ratelimit remaining" "39","x ratelimit requested tokens" "1","x ratelimit burst capacity" "40","x ratelimit replenish rate" "40","tracer id" "c43e70f1ed7ee27df8f577f2b78ceb50","x content type options" "nosniff","x xss protection" "0","cache control" "no cache, no store, max age=0, must revalidate","pragma" "no cac list alert counts by policy get retrieve alert counts categorized by policy from palo alto networks prisma cloud, with optional query filters endpoint url /alert/policy method get input argument name type required description parameters alert id string optional alert id parameters alert status string optional alert status parameters cloud account string optional cloud account parameters cloud accountid string optional cloud account id parameters account group string optional account group parameters cloud type string optional cloud type parameters cloud region string optional cloud region parameters cloud service string optional cloud service string parameters policy id string optional policy id parameters policy name string optional policy name parameters policy severity string optional policy severity parameters policy label string optional policy label parameters policy type string optional policy type parameters policy compliancestandard string optional policy compliance standard name parameters policy compliancerequirement string optional policy compliance requirement name parameters policy compliancesection string optional policy compliance section id parameters policy remediable string optional policy is remediable parameters alertrule name string optional alert rule name parameters resource id string optional resource id parameters resource name string optional resource name parameters resource type string optional resource type input example {"parameters" {"alert id" "string","alert status" "open","cloud account" "string","cloud accountid" "string","account group" "string","cloud type" "string","cloud region" "string","cloud service" "string","policy id" "string","policy name" "string","policy severity" "critical","policy label" "string","policy type" "config","policy compliancestandard" "string","policy compliancerequirement" "string","policy compliancesection" "string","policy remediable" "true","alertrule name" "string","resource id" "string","resource name" "string","resource type" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "tue, 09 jul 2024 14 16 44 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x ratelimit remaining" "4","x ratelimit requested tokens" "1","x ratelimit burst capacity" "5","x ratelimit replenish rate" "2","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, opti list alert counts by policy post retrieve alert counts categorized by policy within a specified time range in palo alto networks prisma cloud endpoint url /alert/policy method post input argument name type required description parameters detailed boolean optional return detailed alert data detailed boolean optional detailed fields array optional array of specific fields to return filters array optional filtering parameters filters name string optional name of the resource filters operator string optional parameter for list alert counts by policy post filters value string optional value for the parameter groupby array optional for asset or data inventory only limit number optional maximum number of items to return offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties timerange object optional parameter for list alert counts by policy post timerange relativetimetype string optional direction in which to count time timerange type string optional type of the resource timerange value object required model for relativetimeduration timerange value amount number optional number of time units timerange value unit string optional time unit input example {"parameters" {"detailed"\ false},"json body" {"detailed"\ true,"fields" \["string"],"filters" \[{"name" "string","operator" "=","value" "string"}],"groupby" \["cloud type"],"limit" 0,"offset" 0,"pagetoken" "string","sortby" \["id\ asc","timestamp\ desc"],"timerange" {"relativetimetype" "backward","type" "relative","value" {"amount" 0,"unit" "minute"}}}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "mon, 15 jul 2024 04 53 02 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x ratelimit remaining" "4","x ratelimit requested tokens" "1","x ratelimit burst capacity" "5","x ratelimit replenish rate" "2","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, opti list alert filter autocomplete suggestions retrieve available autocomplete suggestions for an alert filter key in palo alto networks prisma cloud endpoint url /filter/alert/suggest method post input argument name type required description filtername string optional filter name query string optional case insensitive fuzzy search autocomplete filter input example {"json body" {"filtername" "string","query" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase completeparameters array parameters for the list alert filter autocomplete suggestions action completeparameters name string parameters for the list alert filter autocomplete suggestions action completeparameters operator string parameters for the list alert filter autocomplete suggestions action completeparameters value string parameters for the list alert filter autocomplete suggestions action links string output field links needsoffsetupdate boolean date value offset number output field offset queryremainder string output field queryremainder suggestions array output field suggestions translate boolean output field translate valid boolean unique identifier output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"completeparameters" \[{}],"links" "string","needsoffsetupdate"\ true,"offset" 0,"queryremainder" "string","suggestions" \["string"],"translate"\ true,"valid"\ true}} list alert filters retrieve a list of available policy filters from palo alto networks prisma cloud endpoint url /filter/alert/suggest method get output parameter type description status code number http status code of the response reason string response reason phrase policy name object name of the resource policy name options array name of the resource policy name options file name string name of the resource policy name options file string name of the resource policy name staticfilter boolean name of the resource policy type object type of the resource policy type staticfilter boolean type of the resource policy label object output field policy label policy label options array output field policy label options policy label options file name string name of the resource policy label options file string output field policy label options file policy label staticfilter boolean output field policy label staticfilter policy severity object output field policy severity policy severity staticfilter boolean output field policy severity staticfilter alertrule name object name of the resource alertrule name options array name of the resource alertrule name options file name string name of the resource alertrule name options file string name of the resource alertrule name staticfilter boolean name of the resource resource id object unique identifier resource id options array unique identifier resource id options file name string unique identifier resource id options file string unique identifier output example {"status code" 200,"response headers" {"date" "mon, 08 jul 2024 15 20 26 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redloc list alert remediation commands generates a list of specific remediation commands for alerts and policies in palo alto networks prisma cloud, requiring a filter endpoint url /alert/remediation method post input argument name type required description alerts array optional list of alert ids one or more alert ids associated with a single policy are required if no policies are specified filter object optional model for filter filter detailed boolean optional detailed filter fields array optional array of specific fields to return filter filters array optional filtering parameters filter filters name string optional name filter filters operator string optional operator filter filters value string optional value filter groupby array optional for asset or data inventory only filter limit number optional maximum number of items to return filter offset number optional the number of items to skip before selecting items to return filter pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data filter sortby array optional array of sort properties filter timerange object required parameter for list alert remediation commands filter timerange relativetimetype string optional direction in which to count time filter timerange type string optional type of the resource filter timerange value object required model for relativetimeduration filter timerange value amount number optional number of time units filter timerange value unit string optional time unit policies array optional list of policy ids a single policy id is required if no alerts are specified input example {"json body" {"alerts" \["string"],"filter" {"detailed"\ true,"fields" \["string"],"filters" \[{"name" "string","operator" "=","value" "string"}],"groupby" \["string"],"limit" 0,"offset" 0,"pagetoken" "string","sortby" \["string"],"timerange" {"relativetimetype" "backward","type" "relative","value" {"amount" 0,"unit" "minute"}}},"policies" \["string"]}} output parameter type description status code number http status code of the response reason string response reason phrase alertidvscliscript object unique identifier clidescription string unique identifier cliscript string output field cliscript scriptimpact string output field scriptimpact output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"alertidvscliscript" {},"clidescription" "string","cliscript" "string","scriptimpact" "string"}} list alert rules v2 retrieve all alert rules available to your user role in palo alto networks prisma cloud, excluding open alerts count endpoint url /v2/alert/rule method get input argument name type required description parameters enabled boolean optional process only enabled alert rules input example {"parameters" {"enabled"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "mon, 08 jul 2024 14 08 08 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redloc list alerts v2 get retrieve a paginated list of alerts based on time filters from the prisma cloud platform, requiring timetype, timeamount, and timeunit parameters endpoint url /v2/alert method get input argument name type required description parameters timetype string required time type parameters timeamount string required number of timeunits parameters timeunit string required time unit parameters detailed boolean required return detailed alert data parameters fields string optional array of specific fields to return parameters sortby string optional response object property by which to sort response list parameters limit number optional the maximum number of items that will be returned in one response parameters pagetoken string optional token that identifies the required page of data parameters alert id string optional alert id parameters alert status string optional alert status parameters cloud account string optional cloud account parameters cloud accountid string optional cloud account id parameters account group string optional account group parameters cloud type string optional cloud type parameters cloud region string optional cloud region parameters cloud service string optional cloud service parameters policy id string optional policy id parameters policy name string optional policy name parameters policy severity string optional policy severity parameters policy label string optional policy label parameters policy type string optional policy type parameters policy compliancestandard string optional policy compliance standard name parameters policy compliancerequirement string optional policy compliance requirement name parameters policy compliancesection string optional policy compliance section id parameters policy remediable string optional policy is remediable input example {"parameters" {"timetype" "relative","timeamount" "5","timeunit" "minute","detailed"\ true,"fields" "alert id","sortby" "sortby=id\ desc\&sortby=firstseen\ asc,lastseen\ desc","limit" 10000,"pagetoken" "","alert id" "","alert status" "open","cloud account" "","cloud accountid" "","account group" "","cloud type" "","cloud region" "","cloud service" "","policy id" "","policy name" "","policy severity" "critical","policy label" "","policy type" "config","policy compliancestandard" "","policy compliancerequirement" "","policy compliancesection" "","policy remediable" "true","alertrule name" "","resource id" "","resource name" "","resource type" ""}} output parameter type description status code number http status code of the response reason string response reason phrase dynamiccolumns array output field dynamiccolumns infomsg string output field infomsg items array output field items items alertadditionalinfo object output field items alertadditionalinfo items alertattribution object output field items alertattribution items alertcount number count value items alertrules array output field items alertrules items alertrules file name string name of the resource items alertrules file string output field items alertrules file items alerttime number time value items appmetadata array response data items connectiondetails array output field items connectiondetails items connectiondetails file name string name of the resource items connectiondetails file string output field items connectiondetails file items dismissalduration string output field items dismissalduration items dismissalnote string output field items dismissalnote items dismissaluntilts number output field items dismissaluntilts items dismissedby string output field items dismissedby items eventoccurred number output field items eventoccurred items firstseen number output field items firstseen items history array output field items history items history file name string name of the resource items history file string output field items history file output example {"status code" 200,"response headers" {"date" "mon, 15 jul 2024 04 32 38 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x ratelimit remaining" "9","x ratelimit requested tokens" "1","x ratelimit burst capacity" "10","x ratelimit replenish rate" "3","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, opt list alerts v2 post retrieve a paginated list of prisma cloud alerts within a specified time range requires 'timerange' in the json body endpoint url /v2/alert method post input argument name type required description parameters detailed boolean optional return detailed alert data detailed boolean optional detailed fields array optional array of specific fields to return filters array optional filtering parameters filters name string optional name of the resource filters operator string optional parameter for list alerts v2 post filters value string optional value for the parameter groupby array optional for asset or data inventory only limit number optional maximum number of items to return offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties timerange object optional parameter for list alerts v2 post timerange relativetimetype string optional direction in which to count time timerange type string optional type of the resource timerange value object required model for relativetimeduration timerange value amount number optional number of time units timerange value unit string optional time unit input example {"parameters" {"detailed"\ false},"json body" {"detailed"\ true,"fields" \["string"],"filters" \[{"name" "string","operator" "=","value" "string"}],"groupby" \["cloud type"],"limit" 0,"offset" 0,"pagetoken" "string","sortby" \["id\ asc","timestamp\ desc"],"timerange" {"relativetimetype" "backward","type" "relative","value" {"amount" 0,"unit" "minute"}}}} output parameter type description status code number http status code of the response reason string response reason phrase dynamiccolumns array output field dynamiccolumns infomsg string output field infomsg items array output field items items alertadditionalinfo object output field items alertadditionalinfo items alertattribution object output field items alertattribution items alertattribution attributioneventlist array output field items alertattribution attributioneventlist items alertattribution attributioneventlist file name string name of the resource items alertattribution attributioneventlist file string output field items alertattribution attributioneventlist file items alertattribution resourcecreatedby string output field items alertattribution resourcecreatedby items alertattribution resourcecreatedon number output field items alertattribution resourcecreatedon items alertcount number count value items alertrules array output field items alertrules items alertrules file name string name of the resource items alertrules file string output field items alertrules file items alerttime number time value items appmetadata array response data items connectiondetails array output field items connectiondetails items connectiondetails file name string name of the resource items connectiondetails file string output field items connectiondetails file items dismissalduration string output field items dismissalduration items dismissalnote string output field items dismissalnote items dismissaluntilts number output field items dismissaluntilts items dismissedby string output field items dismissedby output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"dynamiccolumns" \["string"],"infomsg" "string","items" \[{}],"nextpagetoken" "string","sortallowedcolumns" \["string"],"totalrows" 0}} list inventory dashboard filter retrieve autocomplete suggestions for inventory dashboard filters in palo alto networks prisma cloud, requiring a 'filtername' endpoint url /filter/v2/inventory/suggest method post input argument name type required description filtername string optional filter name query string optional case insensitive fuzzy search autocomplete filter includes only items that contain the query as a substring input example {"json body" {"filtername" "cloud service","query" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase valid boolean unique identifier offset number output field offset suggestions array output field suggestions translate boolean output field translate needsoffsetupdate boolean date value queryremainder string output field queryremainder completeparameters array parameters for the list inventory dashboard filter action completeparameters file name string parameters for the list inventory dashboard filter action completeparameters file string parameters for the list inventory dashboard filter action output example {"status code" 200,"response headers" {"date" "fri, 12 jul 2024 05 41 28 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redloc list inventory filters v2 retrieve an object listing supported asset inventory filters with default options in palo alto networks prisma cloud endpoint url /filter/v2/inventory/suggest method get output parameter type description status code number http status code of the response reason string response reason phrase account group object output field account group account group options array output field account group options account group options file name string name of the resource account group options file string output field account group options file account group staticfilter boolean output field account group staticfilter cloud account object count value cloud account options array output field cloud account options cloud account options file name string name of the resource cloud account options file string output field cloud account options file cloud account staticfilter boolean output field cloud account staticfilter cloud region object output field cloud region cloud region options array output field cloud region options cloud region staticfilter boolean output field cloud region staticfilter cloud service object output field cloud service cloud service options array output field cloud service options cloud service options file name string name of the resource cloud service options file string output field cloud service options file cloud service staticfilter boolean output field cloud service staticfilter resource type object type of the resource resource type options array type of the resource resource type options file name string name of the resource resource type options file string type of the resource resource type staticfilter boolean type of the resource output example {"status code" 200,"response headers" {"date" "fri, 12 jul 2024 05 23 03 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redloc list saved asset inventory filters retrieve a list of saved asset inventory filters from palo alto networks prisma cloud endpoint url /filter/inventory method get output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "fri, 12 jul 2024 05 37 46 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redloc list top n assets retrieves the top n assets with the highest alert counts over the last 30 days, filtered by swimlane type and time range endpoint url api/v1/top assets/{{swimlane type}} method post input argument name type required description path parameters swimlane type string required type of the swimlane filters array optional list of filters that can be applied for the api filters name string optional filtertype filters operator string optional only allowed operator for the filter is '=' filters value string optional value for the applied filter timerange object optional parameter for list top n assets timerange type string optional type of time ranges timerange value object optional absolute time containing start and end time maximum time range supported is last 30 days timerange value starttime number optional value for the parameter timerange value endtime number optional value for the parameter limit number optional limit on the number of resources requested supported values >= 1 and <= 10 input example {"json body" {"filters" \[{"name" "account group","operator" "=","value" "test"}],"timerange" {"type" "absolute","value" {"starttime" 0,"endtime" 0}}},"path parameters" {"swimlane type" "misconfigurations"}} output parameter type description status code number http status code of the response reason string response reason phrase value array value for the parameter value externalresourceid string unique identifier value resourcename string name of the resource value cloudname string name of the resource value servicename string name of the resource value accountname string name of the resource value alertcount number value for the parameter value criticalalertcount number value for the parameter value highalertcount number value for the parameter starttime number time value endtime number time value swimlanetype string type of the resource lastscants number output field lastscants output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"value" \[{}],"starttime" 0,"endtime" 0,"swimlanetype" "misconfigurations","lastscants" 0}} list top policies retrieve the top policies with the most alerts from palo alto networks prisma cloud, specifying time range, accounts, and swimlane type endpoint url api/v1/top policies/{{swimlane type}} method post input argument name type required description path parameters swimlane type string required type of the swimlane filters array optional list of filters that can be applied for the api filters name string optional filtertype filters operator string optional only allowed operator for the filter is '=' filters value string optional value for the applied filter timerange object optional parameter for list top policies timerange type string optional type of time ranges timerange value object optional absolute time containing start and end time maximum time range supported is last 30 days timerange value starttime number optional value for the parameter timerange value endtime number optional value for the parameter limit number optional limit on the number of resources requested supported values >= 1 and <= 10 input example {"json body" {"filters" \[{"name" "account group","operator" "=","value" "test"}],"timerange" {"type" "absolute","value" {"starttime" 0,"endtime" 0}}},"path parameters" {"swimlane type" "misconfigurations"}} output parameter type description status code number http status code of the response reason string response reason phrase value array value for the parameter value policyid string unique identifier value policyname string name of the resource value policytype string type of the resource value severity string value for the parameter value alertcount number value for the parameter value policydescription string value for the parameter starttime number time value endtime number time value swimlanetype string type of the resource lastscants number output field lastscants output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"value" \[{}],"starttime" 0,"endtime" 0,"swimlanetype" "misconfigurations","lastscants" 0}} list top vulnerabilities retrieve the top 5 hosts and images with the most vulnerabilities from palo alto networks prisma cloud, filterable by type, time, accounts, and groups endpoint url v1/top vulnerabilities method post input argument name type required description parameters limit number optional parameters for the list top vulnerabilities action parameters type string optional parameters for the list top vulnerabilities action filters array optional list of filters that can be applied for the api filters name string optional filtertype filters operator string optional only allowed operator for the filter is '=' filters value string optional value for the applied filter timerange object optional parameter for list top vulnerabilities timerange type string optional type of time ranges timerange value object optional absolute time containing start and end time maximum time range supported is last 30 days timerange value starttime number optional value for the parameter timerange value endtime number optional value for the parameter input example {"parameters" {"limit" 5,"type" "type"},"json body" {"filters" \[{"name" "account group","operator" "=","value" "test"}],"timerange" {"type" "absolute","value" {"starttime" 0,"endtime" 0}}}} output parameter type description status code number http status code of the response reason string response reason phrase value array value for the parameter value unifiedassetid string unique identifier value resourcename string name of the resource value numcriticalvulnerabilities number value for the parameter value numhighvulnerabilities number value for the parameter value totalvulnerabilities number value for the parameter date string date value ts number output field ts lastscants number output field lastscants output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"value" \[{}],"date" "11 04 2024","ts" 0,"lastscants" 0}} list total alerts based on the severity retrieve a count of prisma cloud alerts by severity over a specified time range, requiring account and group details endpoint url api/v1/summary/{{swimlane type}} method post input argument name type required description path parameters swimlane type string required type of the swimlane filters array optional list of filters that can be applied for the api filters name string optional filtertype filters operator string optional only allowed operator for the filter is '=' filters value string optional value for the applied filter timerange object optional parameter for list total alerts based on the severity timerange type string optional type of time ranges timerange value object optional absolute time containing start and end time maximum time range supported is last 30 days timerange value starttime number optional value for the parameter timerange value endtime number optional value for the parameter input example {"json body" {"filters" \[{"name" "account group","operator" "=","value" "test"}],"timerange" {"type" "absolute","value" {"starttime" 0,"endtime" 0}}},"path parameters" {"swimlane type" "misconfigurations"}} output parameter type description status code number http status code of the response reason string response reason phrase value object value for the parameter value totalcriticalalerts number value for the parameter value totalhighalerts number value for the parameter starttime number time value endtime number time value swimlanetype string type of the resource lastscants number output field lastscants output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"value" {"totalcriticalalerts" 0,"totalhighalerts" 0},"starttime" 0,"endtime" 0,"swimlanetype" "misconfigurations","lastscants" 0}} list total vulnerable images and hosts retrieve a summary of all vulnerable images and hosts within specified time, accounts, and account groups in palo alto networks prisma cloud endpoint url v1/vulnerabilities/summary method post input argument name type required description parameters prismaid string optional parameters for the list total vulnerable images and hosts action filters array optional list of filters that can be applied for the api filters name string optional filtertype filters operator string optional only allowed operator for the filter is '=' filters value string optional value for the applied filter timerange object optional parameter for list total vulnerable images and hosts timerange type string optional type of time ranges timerange value object optional absolute time containing start and end time maximum time range supported is last 30 days timerange value starttime number optional value for the parameter timerange value endtime number optional value for the parameter input example {"parameters" {"prismaid" "807152287759069184"},"json body" {"filters" \[{"name" "account group","operator" "=","value" "test"}],"timerange" {"type" "absolute","value" {"starttime" 0,"endtime" 0}}}} output parameter type description status code number http status code of the response reason string response reason phrase value object value for the parameter value images object value for the parameter value images totalcriticalvulnerabilities number value for the parameter value images totalhighvulnerabilities number value for the parameter value hosts object value for the parameter value hosts totalcriticalvulnerabilities number value for the parameter value hosts totalhighvulnerabilities number value for the parameter value totalbyseverity object value for the parameter value totalbyseverity totalcriticalvulnerabilities number value for the parameter value totalbyseverity totalhighvulnerabilities number value for the parameter date string date value ts number output field ts lastscants number output field lastscants output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"value" {"images" {},"hosts" {},"totalbyseverity" {}},"date" "11 04 2024","ts" 0,"lastscants" 0}} remediate alert remediates a specified alert in palo alto networks prisma cloud when associated with a remediable policy, requiring an alert id endpoint url /alert/remediation/{{id}} method patch input argument name type required description parameters findingid string optional parameters for the remediate alert action path parameters id string required alert id input example {"parameters" {"findingid" "string"},"path parameters" {"id" "cbb0bcc7 7835 4e24 a73d f2ca65c8f8d7"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} reopen alerts reopens dismissed or snoozed alerts in palo alto networks prisma cloud using specified filters and time range endpoint url /alert/reopen method post input argument name type required description alerts array optional alert ids dismissalnote string optional reason for dismissal dismissaltimerange object optional parameter for reopen alerts dismissaltimerange type string required type of the resource dismissaltimerange relativetimetype string optional direction in which to count time dismissaltimerange value object required model for relativetimeduration dismissaltimerange value amount number optional number of time units dismissaltimerange value unit string optional time unit filter object optional model for filter filter detailed boolean optional detailed filter fields array optional array of specific fields to return filter filters array optional filtering parameters filter filters name string optional name filter filters operator string optional operator filter filters value string optional value filter groupby array optional for asset or data inventory only filter limit number optional maximum number of items to return filter offset number optional the number of items to skip before selecting items to return filter pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data filter sortby array optional array of sort properties filter timerange object required parameter for reopen alerts filter timerange relativetimetype string optional direction in which to count time filter timerange type string optional type of the resource filter timerange value object required model for relativetimeduration filter timerange value amount number optional number of time units input example {"json body" {"alerts" \["p 411652775"],"dismissalnote" "string","dismissaltimerange" {"type" "relative","relativetimetype" "backward","value" {"amount" 0,"unit" "minute"}},"filter" {"detailed"\ true,"fields" \["string"],"filters" \[{"name" "string","operator" "=","value" "string"}],"groupby" \["cloud type"],"limit" 0,"offset" 0,"pagetoken" "string","sortby" \["id\ asc","timestamp\ desc"],"timerange" {"relativetimetype" "backward","type" "relative","value" {"amount" 0,"unit" "minute"}}},"policies" \["string"]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} save asset inventory filter saves a specified asset inventory filter in palo alto networks prisma cloud with a defined time range endpoint url /filter/inventory method post input argument name type required description detailed boolean optional detailed fields array optional array of specific fields to return filters array optional filtering parameters filters name string optional name filters operator string optional operator filters value string optional value groupby array optional for asset or data inventory only group returned items by cloud type, cloud service, cloud region, cloud account, and/or resource type limit number optional maximum number of items to return offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties timerange object optional parameter for save asset inventory filter timerange relativetimetype string optional direction in which to count time timerange type string optional type of the resource timerange value object required value for the parameter timerange value amount number optional number of time units timerange value unit string optional time unit input example {"json body" {"detailed"\ true,"fields" \["string"],"filters" \[{"name" "string","operator" "tag\ yaml org,2002\ value =","value" "string"}],"groupby" \["cloud type"],"limit" 0,"offset" 0,"pagetoken" "string","sortby" \["id\ asc","timestamp\ desc"],"timerange" {"relativetimetype" "backward","type" "relative","value" {"amount" 0,"unit" "minute"}}}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} submit alert csv generation job submits a job to generate a downloadable csv file of alerts within the specified time range returns job id and status endpoint url /alert/csv method post input argument name type required description parameters detailed boolean optional return detailed alert data detailed boolean optional detailed fields array optional array of specific fields to return filters array optional filtering parameters filters name string optional name filters operator string optional operator filters value string optional value groupby array optional for asset or data inventory only limit number optional maximum number of items to return offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties timerange object optional parameter for submit alert csv generation job timerange relativetimetype string optional direction in which to count time timerange type string optional type of the resource timerange value object required model for relativetimeduration timerange value amount number optional number of time units timerange value unit string optional time unit input example {"parameters" {"detailed" "true"},"json body" {"detailed"\ true,"fields" \["string"],"filters" \[{"name" "string","operator" "=","value" "string"}],"groupby" \["cloud type"],"limit" 0,"offset" 0,"pagetoken" "string","sortby" \["id\ asc","timestamp\ desc"],"timerange" {"relativetimetype" "backward","type" "relative","value" {"amount" 0,"unit" "minute"}}}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier customerid number unique identifier status string status value createdby string output field createdby createdon number output field createdon statusuri string status value output example {"status code" 200,"response headers" {"date" "thu, 11 jul 2024 04 51 46 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redloc submit job to list alerts submits a job to palo alto networks prisma cloud to generate a list of alerts within a specified time range, providing a job id and status endpoint url /alert/jobs method post input argument name type required description detailed boolean optional detailed fields array optional array of specific fields to return filters array optional filtering parameters filters name string optional name of the resource filters operator string optional parameter for submit job to list alerts filters value string optional value for the parameter groupby array optional for asset or data inventory only limit number optional maximum number of items to return offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties timerange object optional parameter for submit job to list alerts timerange relativetimetype string optional direction in which to count time timerange type string optional type of the resource timerange value object required model for relativetimeduration timerange value amount number optional number of time units timerange value unit string optional time unit input example {"json body" {"detailed"\ true,"fields" \["string"],"filters" \[{"name" "string","operator" "=","value" "string"}],"groupby" \["string"],"limit" 0,"offset" 0,"pagetoken" "string","sortby" \["string"],"timerange" {"relativetimetype" "backward","type" "relative","value" {"amount" 0,"unit" "minute"}}}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier customerid number unique identifier status string status value createdby string output field createdby createdon number output field createdon statusuri string status value output example {"status code" 200,"response headers" {"date" "thu, 11 jul 2024 04 15 19 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redloc submit job to list alerts by policy submits a job to prisma cloud to generate alerts grouped by policy violation, returning job id and status requires a 'timerange' in the json body endpoint url /alert/policy/jobs method post input argument name type required description detailed boolean optional detailed fields array optional array of specific fields to return filters array optional filtering parameters filters name string optional name of the resource filters operator string optional parameter for submit job to list alerts by policy filters value string optional value for the parameter groupby array optional for asset or data inventory only limit number optional maximum number of items to return offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties timerange object optional parameter for submit job to list alerts by policy timerange relativetimetype string optional direction in which to count time timerange type string optional type of the resource timerange value object required model for relativetimeduration timerange value amount number optional number of time units timerange value unit string optional time unit input example {"json body" {"detailed"\ true,"fields" \["string"],"filters" \[{"name" "string","operator" "=","value" "string"}],"groupby" \["cloud type"],"limit" 0,"offset" 0,"pagetoken" "string","sortby" \["id\ asc","timestamp\ desc"],"timerange" {"relativetimetype" "backward","type" "relative","value" {"amount" 0,"unit" "minute"}}}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier customerid number unique identifier status string status value createdby string output field createdby createdon number output field createdon statusuri string status value output example {"status code" 200,"response headers" {"date" "thu, 11 jul 2024 05 42 59 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,con update account group updates an existing account group in palo alto networks prisma cloud using the specified 'id', 'accountids', and 'name' endpoint url /cloud/group/{{id}} method put input argument name type required description path parameters id string required account group id accountids array optional cloud account ids cloudaccountinfos array optional cloud account details of account associated with this account group cloudaccountinfos accountid string optional account id cloudaccountinfos cloudtype string optional cloud type cloudaccountinfos lastmodifiedby string optional last modified by description string optional description name string optional name input example {"json body" {"accountids" \[""],"cloudaccountinfos" \[{"accountid" "string","cloudtype" "aws","lastmodifiedby" "string"}],"description" "string","name" "string"},"path parameters" {"id" "59c8256b 835b 4868 9d3e 0c679a2cf421"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} update dismissal note requirement enforces or waives the requirement for a dismissal note when an alert is dismissed in palo alto networks prisma cloud endpoint url /alert/dismiss/require dismissal note method put input argument name type required description requiredismissalnote boolean optional require dismissal note input example {"json body" {"requiredismissalnote"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 200,"response headers" {"date" "wed, 10 jul 2024 11 52 44 gmt","content length" "0","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ","access control max age" "60","str update saved asset inventory filter updates an existing saved asset inventory filter in palo alto networks prisma cloud with a specific id and time range endpoint url filter/inventory/{{id}} method put input argument name type required description path parameters id string required asset inventory id detailed boolean optional detailed fields array optional array of specific fields to return filters array optional parameter for update saved asset inventory filter filters name string optional name filters value string optional value for the parameter filters operator string optional operator groupby array optional for asset or data inventory only group returned items by cloud type, cloud service, cloud region, cloud account, and/or resource type limit number optional maximum number of items to return when data is paginated, maximum number of items per page the maximum cannot exceed 10,000 offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties append \ asc or \ desc to the key to sort by ascending or descending order respectively timerange object optional parameter for update saved asset inventory filter timerange relativetimetype string optional direction in which to count time timerange type string optional type of the resource timerange value object required value for the parameter timerange value amount number optional number of time units timerange value unit string optional time unit input example {"json body" {"detailed"\ true,"fields" \["cloud type"],"filters" \[{"name" "cloud service","value" "dynamodb","operator" "="}],"groupby" \["cloud type"],"limit" 0,"offset" 0,"pagetoken" "++fwefvsfcasbds23451452","sortby" \["cloud type"],"timerange" {"relativetimetype" "backward","type" "relative","value" {"amount" 0,"unit" "minute"}}},"path parameters" {"id" "aws all dynamodb"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "mon, 08 jul 2024 05 22 32 gmt","content length" "0","connection" "keep alive","access control allow origin" " ","access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ","access control allow methods" "post, put, get, options, delete, patch","access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ","access control max age" "60","str response headers header description example access control allow headers http response header access control allow headers x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 parameters,rl variable file names,rl parameters,content type,x b3 traceid,x b3 spanid,sentry trace access control allow methods http response header access control allow methods post, put, get, options, delete, patch access control allow origin http response header access control allow origin access control expose headers http response header access control expose headers x redlock auth,x redlock request id,x redlock status, x redlock filename,content disposition,x record count access control max age http response header access control max age 60 cache control directives for caching mechanisms no cache, no store, max age=0, must revalidate connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 0 content security policy http response header content security policy default src 'self' content type the media type of the resource application/json;charset=utf 8 date the date and time at which the message was originated mon, 15 jul 2024 03 44 32 gmt expires the date/time after which the response is considered stale 0 pragma http response header pragma no cache referrer policy http response header referrer policy no referrer strict transport security http response header strict transport security max age=31536000 ; includesubdomains tracer id http response header tracer id 99bbf424962ea9c77c99e2f38f646c99 transfer encoding http response header transfer encoding chunked vary http response header vary origin, access control request method, access control request headers, accept encoding, x redlock auth, origin x content type options http response header x content type options nosniff x download options http response header x download options noopen x frame options http response header x frame options deny x permitted cross domain policies http response header x permitted cross domain policies none x ratelimit burst capacity http response header x ratelimit burst capacity 50 x ratelimit remaining the number of requests remaining in the current rate limit window 99 x ratelimit replenish rate http response header x ratelimit replenish rate 2 x ratelimit requested tokens http response header x ratelimit requested tokens 1 x redlock request id http response header x redlock request id e00a76bbb3374d0298991b567fb56248 x redlock status http response header x redlock status \[{"i18nkey" "missing filter target","severity" "error","subject" \ null }] x xss protection http response header x xss protection 0