Palo Alto Networks Prisma Cloud

prisma cloud by palo alto networks the palo alto networks prisma cloud connector enables seamless integration with swimlane turbine, allowing for automated cloud security management and incident response palo alto networks prisma cloud connector provides swimlane turbine users with the ability to integrate their security automation workflows with prisma cloud's comprehensive cloud security platform this integration enables users to manage account groups, retrieve asset inventories, and handle alerts efficiently, thereby enhancing their cloud security posture and response capabilities with this connector, security teams can automate critical tasks, gain better visibility into their cloud environments, and respond to threats with speed and precision prerequisites before integrating palo alto networks prisma cloud with swimlane turbine, ensure you have the following prerequisites access key authentication with the following parameters url endpoint url for prisma cloud api access access key id unique identifier for api access secret key confidential key for api authentication capabilities this connector provides the following capabilities account groups account group info add account group delete account group list account groups list account group names list account group names by cloud type update account group alert rules get alert rule by id list alert rules v2 alerts alert info create on demand notification dismiss alerts download alert csv download alerts list json download policy alerts json get alerts count by status get alert csv job status get alerts list job status get policy alert job status get alert count by policy groups get alert evidence graph get alert count of policies is dismissal note required and so on asset inventory asset inventory view create asset inventory trend view v3 delete saved asset inventory filter get asset inventory trend view v3 get asset inventory view v3 get saved asset inventory filter list inventory dashboard filter autocomplete suggestions v2 list inventory filters v2 list saved asset inventory filters save asset inventory filter update saved asset inventory filter command center list top n assets list top policies list top vulnerabilities list total alerts based on the severity list total vulnerable images and hosts hosts get host scan result iam get cloud identity inventory related assets get existing least privilege access for an asset get iam query v2 get iam query get least privilege access metadata of a resource get least privilege access metadata of an asset get least privilege access suggestion resource get new least privilege access for a resource get new least privilege access for an asset get permission accesses v3 get permission accesses get permissions access next page get permissions next page get permissions role or policy definition v2 and so on vulnerabilities dashboard create remediation request get cve details by id get cve overview v2 get prioritized vulnerabilities v3 get remediation status get top impacting vulnerabilities v2 get vulnerabilities burndown get vulnerabilities by rql get vulnerability impact by stage get vulnerability overview v2 get vulnerable assets by cve get vulnerable assets by rql asset setup to access prisma access key and secret key are required alert info in the response object, field riskdetail is deprecated get resource possible values for input riskfactors as given below \[ critical severity, high severity, medium severity, has fix, remote execution, dos, recent vulnerability,exploit exists, attack complexity low, attack vector network, reachable from the internet, listening ports,container is running as root, no mandatory security profile applied, running as privileged container, package in use ] asset inventory view possible values for input timeunit as given below \[minute, hour, day, week, month, year] possible values for input scan status as given below \[all, passed, failed] the response includes an attribute groupedaggregates , whose content depends on the groupby query parameter the following table shows the attributes that groupedaggregates will include for the specified groupby query parameter groupby groupedaggregates includes not specified cloudtypename cloudtype cloudtypename cloud account accountname cloud region regionname, cloudtypename cloud service servicename, cloudtypename resource type resourcetypename, cloudtypename if you want to specify groupby multiple times, give comma separated list of values by to group response items example cloud type, cloud account, cloud region, cloud service note the asset url for the "get host scan result" action is the path to console when using the time range field in actions, please to refer to the documentation for the various value formats api documentation https //pan dev/prisma cloud/api/cspm/ link for regional urls https //pan dev/prisma cloud/api/cspm/api urls/ configurations prisma cloud asset authenticates using access key id and secret key configuration parameters parameter description type required url a url to the target host string required access key id access key id string required secret key secret key string required customer name customer name string optional prisma id unique prisma identifier string optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions account group info retrieve comprehensive details for a specific account group in palo alto networks prisma cloud using the provided id endpoint url /cloud/group/{{id}} method get input argument name type required description includeaccountinfo boolean optional include cloud account information id string required account group id output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier name string name of the resource description string output field description lastmodifiedby string output field lastmodifiedby lastmodifiedts number output field lastmodifiedts accountids array unique identifier file name string name of the resource file string output field file nononboardedcloudaccountids array unique identifier file name string name of the resource file string output field file autocreated boolean output field autocreated cloudaccountcount number count value childgroupids array unique identifier file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "mon, 15 jul 2024 03 44 32 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "x ratelimit remaining" "99", "x ratelimit requested tokens" "1", "x ratelimit burst capacity" "100", "x ratelimit replenish rate" "100", "tracer id" "99bbf424962ea9c77c99e2f38f646c99", "x content type options" "nosniff", "x xss protection" "0", "cache control" "no cache, no store, max age=0, must revalidate", "pragma" "no cache", "expires" "0", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "ok", "json body" { "id" "59c8256b 835b 4868 9d3e 0c679a2cf421", "name" "serviceaccounts 400397059664", "description" "", "lastmodifiedby" "template\@redlock io", "lastmodifiedts" 1710858119527, "accountids" \[], "nononboardedcloudaccountids" \[], "autocreated" true, "cloudaccountcount" 0, "childgroupids" \[] } } ] add account group create a new account group in palo alto networks prisma cloud using specified account ids and group name endpoint url /cloud/group method post input argument name type required description accountids array required cloud account ids cloudaccountinfos array optional cloud account details of account associated with this account group accountid string optional account id cloudtype string optional cloud type lastmodifiedby string optional last modified by description string optional description name string required name output parameter type description status code number http status code of the response reason string response reason phrase accountids array unique identifier autocreated boolean output field autocreated cloudaccountcount number count value cloudaccountinfos array output field cloudaccountinfos accountid string unique identifier cloudtype string type of the resource lastmodifiedby string output field lastmodifiedby description string output field description id string unique identifier lastmodifiedby string output field lastmodifiedby lastmodifiedts number output field lastmodifiedts name string name of the resource example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "accountids" \[], "autocreated" true, "cloudaccountcount" 0, "cloudaccountinfos" \[], "description" "string", "id" "string", "lastmodifiedby" "string", "lastmodifiedts" 0, "name" "string" } } ] alert info retrieve detailed information about a specific alert by providing its id in palo alto networks prisma cloud endpoint url /alert/{{id}} method get input argument name type required description detailed boolean optional return detailed alert data id string required alert id output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier status string status value firstseen number output field firstseen lastseen number output field lastseen alerttime number time value lastupdated number output field lastupdated savesearchid string unique identifier metadata object response data savesearchid string unique identifier policy object output field policy policyid string unique identifier name string name of the resource policytype string type of the resource systemdefault boolean output field systemdefault description string output field description severity string output field severity compliancemetadata array response data standardname string name of the resource standarddescription string output field standarddescription requirementid string unique identifier requirementname string name of the resource sectionid string unique identifier sectiondescription string output field sectiondescription example \[ { "status code" 200, "response headers" { "date" "mon, 15 jul 2024 05 04 03 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x ratelimit remaining" "9", "x ratelimit requested tokens" "1", "x ratelimit burst capacity" "10", "x ratelimit replenish rate" "6", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff" }, "reason" "ok", "json body" { "id" "p 411652775", "status" "resolved", "reason" "resource deleted", "firstseen" 1718176393636, "lastseen" 1718181825651, "alerttime" 1718176393636, "lastupdated" 1718181825651, "savesearchid" "686bfe66 e197 4f8a 8b1c ecab13692df0", "metadata" {}, "policy" {}, "alertrules" \[], "history" \[], "investigateoptions" {}, "networkanomaly" false } } ] asset inventory view retrieve compliance status for assets in palo alto networks prisma cloud using specified filters endpoint url /v3/inventory method post input argument name type required description detailed boolean optional detailed fields array optional array of specific fields to return filters array required parameter for asset inventory view name string required filter name operator string optional operator value string optional value groupby array optional comma separated list of values by group response items valid values are cloud type, cloud account, cloud region, cloud service, and/or resource type default is cloud type limit number optional maximum number of items to return offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties append \ asc or \ desc to the key to sort by ascending or descending order respectively headers object optional http headers for the request content type string optional type of the resource accept string optional parameter for asset inventory view output parameter type description status code number http status code of the response reason string response reason phrase timestamp number output field timestamp requestedtimestamp number output field requestedtimestamp summary object output field summary timestamp number output field timestamp failedresources number output field failedresources passedresources number output field passedresources totalresources number output field totalresources highseverityfailedresources number output field highseverityfailedresources mediumseverityfailedresources number output field mediumseverityfailedresources lowseverityfailedresources number output field lowseverityfailedresources criticalseverityfailedresources number output field criticalseverityfailedresources informationalseverityfailedresources number output field informationalseverityfailedresources criticalvulnerabilityfailedresources number output field criticalvulnerabilityfailedresources highvulnerabilityfailedresources number output field highvulnerabilityfailedresources mediumvulnerabilityfailedresources number output field mediumvulnerabilityfailedresources lowvulnerabilityfailedresources number output field lowvulnerabilityfailedresources totalvulnerabilityfailedresources number output field totalvulnerabilityfailedresources groupedaggregates array output field groupedaggregates cloudtypename string name of the resource failedresources number output field failedresources passedresources number output field passedresources totalresources number output field totalresources highseverityfailedresources number output field highseverityfailedresources example \[ { "status code" 200, "response headers" { "date" "wed, 12 jun 2024 10 00 18 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "6804446dae514787b3c2b26359d7e6ec" }, "reason" "ok", "json body" { "timestamp" 1718182800000, "requestedtimestamp" 1718186414039, "summary" {}, "groupedaggregates" \[] } } ] create asset inventory trend view v3 generates a trend view of asset inventory pass/fail statistics in palo alto networks prisma cloud, requiring a json body input endpoint url v3/inventory/trend method post input argument name type required description detailed boolean optional detailed fields array optional array of specific fields to return groupby array optional for asset or data inventory only group returned items by cloud type, cloud service, cloud region, cloud account, and/or resource type filters array optional filtering parameters name string optional name value string optional value operator string optional operator limit number optional maximum number of items to return when data is paginated, maximum number of items per page the maximum cannot exceed 10,000 offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties append \ asc or \ desc to the key to sort by ascending or descending order respectively example sort properties are id \ asc and timestamp \ desc output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "mon, 08 jul 2024 09 07 42 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "4bd69685864b41de985ee3036ed32873" }, "reason" "ok", "json body" \[ {} ] } ] create on demand email notification generates an on demand email notification for a specified alert in palo alto networks prisma cloud using alertid and notification configuration endpoint url /alerts/api/v1/notification/ondemand method post input argument name type required description alertid string required id of the alert for which notification needs to be sent ondemandnotificationconfig object required parameter for create on demand email notification id string optional id of the alert for which notification needs to be sent clientid string optional id to identify the category of request for jira, email, slack, it can be cs generatortype string optional for ad hoc notification, its value should be realtime integrationtype string required can be either jira, email or slack templateid string optional jira template id recipients array required list of integration id for jira or email for email or channel for slack etc 0 string optional parameter for create on demand email notification 1 string optional parameter for create on demand email notification 2 string optional parameter for create on demand email notification translation object required parameter for create on demand email notification body string required message body applicable for email and slack details object required its a map of key value pair property name string optional name of the resource attachments array optional this field contains the list of paths to the s3 file from where the attachment needs to be fetched 0 string optional parameter for create on demand email notification 1 string optional parameter for create on demand email notification output parameter type description status code number http status code of the response reason string response reason phrase success number whether the operation was successful failed number output field failed successfulevents array whether the operation was successful recipient object output field recipient generatortype string type of the resource integrationtype string type of the resource id string unique identifier customerid number unique identifier clientid string unique identifier id string unique identifier notificationid string unique identifier failedevents object output field failedevents example \[ { "status code" 201, "response headers" {}, "reason" "ok", "json body" { "success" 1, "failed" 0, "successfulevents" \[], "failedevents" {} } } ] create on demand jira notification generates a jira notification for a specified alert using the provided alertid and ondemandnotificationconfig endpoint url /alerts/api/v1/notification/ondemand method post input argument name type required description alertid string required id of the alert for which notification needs to be sent ondemandnotificationconfig object required parameter for create on demand jira notification id string optional id of the alert for which notification needs to be sent clientid string optional id to identify the category of request for jira, email, slack, it can be cs generatortype string optional for ad hoc notification, its value should be realtime integrationtype string required can be either jira, email or slack templateid string required jira template id recipients array required list of integration id for jira or email for email or channel for slack etc 0 string optional parameter for create on demand jira notification 1 string optional parameter for create on demand jira notification 2 string optional parameter for create on demand jira notification translation object optional parameter for create on demand jira notification body string optional message body applicable for email and slack details object optional its a map of key value pair property name string optional name of the resource attachments array optional this field contains the list of paths to the s3 file from where the attachment needs to be fetched 0 string optional parameter for create on demand jira notification 1 string optional parameter for create on demand jira notification output parameter type description status code number http status code of the response reason string response reason phrase success number whether the operation was successful failed number output field failed successfulevents array whether the operation was successful recipient object output field recipient generatortype string type of the resource integrationtype string type of the resource id string unique identifier customerid number unique identifier clientid string unique identifier metadata object response data jirakey string output field jirakey notificationid string unique identifier failedevents object output field failedevents example \[ { "status code" 201, "response headers" {}, "reason" "ok", "json body" { "success" 1, "failed" 0, "successfulevents" \[], "failedevents" {} } } ] create on demand slack notification create an on demand slack notification for a specific alert in palo alto networks prisma cloud using alertid and notification configuration endpoint url /alerts/api/v1/notification/ondemand method post input argument name type required description alertid string required id of the alert for which notification needs to be sent ondemandnotificationconfig object required parameter for create on demand slack notification id string optional id of the alert for which notification needs to be sent clientid string optional id to identify the category of request for jira, email, slack, it can be cs generatortype string optional for ad hoc notification, its value should be realtime integrationtype string required can be either jira, email or slack templateid string optional jira template id recipients array required list of integration id for jira or email for email or channel for slack etc 0 string optional parameter for create on demand slack notification 1 string optional parameter for create on demand slack notification 2 string optional parameter for create on demand slack notification translation object required parameter for create on demand slack notification body string required message body applicable for email and slack details object required its a map of key value pair property name string optional name of the resource attachments array optional this field contains the list of paths to the s3 file from where the attachment needs to be fetched 0 string optional parameter for create on demand slack notification 1 string optional parameter for create on demand slack notification output parameter type description status code number http status code of the response reason string response reason phrase success number whether the operation was successful failed number output field failed successfulevents array whether the operation was successful recipient object output field recipient generatortype string type of the resource integrationtype string type of the resource id string unique identifier customerid number unique identifier clientid string unique identifier id string unique identifier notificationid string unique identifier failedevents object output field failedevents example \[ { "status code" 201, "response headers" {}, "reason" "ok", "json body" { "success" 1, "failed" 0, "successfulevents" \[], "failedevents" {} } } ] create remediation request initiate remediation for assets in palo alto networks prisma cloud by creating tasks, jira tickets, merge requests, or suppressing vulnerabilities endpoint url uve/api/v1/remediation/vuln create remediation method post input argument name type required description headers object optional http headers for the request template id string optional jira id required only for createtask remediation action assignee string optional jira assignee required only for createtask remediation action cveid string required cve id of the vulnerability prismaid string required prisma id of the customer remediationaction string required create a jira/task, create a pr, or suppress the vulnerability assettype string optional asset type required only for group level remediation assetid array optional asset ids required only for asset level remediation assettype string optional asset type assetid string optional uai id of the asset output parameter type description status code number http status code of the response reason string response reason phrase message string response message details string output field details timestamp number output field timestamp request id string unique identifier example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "message" "accepted", "details" "test", "timestamp" 1701778720128, "request id" "b17d66dd 2f8c 46f0 be1a b3e21ba7990c" } } ] delete account group removes a specified account group from palo alto networks prisma cloud using the unique id provided endpoint url /cloud/group/{{id}} method delete input argument name type required description id string required account group id output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] delete saved asset inventory filter deletes a specified saved asset inventory filter in palo alto networks prisma cloud using the unique id provided endpoint url filter/inventory/{{id}} method delete input argument name type required description id string required asset inventory id output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] dismiss alerts dismiss or snooze alerts on the prisma cloud platform based on specified filters and optional time range endpoint url /alert/dismiss method post input argument name type required description alerts array optional alert ids dismissalnote string optional reason for dismissal dismissaltimerange object optional parameter for dismiss alerts type string required type of the resource relativetimetype string optional direction in which to count time value object required model for relativetimeduration amount number optional number of time units unit string optional time unit filter object required model for filter detailed boolean optional detailed fields array optional array of specific fields to return filters array optional filtering parameters name string optional name operator string optional operator value string optional value groupby array optional for asset or data inventory only limit number optional maximum number of items to return offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties timerange object required parameter for dismiss alerts relativetimetype string optional direction in which to count time type string optional type of the resource value object required model for relativetimeduration amount number optional number of time units output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] download alert csv downloads a csv file containing the alert list generated by prisma cloud for a given job id endpoint url /alert/csv/{{id}}/download method get input argument name type required description id string required job id output parameter type description status code number http status code of the response reason string response reason phrase file object attachment file string output field file file name string name of the resource example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] download alerts list json downloads a json formatted list of alerts for a given job id from palo alto networks prisma cloud endpoint url /alert/jobs/{{id}}/download method get input argument name type required description id string required job id output parameter type description status code number http status code of the response reason string response reason phrase file object attachment file string output field file file name string name of the resource example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] download policy alerts json downloads policy alerts in json format from palo alto networks prisma cloud using a specific job id endpoint url /alert/policy/jobs/{{id}}/download method get input argument name type required description id string required job id output parameter type description status code number http status code of the response reason string response reason phrase file object attachment file string output field file file name string name of the resource example \[ { "status code" 200, "response headers" { "date" "thu, 11 jul 2024 05 54 19 gmt", "content type" "application/json;charset=utf 8", "content length" "22", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "61c1a7a0548540789396d75d1f9b6afc" }, "reason" "ok", "json body" \[] } ] get alert count by policy groups retrieve the count of alerts for policy groups in palo alto networks prisma cloud within a specified time range endpoint url /alert/v1/aggregate method post input argument name type required description filters array optional filter parameters name string optional name of the resource value string optional value for the parameter operator string optional parameter for get alert count by policy groups sortby array optional array of sort properties groupby string optional group by field size number optional maximum number of items to return per page when data is paginated the value cannot exceed 500 nextpagetoken string optional the nextpagetoken value from the previous response object, which is used to get the next page of data timerange object required parameter for get alert count by policy groups time type string optional time type time value object optional value for the parameter field for range string optional field for range type string required type of the resource value object optional value for the parameter starttime number optional time value endtime number optional time value output parameter type description status code number http status code of the response reason string response reason phrase groups array output field groups group string output field group totalalerts number output field totalalerts totalpolicies number output field totalpolicies criticalalertcount number count value highalertcount number count value mediumalertcount number count value lowalertcount number count value informationalalertcount number count value buildpolicycount number count value runpolicycount number count value findingtypes array type of the resource cloudtypes array type of the resource policyids array unique identifier groupby string output field groupby countdetails object output field countdetails totalalerts number output field totalalerts totalpolicies number output field totalpolicies nextpagetoken string output field nextpagetoken example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "groups" \[], "groupby" "string", "countdetails" {}, "nextpagetoken" "string" } } ] get alert count of policies retrieve a count of alerts per policy from palo alto networks prisma cloud within a specified time range endpoint url /alert/v1/policy method post input argument name type required description filters array optional filter parameters name string optional name of the resource value string optional value for the parameter operator string optional parameter for get alert count of policies sortby array optional array of sort properties groupby string optional group by field size number optional maximum number of items to return per page when data is paginated the value cannot exceed 500 nextpagetoken string optional the nextpagetoken value from the previous response object, which is used to get the next page of data timerange object required parameter for get alert count of policies time type string optional time type time value object optional value for the parameter field for range string optional field for range type string required type of the resource value object optional value for the parameter starttime number optional time value endtime number optional time value output parameter type description status code number http status code of the response reason string response reason phrase policies array output field policies alertcount number count value policyid string unique identifier policyname string name of the resource policytype string type of the resource severity string output field severity policylabels array output field policylabels compliancemetadata array response data standardname string name of the resource standarddescription string output field standarddescription requirementid string unique identifier requirementname string name of the resource requirementdescription string output field requirementdescription sectionid string unique identifier sectiondescription string output field sectiondescription policyid string unique identifier complianceid string unique identifier sectionlabel string output field sectionlabel sectionvieworder number output field sectionvieworder requirementvieworder number output field requirementvieworder systemdefault boolean output field systemdefault policyname string name of the resource customassigned boolean output field customassigned example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "policies" \[], "countdetails" {}, "nextpagetoken" "string" } } ] get alert csv job status retrieve the current status of a csv generation job for alerts in palo alto networks prisma cloud using the specified job id endpoint url /alert/csv/{{id}}/status method get input argument name type required description id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier customerid number unique identifier status string status value createdby string output field createdby createdon number output field createdon lastmodified number output field lastmodified statusuri string status value example \[ { "status code" 200, "response headers" { "date" "thu, 11 jul 2024 05 22 33 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "1ee4c1e560c346808adeaf13147bb83c" }, "reason" "ok", "json body" { "id" "937771fea1964b3ab1c768dc62ef6789", "customerid" 87, "status" "failed", "createdby" "prisma swimlane integration", "createdon" 1720673503890, "lastmodified" 1720673506352, "statusuri" "/alert/csv/937771fea1964b3ab1c768dc62ef6789/status" } } ] get alert evidence graph retrieve the alert evidence graph in json format for a specific alert id from palo alto networks prisma cloud endpoint url /alert/v1/{{id}}/graph method get input argument name type required description id string required the alert id of the evidence graph output parameter type description status code number http status code of the response reason string response reason phrase graphs array output field graphs graph object output field graph nodes object output field nodes edges array output field edges id string unique identifier source string output field source target string output field target metadata object response data severity string output field severity nextpagetoken string output field nextpagetoken example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "graphs" \[], "nextpagetoken" "string" } } ] get alert rule by id retrieve details for a specific alert rule in palo alto networks prisma cloud using the provided id endpoint url /alert/rule/{{id}} method get input argument name type required description id string required alert rule id output parameter type description status code number http status code of the response reason string response reason phrase policyscanconfigid string unique identifier name string name of the resource description string output field description enabled boolean output field enabled scanall boolean output field scanall policies array output field policies policylabels array output field policylabels file name string name of the resource file string output field file excludedpolicies array output field excludedpolicies file name string name of the resource file string output field file target object output field target accountgroups array output field accountgroups excludedaccounts array output field excludedaccounts file name string name of the resource file string output field file regions array output field regions file name string name of the resource file string output field file tags array output field tags file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "mon, 08 jul 2024 14 34 26 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "3885166374544f50860ddb7655f84328" }, "reason" "ok", "json body" { "policyscanconfigid" "01bf3f5b 3f5f 483b 8015 7be30cf280a6", "name" "cloudops\ gwlive access keys", "description" "all current access keys alerts for cloudops\ gwlive", "enabled" true, "scanall" false, "policies" \[], "policylabels" \[], "excludedpolicies" \[], "target" {}, "createdon" 1610101778935, "createdby" "skavanagh\@guidewire com", "lastmodifiedon" 1610101888366, "lastmodifiedby" "skavanagh\@guidewire com", "deleted" false, "alertrulenotificationconfig" \[] } } ] get alerts count by status retrieve the count of palo alto networks prisma cloud alerts filtered by a specific status endpoint url /alert/count/{{status}} method get input argument name type required description status string required alert status output parameter type description status code number http status code of the response reason string response reason phrase count number count value example \[ { "status code" 200, "response headers" { "date" "wed, 10 jul 2024 12 46 53 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x ratelimit remaining" "9", "x ratelimit requested tokens" "1", "x ratelimit burst capacity" "10", "x ratelimit replenish rate" "3", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff" }, "reason" "ok", "json body" { "count" 3475643 } } ] get alerts list job status retrieve the current status of a specific alerts list job in palo alto networks prisma cloud using the job id endpoint url /alert/jobs/{{id}}/status method get input argument name type required description id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier customerid number unique identifier status string status value createdby string output field createdby createdon number output field createdon lastmodified number output field lastmodified statusuri string status value example \[ { "status code" 200, "response headers" { "date" "thu, 11 jul 2024 04 00 32 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "db4e41a096524ee49fbe2b30e0696838" }, "reason" "ok", "json body" { "id" "a5bb74f1876d43bd971369d3349fcc07", "customerid" 87, "status" "failed", "createdby" "prisma swimlane integration", "createdon" 1720669119776, "lastmodified" 1720669119781, "statusuri" "/alert/jobs/a5bb74f1876d43bd971369d3349fcc07/status" } } ] get asset inventory trend view v3 retrieve pass/fail trends of asset inventory from palo alto networks prisma cloud, based on specified parameters endpoint url v3/inventory/trend method get input argument name type required description cloud account string optional cloud account account group string optional account group cloud type string optional cloud type cloud region string optional cloud region cloud service string optional cloud service resource type string optional resource type groupby string optional comma separated list of values by to group response items valid values are cloud type, cloud account, cloud region, cloud service, and/or resource type default is cloud type scan status string optional whether or not the resources passed or failed the scan all includes both scanned and unscanned resources policy compliancestandard string optional policy compliance standard name policy compliancerequirement string optional policy compliance requirement name asset severity string optional policy severity vulnerability severity string optional vulnerability severity output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" \[] } ] get asset inventory view v3 retrieve pass/fail compliance data for assets within palo alto networks prisma cloud using specified parameters endpoint url v3/inventory method get input argument name type required description cloud account string optional cloud account account group string optional account group cloud type string optional cloud type cloud region string optional cloud region cloud service string optional cloud service resource type string optional resource type groupby string optional comma separated list of values by to group response items valid values are cloud type, cloud account, cloud region, cloud service, and/or resource type default is cloud type scan status string optional whether or not the resources passed or failed the scan all includes both scanned and unscanned resources policy compliancestandard string optional policy compliance standard name policy compliancerequirement string optional policy compliance requirement name asset severity string optional policy severity vulnerability severity string optional vulnerability severity output parameter type description status code number http status code of the response reason string response reason phrase timestamp number output field timestamp requestedtimestamp number output field requestedtimestamp summary object output field summary timestamp number output field timestamp failedresources number output field failedresources passedresources number output field passedresources totalresources number output field totalresources highseverityfailedresources number output field highseverityfailedresources mediumseverityfailedresources number output field mediumseverityfailedresources lowseverityfailedresources number output field lowseverityfailedresources criticalseverityfailedresources number output field criticalseverityfailedresources informationalseverityfailedresources number output field informationalseverityfailedresources criticalvulnerabilityfailedresources number output field criticalvulnerabilityfailedresources highvulnerabilityfailedresources number output field highvulnerabilityfailedresources mediumvulnerabilityfailedresources number output field mediumvulnerabilityfailedresources lowvulnerabilityfailedresources number output field lowvulnerabilityfailedresources totalvulnerabilityfailedresources number output field totalvulnerabilityfailedresources groupedaggregates array output field groupedaggregates cloudtypename string name of the resource failedresources number output field failedresources passedresources number output field passedresources totalresources number output field totalresources highseverityfailedresources number output field highseverityfailedresources example \[ { "status code" 200, "response headers" { "date" "mon, 08 jul 2024 06 36 25 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "30ea6d6aa82d4cf69c744511eec1c277" }, "reason" "ok", "json body" { "timestamp" 1720418400000, "requestedtimestamp" 1720420581677, "summary" {}, "groupedaggregates" \[] } } ] get cloud identity inventory related assets retrieve assets associated with a specific cloud identity inventory resource by using the provided asset id endpoint url iam/api/v1/asset/{{asset id}}/related asset method post input argument name type required description asset id string required the asset uai where you want to find it related assets limit number optional query client records limit, return max(0, min(client limit, service limit)) relationshiptype string optional relationship type lastaccessfromtime number optional last accessed from epoch (epoch) lastaccesstotime number optional last accessed to epoch (epoch) nextpagetoken string optional page token output parameter type description status code number http status code of the response reason string response reason phrase items array output field items targetassetid string unique identifier targetcloudresourceid string unique identifier targetdisplayname string name of the resource targetresourcetype string type of the resource lastaccessdate string date value lastaccessstatus string status value grantedbyleveltype string type of the resource nextpagetoken string output field nextpagetoken totalrows number output field totalrows example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "items" \[], "nextpagetoken" "iam/api/{apiversion}/{apipath}?page token=q74589g444gg", "totalrows" 1243 } } ] get cve details by id retrieve detailed cve information and impacted assets from palo alto networks prisma cloud in gzip csv format, requiring a specific cveid endpoint url uve/api/v1/vulnerabilities/download method post input argument name type required description cveid string required cve id riskfactors array optional list of risk factors assettype string optional asset type output parameter type description status code number http status code of the response reason string response reason phrase file object attachment file string output field file file name string name of the resource example \[ { "status code" 200, "response headers" {}, "reason" "ok", "file" {} } ] get cve overview v2 retrieve detailed information for a given cve id, including epss, cvss scores, and exploits from palo alto networks prisma cloud endpoint url uve/api/v1/cve overview method get input argument name type required description cve id string required cve id output parameter type description status code number http status code of the response reason string response reason phrase cveid string unique identifier cvss number output field cvss lifecycle array output field lifecycle riskfactors array output field riskfactors severity string output field severity impacteddistroslist array output field impacteddistroslist distro string output field distro impactcount number count value highestcvss number output field highestcvss highestseverity string output field highestseverity firstpublisheddate number date value lastmodifieddate number date value distrodetailslist array output field distrodetailslist cvss number output field cvss packagename string name of the resource release string output field release severity string output field severity affectedversion string output field affectedversion fixedtime number time value publisheddate number date value modifieddate number date value impactedassetscount number count value impactedassetsruntimecount number count value example \[ { "status code" 200, "response headers" { "date" "sat, 13 jul 2024 15 55 35 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x content type options" "nosniff", "x xss protection" "1; mode=block", "cache control" "no cache, no store, max age=0, must revalidate", "pragma" "no cache", "expires" "0", "strict transport security" "max age=31536000 ; includesubdomains", "x frame options" "deny", "vary" "origin, access control request method, access control request headers, x redlock ", "referrer policy" "no referrer", "content security policy" "default src 'self' https ; font src 'self' https data ; img src 'self' https d ", "x download options" "noopen" }, "reason" "ok", "json body" { "cveid" "cve 2021 44228", "cvss" 10, "lifecycle" \[], "riskfactors" \[], "severity" "critical", "impacteddistroslist" \[], "impactedassetscount" 521, "impactedassetsruntimecount" 62, "description" "apache log4j2 2 0 beta9 through 2 15 0 (excluding security releases 2 12 2, 2 12 ", "firstseen" 1696066758, "lastseen" 1720885617, "packagetype" \[], "impactedpackages" \[], "cvssdetails" {}, "environmentfactors" {} } } ] get existing least privilege access for an asset suggests the minimal policies/roles for an asset in prisma cloud, considering actions from the past specified days endpoint url iam/api/v1/assets/{{asset id}}/existing least privileged access method get input argument name type required description asset id string required the uai asset id output format string required output format type output format type lookback duration days number required amount of days to look back for used actions output parameter type description status code number http status code of the response reason string response reason phrase nextpagetoken string output field nextpagetoken permissionsinassetcount number count value permissionsinleastprivilegedcount number count value analysis array output field analysis action string output field action configurationname string name of the resource keep boolean output field keep value array value for the parameter iamresourcename string name of the resource iamresourceid string unique identifier iamresourcetype string type of the resource formattype string type of the resource snippet string output field snippet example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "nextpagetoken" "++fdfkjsdlfsdfdfdsfdfsdfdfdssfdfds", "permissionsinassetcount" 10, "permissionsinleastprivilegedcount" 10, "analysis" \[], "value" \[] } } ] get host scan results retrieve detailed vulnerability scan reports for specific hosts from palo alto networks prisma cloud endpoint url /api/v32 06/hosts method get input argument name type required description offset number optional offsets the result to a specific report count offset starts from 0 limit number optional limit is the amount to fix sort string optional sorts the result using a key reverse boolean optional sorts the result in reverse order hostname array optional filters the result based on hostnames distro array optional filters the result based on os distribution names compact boolean optional provides the minimal image data information about vulnerabilities, compliance, and extended image metadata are skipped clusters array optional filters the result based on cluster names complianceids array optional filters the result based on compliance ids file name string required name of the resource file string required parameter for get host scan results compliancerulename string optional filters the result based on applied compliance rule name agentless boolean optional retrieves the host names that were scanned by the agentless scanner csa boolean optional filters only images scanned by csa stopped boolean optional retrieves the host names that were skipped during an agentless scan normalizedseverity boolean optional retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level uaiid string optional filters results by uaiid issuetype array optional filters results by issue type output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" \[ {} ] } ] get iam query retrieve the iam query for a given alert id from palo alto networks prisma cloud, requiring an 'alertid' parameter endpoint url api/v1/permission/alert/search method get input argument name type required description alertid string required alert id output parameter type description status code number http status code of the response reason string response reason phrase data array response data query string output field query timerange object output field timerange type string type of the resource value string value for the parameter example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "data" \[], "query" "query 1", "timerange" {} } } ] get iam query v2 retrieves the iam query for a given alert using the specified alert id in palo alto networks prisma cloud endpoint url iam/api/v2/alert/{{alert id}}/query method get input argument name type required description alert id string required the alert id output parameter type description status code number http status code of the response reason string response reason phrase timerange string output field timerange query string output field query example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "timerange" "{''type' 'relative', 'value' {'unit' 'day', 'amount' 7} }", "query" "config from iam where source cloud type = 'aws'" } } ] get least privilege access metadata of a resource retrieve metadata for optimizing resource access based on least privilege principles in palo alto networks prisma cloud, requiring a resource id endpoint url iam/api/v1/resources/{{resource id}}/over permissive metadata method get input argument name type required description resource id string required the resource id output parameter type description status code number http status code of the response reason string response reason phrase nextpagetoken string output field nextpagetoken permissionsinassetcount number count value permissionsinleastprivilegedcount number count value analysis array output field analysis action string output field action configurationname string name of the resource keep boolean output field keep value array value for the parameter iamresourcename string name of the resource iamresourceid string unique identifier iamresourcetype string type of the resource formattype string type of the resource snippet string output field snippet example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "nextpagetoken" "++fdfkjsdlfsdfdfdsfdfsdfdfdssfdfds", "permissionsinassetcount" 10, "permissionsinleastprivilegedcount" 10, "analysis" \[], "value" \[] } } ] get least privilege access metadata of an asset retrieve metadata and suggestions for enhancing an asset's least privilege access in prisma cloud using the provided asset id endpoint url iam/api/v1/assets/{{asset id}}/over permissive metadata method get input argument name type required description asset id string required the uai asset id output parameter type description status code number http status code of the response reason string response reason phrase totaliamresourcecount number count value overpermissivecount number count value iscustomleastprivilegedsupported boolean output field iscustomleastprivilegedsupported isexistingleastprivilegedsupported boolean output field isexistingleastprivilegedsupported iamresourcetype string type of the resource example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "totaliamresourcecount" 15, "overpermissivecount" 10, "iscustomleastprivilegedsupported" true, "isexistingleastprivilegedsupported" true, "iamresourcetype" "aws iam policy" } } ] get least privilege access suggestion resource generates least privilege access suggestions for a resource in palo alto networks prisma cloud, based on iam configurations and activity from the specified lookback duration endpoint url iam/api/v1/resources/{{resource id}}/existing least privileged access method get input argument name type required description output format string required output format type output format type lookback duration days number required amount of days to look back for used actions resource id string required the resource id output parameter type description status code number http status code of the response reason string response reason phrase nextpagetoken string output field nextpagetoken permissionsinassetcount number count value permissionsinleastprivilegedcount number count value analysis array output field analysis action string output field action configurationname string name of the resource keep boolean output field keep value array value for the parameter iamresourcename string name of the resource iamresourceid string unique identifier iamresourcetype string type of the resource formattype string type of the resource snippet string output field snippet example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "nextpagetoken" "++fdfkjsdlfsdfdfdsfdfsdfdfdssfdfds", "permissionsinassetcount" 10, "permissionsinleastprivilegedcount" 10, "analysis" \[], "value" \[] } } ] get new least privilege access for a resource generates a custom least privileged access configuration for a resource in palo alto networks prisma cloud based on past actions within a specified lookback period endpoint url iam/api/v1/resources/{{resource id}}/custom least privileged access method get input argument name type required description output format string required output format type output format type lookback duration days number required amount of days to look back for used actions resource id string required the resource id output parameter type description status code number http status code of the response reason string response reason phrase nextpagetoken string output field nextpagetoken permissionsinassetcount number count value permissionsinleastprivilegedcount number count value analysis array output field analysis action string output field action configurationname string name of the resource keep boolean output field keep value array value for the parameter formattype string type of the resource snippet string output field snippet example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "nextpagetoken" "++fdfkjsdlfsdfdfdsfdfsdfdfdssfdfds", "permissionsinassetcount" 10, "permissionsinleastprivilegedcount" 10, "analysis" \[], "value" \[] } } ] get new least privilege access for an asset generates a least privileged access configuration for a specified asset in palo alto networks prisma cloud, considering the last x days of activity to optimize policy and role usage endpoint url iam/api/v1/assets/{{asset id}}/custom least privileged access method get input argument name type required description asset id string required the uai asset id output format string required output format type output format type lookback duration days number required amount of days to look back for used actions output parameter type description status code number http status code of the response reason string response reason phrase nextpagetoken string output field nextpagetoken permissionsinassetcount number count value permissionsinleastprivilegedcount number count value analysis array output field analysis action string output field action configurationname string name of the resource keep boolean output field keep value array value for the parameter formattype string type of the resource snippet string output field snippet example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "nextpagetoken" "++fdfkjsdlfsdfdfdsfdfsdfdfdssfdfds", "permissionsinassetcount" 10, "permissionsinleastprivilegedcount" 10, "analysis" \[], "value" \[] } } ] get permission accesses retrieve usage data for a specific permission in palo alto networks prisma cloud, including last access details and requires permissionid and query endpoint url api/v1/permission/access method post input argument name type required description limit number optional maximun number of items to return for the given query permissionid string required permission id query string required query string output parameter type description status code number http status code of the response reason string response reason phrase data object response data items array output field items destcloudresourcename string name of the resource lastaccessdate string date value nextpagetoken string output field nextpagetoken totalrows number output field totalrows example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "data" {} } } ] get permission accesses v3 retrieve a paginated list of the last accesses for a specific permission in palo alto networks prisma cloud, including a token for subsequent pages endpoint url iam/api/v3/permission/{{permission id}}/list access method post input argument name type required description permission id string required the permission id can be retrieved from search/permission api limit number optional query records limit query string required query string nextpagetoken string optional page token output parameter type description status code number http status code of the response reason string response reason phrase data object response data items array output field items destcloudresourcename string name of the resource lastaccessdate string date value destcloudregion string output field destcloudregion destcloudaccount string count value nextpagetoken string output field nextpagetoken totalrows number output field totalrows example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "data" {} } } ] get permissions obtain iam permissions from palo alto networks prisma cloud using query parameters with a defined result limit endpoint url api/v1/permission method post input argument name type required description id string optional request user id limit number required maximun number of items to return for the given query query string required iam rql query output parameter type description status code number http status code of the response reason string response reason phrase data object response data items array output field items accessedresourcescount number count value destcloudaccount string count value destcloudregion string output field destcloudregion destcloudresourcerrn string output field destcloudresourcerrn destcloudservicename string name of the resource destcloudtype string type of the resource destresourceid string unique identifier destresourcename string name of the resource destresourcetype string type of the resource effectiveactionname string name of the resource exceptions array output field exceptions messagecode string response message grantedbycloudentityid string unique identifier grantedbycloudentityname string name of the resource grantedbycloudentityrrn string output field grantedbycloudentityrrn grantedbycloudentitytype string type of the resource grantedbycloudpolicyid string unique identifier grantedbycloudpolicyname string name of the resource grantedbycloudpolicyrrn string output field grantedbycloudpolicyrrn grantedbycloudpolicytype string type of the resource grantedbycloudtype string type of the resource example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "data" {}, "description" "string", "id" "12345678 1234 1234 1234 123456789abc", "name" "example name", "query" "string", "saved" true, "searchtype" "string", "timerange" {} } } ] get permissions access next page retrieve the next page of permissions data from palo alto networks prisma cloud using a pagetoken endpoint url api/v1/permission/access/page method post input argument name type required description limit number optional maximun number of items to return for the given query pagetoken string optional page token output parameter type description status code number http status code of the response reason string response reason phrase items array output field items destcloudresourcename string name of the resource lastaccessdate string date value nextpagetoken string output field nextpagetoken totalrows number output field totalrows example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "items" \[], "nextpagetoken" "++fdfkjsdlfsdfdfdsfdfsdfdfdssfdfds", "totalrows" 1243 } } ] get permissions next page retrieve the next page of permissions from palo alto networks prisma cloud with a given pagetoken endpoint url api/v1/permission/page method post input argument name type required description limit number optional maximun number of items to return pagetoken string optional page token from the response object of an earlier request to get permissions output parameter type description status code number http status code of the response reason string response reason phrase items array output field items accessedresourcescount number count value destcloudaccount string count value destcloudregion string output field destcloudregion destcloudresourcerrn string output field destcloudresourcerrn destcloudservicename string name of the resource destcloudtype string type of the resource destresourceid string unique identifier destresourcename string name of the resource destresourcetype string type of the resource effectiveactionname string name of the resource exceptions array output field exceptions messagecode string response message grantedbycloudentityid string unique identifier grantedbycloudentityname string name of the resource grantedbycloudentityrrn string output field grantedbycloudentityrrn grantedbycloudentitytype string type of the resource grantedbycloudpolicyid string unique identifier grantedbycloudpolicyname string name of the resource grantedbycloudpolicyrrn string output field grantedbycloudpolicyrrn grantedbycloudpolicytype string type of the resource grantedbycloudtype string type of the resource id string unique identifier example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "items" \[], "nextpagetoken" "string", "searcheddestcloudresourcenames" \[], "totalrows" 123 } } ] get permissions role or policy definition v2 retrieve configuration details for a specific permission id in palo alto networks prisma cloud endpoint url iam/api/v2/search/iam config method post input argument name type required description permissionid string required permissionid to get the raw config for can be obtain form calling search/permission api output parameter type description status code number http status code of the response reason string response reason phrase raw string output field raw example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "raw" "test raw" } } ] get permissions v4 retrieves permissions grouped by fields and provides a page token for subsequent queries in palo alto networks prisma cloud requires a 'query' json body input endpoint url iam/api/v4/search/permission method post input argument name type required description limit number optional query records limit query string required rql query searchid string optional saved search id nextpagetoken string optional page token groupbyfields array optional fields to group results by empty or missing array is considered the same as an array with all possible fields output parameter type description status code number http status code of the response reason string response reason phrase data object response data items array output field items id string unique identifier sourcepublic boolean output field sourcepublic sourcecloudtype string type of the resource sourcecloudaccount string count value sourcecloudregion string output field sourcecloudregion sourcecloudservicename string name of the resource sourceresourcename string name of the resource sourceresourcetype string type of the resource sourceresourceid string unique identifier sourcecloudresourceuai string output field sourcecloudresourceuai sourceidpservice string unique identifier sourceidpdomain string unique identifier sourceidpemail string unique identifier sourceidpuserid string unique identifier sourceidpusername string unique identifier sourceidpgroup string unique identifier sourceidpuai string unique identifier destcloudtype string type of the resource destcloudaccount string count value destcloudregion string output field destcloudregion destcloudservicename string name of the resource example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "data" {}, "query" "string", "id" "12345678 1234 1234 1234 123456789abc", "saved" true, "name" "example name", "timerange" "string", "searchtype" "string", "description" "string", "cloudtype" "string" } } ] get policy alert job status retrieves the current status of a policy alert job in palo alto networks prisma cloud using the provided job id endpoint url /alert/policy/jobs/{{id}}/status method get input argument name type required description id string required job id output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier customerid number unique identifier status string status value createdby string output field createdby createdon number output field createdon lastmodified number output field lastmodified timetaken number output field timetaken recordcount number count value statusuri string status value downloaduri string output field downloaduri example \[ { "status code" 200, "response headers" { "date" "thu, 11 jul 2024 05 48 19 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "32d8a57251724844a6099b92155d816c" }, "reason" "ok", "json body" { "id" "b70ac365a19446a59da964785d03142d", "customerid" 87, "status" "ready to download", "createdby" "prisma swimlane integration", "createdon" 1720676579637, "lastmodified" 1720676581158, "timetaken" 1521, "recordcount" 0, "statusuri" "/alert/policy/jobs/b70ac365a19446a59da964785d03142d/status", "downloaduri" "/alert/policy/jobs/b70ac365a19446a59da964785d03142d/download" } } ] get prioritized vulnerabilities v3 retrieve top priority vulnerabilities from palo alto networks prisma cloud, categorized by urgency and exploitability, including asset impact endpoint url uve/api/v3/dashboard/vulnerabilities/prioritised method get input argument name type required description asset type string required type of asset life cycle string required life cycle stage output parameter type description status code number http status code of the response reason string response reason phrase lastupdateddatetime number time value totalvulnerabilities number output field totalvulnerabilities urgent object output field urgent vulnerabilitycount number count value assetcount number count value patchable object output field patchable vulnerabilitycount number count value assetcount number count value exploitable object output field exploitable vulnerabilitycount number count value assetcount number count value internetexposed object output field internetexposed vulnerabilitycount number count value assetcount number count value packageinuse object output field packageinuse vulnerabilitycount number count value assetcount number count value example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "lastupdateddatetime" 0, "totalvulnerabilities" 0, "urgent" {}, "patchable" {}, "exploitable" {}, "internetexposed" {}, "packageinuse" {} } } ] get query suggestions provides auto complete suggestions and validity checks for partial iam queries in palo alto networks prisma cloud endpoint url api/v1/suggest method post input argument name type required description query string required query to validate output parameter type description status code number http status code of the response reason string response reason phrase needsoffsetupdate boolean date value offset number output field offset suggestions array output field suggestions translate boolean output field translate valid boolean unique identifier example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "needsoffsetupdate" true, "offset" 43, "suggestions" \[], "translate" false, "valid" true } } ] get query suggestions v2 offers auto completion suggestions and syntax validation for rql queries in palo alto networks prisma cloud endpoint url iam/api/v2/suggestion method post input argument name type required description query string required query to validate output parameter type description status code number http status code of the response reason string response reason phrase valid boolean unique identifier suggestions array output field suggestions translate boolean output field translate needsoffsetupdate boolean date value offset number output field offset example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "valid" true, "suggestions" \[], "translate" false, "needsoffsetupdate" true, "offset" 43 } } ] get remediation retrieve a list of remediation actions for specified alert ids in palo alto networks prisma cloud endpoint url api/v1/permission/alert/remediation method post input argument name type required description alerts array required list of relevant alerts output parameter type description status code number http status code of the response reason string response reason phrase alertidvscliscript object unique identifier i 1234 string output field i 1234 i 1235 string output field i 1235 clidescription string unique identifier example \[ { "status code" 200, "response headers" { "date" "sat, 13 jul 2024 11 00 15 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x ratelimit remaining" "49", "x ratelimit requested tokens" "1", "x ratelimit burst capacity" "50", "x ratelimit replenish rate" "50", "vary" "origin, access control request method, access control request headers, x redlock ", "x xss protection" "1; mode=block", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "deny", "x content type options" "nosniff", "referrer policy" "no referrer", "content security policy" "default src 'self' https ; font src 'self' https data ; img src 'self' https d " }, "reason" "ok", "json body" { "alertidvscliscript" {}, "clidescription" "the following are cli commands required for remediation successful execution wi " } } ] get remediation command retrieve a specific remediation command for an alert by using the unique alert id in palo alto networks prisma cloud endpoint url iam/api/v2/alert/{{alert id}}/remediation command method get input argument name type required description alert id string required the alert id output parameter type description status code number http status code of the response reason string response reason phrase clicommand string output field clicommand clidescription string unique identifier example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "clicommand" "cli command", "clidescription" "the following are cli command is required for remediation successful execution " } } ] get remediation status retrieve remediation action statuses for assets in palo alto networks prisma cloud using cveid, prismaid, and assettype endpoint url uve/api/v1/remediation/vuln remediation status method post input argument name type required description cveid string required cve id of the vulnerability prismaid string required prisma id allocated to the customer assettype string required asset type assetid array optional list of asset uai ids output parameter type description status code number http status code of the response reason string response reason phrase values array value for the parameter prismaid string unique identifier unifiedassetid string unique identifier assettype string type of the resource assetlifecycle string output field assetlifecycle cveid string unique identifier source string output field source remediationaction array output field remediationaction action string output field action status string status value actionresult string result of the operation message string response message lastupdatedtimestamp number output field lastupdatedtimestamp example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "values" \[] } } ] get saved asset inventory filter retrieves a saved asset inventory filter by id from palo alto networks prisma cloud, enabling targeted asset management endpoint url filter/inventory/{{id}} method get input argument name type required description id string required asset inventory id output parameter type description status code number http status code of the response reason string response reason phrase customerid number unique identifier filterid string unique identifier name string name of the resource description string output field description createdby string output field createdby lastmodifiedby string output field lastmodifiedby createdon number output field createdon filtertarget string output field filtertarget filters array output field filters name string name of the resource value string value for the parameter operator string output field operator example \[ { "status code" 200, "response headers" { "date" "mon, 08 jul 2024 04 14 44 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "f39fe7ee34ca4ecbbea5177a564c6915" }, "reason" "ok", "json body" { "customerid" 87, "filterid" "aws all dynamodb", "name" "aws all dynamodb", "description" "all dynamodb tables in all aws accounts", "createdby" "danjohnson\@guidewire com", "lastmodifiedby" "danjohnson\@guidewire com", "createdon" 1579793555278, "filtertarget" "inventory", "filters" \[] } } ] get top impacting vulnerabilities v2 retrieve critical vulnerabilities with risk scores, severity, cvss, and impacted assets from palo alto networks prisma cloud requires 'life cycle' and 'top' parameters endpoint url uve/api/v2/dashboard/vulnerabilities/prioritised vuln method get input argument name type required description life cycle string required life cycle stage top number required number of results to be returned output parameter type description status code number http status code of the response reason string response reason phrase lastupdateddatetime number time value cve array output field cve id string unique identifier cvssscore number score value epssscore number score value completeepssscore number score value epssscoreprevious number output field epssscoreprevious severity string output field severity riskfactors array output field riskfactors assetsimpacted object output field assetsimpacted codecount number count value buildcount number count value deploycount number count value runtimecount number count value assetsatrisk number output field assetsatrisk example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "lastupdateddatetime" 0, "cve" \[] } } ] get vulnerabilities burndown retrieve vulnerability burndown data for specified asset types, life cycles, and severities in palo alto networks prisma cloud endpoint url uve/api/v2/dashboard/vulnerabilities/burndown method get input argument name type required description asset type string required type of asset life cycle string required life cycle stage severities string required severity output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" \[ {} ] } ] get vulnerabilities by rql retrieve a detailed list of vulnerabilities from palo alto networks prisma cloud using an rql query requires a 'query' in the json body endpoint url uve/api/v1/vulnerabilities/search method post input argument name type required description page token string optional token for pagination query string required search query id string optional saved search id output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier name string name of the resource description string output field description searchtype string type of the resource saved boolean output field saved timerange object output field timerange type string type of the resource value string value for the parameter query string output field query data object response data totalrows number output field totalrows totalvulnerabilities number output field totalvulnerabilities totalassets number output field totalassets items array output field items cveid string unique identifier name string name of the resource cvssscore number score value epssscore number score value epssscoreprevious number output field epssscoreprevious completeepssscore number score value totalimpactedassets number output field totalimpactedassets riskfactors array output field riskfactors code object output field code example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "id" "string", "name" "string", "description" "string", "searchtype" "string", "saved" true, "timerange" {}, "query" "string", "data" {} } } ] get vulnerability impact by stage provides a summary of vulnerabilities by application stage in palo alto networks prisma cloud, segmented by lifecycle and severity endpoint url uve/api/v1/dashboard/vulnerabilities/impact stage method get input argument name type required description asset type string required type of asset life cycle string required life cycle stage severities string required severity output parameter type description status code number http status code of the response reason string response reason phrase value object value for the parameter code object output field code package number output field package iac number output field iac build object output field build run object output field run serverlessfunction number output field serverlessfunction host number output field host deployedimage number output field deployedimage deploy object output field deploy registryimage number output field registryimage vmimage number output field vmimage example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "value" {} } } ] get vulnerability overview v2 provides a categorized summary of total runtime vulnerabilities by asset and remediation status in palo alto networks prisma cloud endpoint url uve/api/v2/dashboard/vulnerabilities/overview method get output parameter type description status code number http status code of the response reason string response reason phrase overviewsummary object output field overviewsummary totalvulnerableruntimeassets object output field totalvulnerableruntimeassets totalcount number count value deployedimagecount number count value serverlessfunctioncount number count value hostcount number count value totalvulnerabilitiesinruntime object time value totalcount number count value criticalcount number count value highcount number count value mediumcount number count value lowcount number count value totalremediatedinruntime object time value totalcount number count value criticalcount number count value highcount number count value mediumcount number count value lowcount number count value values array value for the parameter lastupdateddatetime number time value totalvulnerabilitycount number count value totalvulnerableasset number output field totalvulnerableasset totalremediationcount number count value example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "overviewsummary" {}, "values" \[] } } ] get vulnerable assets by cve retrieve a list of assets impacted by a specified cve id from palo alto networks prisma cloud, requiring the cve id endpoint url uve/api/v1/dashboard/vulnerabilities/vuln assets method post input argument name type required description query string optional parameter for get vulnerable assets by cve cve id string required unique identifier risk factors array optional parameter for get vulnerable assets by cve sort by string optional parameter for get vulnerable assets by cve asset type string optional type of the resource page offset number optional parameter for get vulnerable assets by cve page size number optional parameter for get vulnerable assets by cve filter suppressed boolean optional parameter for get vulnerable assets by cve output parameter type description status code number http status code of the response reason string response reason phrase value object value for the parameter severity array output field severity riskfactors array output field riskfactors serverlessfunction object output field serverlessfunction count number count value repositorycount number count value fiximpact object output field fiximpact percentagevulns number output field percentagevulns across number output field across remediationavailable array output field remediationavailable action string output field action status string status value actionresult object result of the operation message object response message cvssscore number score value cveid string unique identifier host object output field host count number count value repositorycount number count value fiximpact object output field fiximpact percentagevulns number output field percentagevulns across number output field across remediationavailable array output field remediationavailable example \[ { "status code" 200, "response headers" { "date" "sat, 13 jul 2024 16 25 53 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x content type options" "nosniff", "x xss protection" "1; mode=block", "cache control" "no cache, no store, max age=0, must revalidate", "pragma" "no cache", "expires" "0", "strict transport security" "max age=31536000 ; includesubdomains", "x frame options" "deny", "vary" "origin, access control request method, access control request headers, x redlock ", "referrer policy" "no referrer", "content security policy" "default src 'self' https ; font src 'self' https data ; img src 'self' https d ", "x download options" "noopen" }, "reason" "ok", "json body" { "value" {} } } ] get vulnerable assets by rql retrieve a list of assets vulnerable to specific cves using an rql query in palo alto networks prisma cloud, including asset ids, lifecycle, and type endpoint url uve/api/v1/vulnerabilities/search/asset method post input argument name type required description page token string optional token for pagination query string required search query cveid string required cve id assetlifecycle string required asset lifecycle assettype string required asset type output parameter type description status code number http status code of the response reason string response reason phrase value array value for the parameter id string unique identifier name string name of the resource atrisk boolean output field atrisk internetexposed boolean output field internetexposed nextpagetoken string output field nextpagetoken example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "value" \[], "nextpagetoken" "string" } } ] is dismissal note required determines if a dismissal note is mandatory when dismissing an alert in palo alto networks prisma cloud endpoint url /alert/dismiss/require dismissal note method get output parameter type description status code number http status code of the response reason string response reason phrase requiredismissalnote boolean output field requiredismissalnote example \[ { "status code" 200, "response headers" { "date" "wed, 10 jul 2024 12 11 19 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "571b787f52e840f79783e292c8ec6939" }, "reason" "ok", "json body" { "requiredismissalnote" true } } ] list account group names retrieve a list of account group names, their ids, and auto creation status from palo alto networks prisma cloud endpoint url /cloud/group/name method get input argument name type required description include auto created boolean optional include account groups that were automatically created during cloud onboarding output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "mon, 08 jul 2024 12 56 50 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "x ratelimit remaining" "39", "x ratelimit requested tokens" "1", "x ratelimit burst capacity" "40", "x ratelimit replenish rate" "40", "tracer id" "e6d3dfc7310e5d8cb9529097fb0ccf7d", "x content type options" "nosniff", "x xss protection" "0", "cache control" "no cache, no store, max age=0, must revalidate", "pragma" "no cache", "expires" "0", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "ok", "json body" \[ { "id" "08bd0f4a e10a 44f2 aa88 79eb4d5c3acc", "name" "serviceaccounts 593878436761", "autocreated" true }, { "id" "0eb320d6 2cea 4470 a34a 1c960179fb19", "name" "securitycenter 788742092453", "autocreated" true }, { "id" "11cdda9c 330d 46eb 80ce 561c0f64f37e", "name" "bizfunc global 804569306390", "autocreated" true } ] } ] list account group names by cloud type retrieve account group ids and names from palo alto networks prisma cloud, filtered by specified cloud type endpoint url /cloud/group/name/{{cloud type}} method get input argument name type required description cloud type string required cloud type output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "mon, 08 jul 2024 13 30 19 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "x ratelimit remaining" "4", "x ratelimit requested tokens" "1", "x ratelimit burst capacity" "5", "x ratelimit replenish rate" "5", "tracer id" "0b2c8db9ce63fd1aa372abf3419c7533", "x content type options" "nosniff", "x xss protection" "0", "cache control" "no cache, no store, max age=0, must revalidate", "pragma" "no cache", "expires" "0", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "ok", "json body" \[ { "id" "b97ad305 3a80 4188 a935 8c5fae411da0", "name" "ads cyence" }, { "id" "4b4cf43f 4df4 45af 8f38 65c93c7ce7e0", "name" "cloudops insurancesuite" }, { "id" "e3f1a044 b358 4fa4 bb15 6be9b155d797", "name" "pd team" } ] } ] list account groups retrieve an array of account groups the user has access to within palo alto networks prisma cloud endpoint url /cloud/group method get input argument name type required description excludecloudaccountdetails boolean optional exclude cloud account details output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "mon, 08 jul 2024 09 08 24 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "x ratelimit remaining" "39", "x ratelimit requested tokens" "1", "x ratelimit burst capacity" "40", "x ratelimit replenish rate" "40", "tracer id" "c43e70f1ed7ee27df8f577f2b78ceb50", "x content type options" "nosniff", "x xss protection" "0", "cache control" "no cache, no store, max age=0, must revalidate", "pragma" "no cache", "expires" "0", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "ok", "json body" \[ { "id" "96e96e89 a60c 44a4 bf34 89264d9b7029", "name" "bizfunc biztech 642281869570", "description" "", "lastmodifiedby" "prisma cloud system admin", "lastmodifiedts" 1719302983087, "accountids" \[], "nononboardedcloudaccountids" \[], "autocreated" true, "cloudaccountcount" 38, "accounts" \[], "alertrules" \[] }, { "id" "9b6b073b d4e6 4251 830c 0dceb8505437", "name" "infosec general", "description" "accounts under the general product that are owned by infosec this account group was created with automation ", "lastmodifiedby" "skavanagh\@guidewire com", "lastmodifiedts" 1661861185620, "accountids" \[], "nononboardedcloudaccountids" \[], "autocreated" false, "cloudaccountcount" 8, "accounts" \[], "alertrules" \[ { "alertid" "744ef4c4 16f8 44d8 bbfe 1974cb2df9fe", "alertname" "aws config recording is disabled ('aws jakarta' , 'aws cape town' , 'aws osaka' , 'aws milan' , 'aws mumbai' , 'aws bahrain' , 'aws hong kong')" } ] }, { "id" "026df65c 1c38 4cfc a8e1 95a6febfc027", "name" "cloud accounts nonprod", "description" "non prod/dev accounts", "lastmodifiedby" "rkoop\@guidewire com", "lastmodifiedts" 1655843640253, "accountids" \[], "nononboardedcloudaccountids" \[], "autocreated" false, "cloudaccountcount" 85, "accounts" \[], "alertrules" \[] } ] } ] list alert counts by policy get retrieve alert counts categorized by policy from palo alto networks prisma cloud, with optional query filters endpoint url /alert/policy method get input argument name type required description alert id string optional alert id alert status string optional alert status cloud account string optional cloud account cloud accountid string optional cloud account id account group string optional account group cloud type string optional cloud type cloud region string optional cloud region cloud service string optional cloud service string policy id string optional policy id policy name string optional policy name policy severity string optional policy severity policy label string optional policy label policy type string optional policy type policy compliancestandard string optional policy compliance standard name policy compliancerequirement string optional policy compliance requirement name policy compliancesection string optional policy compliance section id policy remediable string optional policy is remediable alertrule name string optional alert rule name resource id string optional resource id resource name string optional resource name resource type string optional resource type output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "tue, 09 jul 2024 14 16 44 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x ratelimit remaining" "4", "x ratelimit requested tokens" "1", "x ratelimit burst capacity" "5", "x ratelimit replenish rate" "2", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff" }, "reason" "ok", "json body" \[ {}, {} ] } ] list alert counts by policy post retrieve alert counts categorized by policy within a specified time range in palo alto networks prisma cloud endpoint url /alert/policy method post input argument name type required description detailed boolean optional return detailed alert data detailed boolean optional detailed fields array optional array of specific fields to return filters array optional filtering parameters name string optional name of the resource operator string optional parameter for list alert counts by policy post value string optional value for the parameter groupby array optional for asset or data inventory only limit number optional maximum number of items to return offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties timerange object required parameter for list alert counts by policy post relativetimetype string optional direction in which to count time type string optional type of the resource value object required model for relativetimeduration amount number optional number of time units unit string optional time unit output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "mon, 15 jul 2024 04 53 02 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x ratelimit remaining" "4", "x ratelimit requested tokens" "1", "x ratelimit burst capacity" "5", "x ratelimit replenish rate" "2", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff" }, "reason" "ok", "json body" \[ {} ] } ] list alert filter autocomplete suggestions retrieve available autocomplete suggestions for an alert filter key in palo alto networks prisma cloud endpoint url /filter/alert/suggest method post input argument name type required description filtername string required filter name query string optional case insensitive fuzzy search autocomplete filter output parameter type description status code number http status code of the response reason string response reason phrase completeparameters array parameters for the list alert filter autocomplete suggestions action name string name of the resource operator string output field operator value string value for the parameter links string output field links needsoffsetupdate boolean date value offset number output field offset queryremainder string output field queryremainder suggestions array output field suggestions translate boolean output field translate valid boolean unique identifier example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "completeparameters" \[], "links" "string", "needsoffsetupdate" true, "offset" 0, "queryremainder" "string", "suggestions" \[], "translate" true, "valid" true } } ] list alert filters retrieve a list of available policy filters from palo alto networks prisma cloud endpoint url /filter/alert/suggest method get output parameter type description status code number http status code of the response reason string response reason phrase policy name object name of the resource options array output field options file name string name of the resource file string output field file staticfilter boolean output field staticfilter policy type object type of the resource staticfilter boolean output field staticfilter policy label object output field policy label options array output field options file name string name of the resource file string output field file staticfilter boolean output field staticfilter policy severity object output field policy severity staticfilter boolean output field staticfilter alertrule name object name of the resource options array output field options file name string name of the resource file string output field file staticfilter boolean output field staticfilter resource id object unique identifier options array output field options file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "mon, 08 jul 2024 15 20 26 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "92f9e49e0d58401e9149be8ebd66106c" }, "reason" "ok", "json body" { "policy name" {}, "policy type" {}, "policy label" {}, "policy severity" {}, "alertrule name" {}, "resource id" {}, "resource name" {}, "malware" {}, "object classification" {}, "object identifier" {}, "git provider" {}, "git repository" {}, "iac framework" {}, "asset class" {}, "alert id" {} } } ] list alert remediation commands generates a list of specific remediation commands for alerts and policies in palo alto networks prisma cloud, requiring a filter endpoint url /alert/remediation method post input argument name type required description alerts array optional list of alert ids one or more alert ids associated with a single policy are required if no policies are specified filter object required model for filter detailed boolean optional detailed fields array optional array of specific fields to return filters array optional filtering parameters name string optional name operator string optional operator value string optional value groupby array optional for asset or data inventory only limit number optional maximum number of items to return offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties timerange object required parameter for list alert remediation commands relativetimetype string optional direction in which to count time type string optional type of the resource value object required model for relativetimeduration amount number optional number of time units unit string optional time unit policies array optional list of policy ids a single policy id is required if no alerts are specified output parameter type description status code number http status code of the response reason string response reason phrase alertidvscliscript object unique identifier clidescription string unique identifier cliscript string output field cliscript scriptimpact string output field scriptimpact example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "alertidvscliscript" {}, "clidescription" "string", "cliscript" "string", "scriptimpact" "string" } } ] list alert rules v2 retrieve all alert rules available to your user role in palo alto networks prisma cloud, excluding open alerts count endpoint url /v2/alert/rule method get input argument name type required description enabled boolean optional process only enabled alert rules output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "mon, 08 jul 2024 14 08 08 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "2aa8e79f6a024809857ca34323dfb8e3" }, "reason" "ok", "json body" \[ { "policyscanconfigid" "5dce05d5 9da8 452d acb1 77e85276ca58", "name" "jira integration", "description" "jira integration for emergency alerts", "enabled" true, "scanall" false, "policies" \[ "4b411b41 7f4d 4626 884e 5ba8abd2a739" ], "policylabels" \[], "excludedpolicies" \[], "target" { "accountgroups" \[ "b97ad305 3a80 4188 a935 8c5fae411da0" ], "excludedaccounts" \[], "regions" \[], "tags" \[], "includedresourcelists" { "computeaccessgroupids" \[] }, "targetresourcelist" { "action" "auto dismiss", "reason" "", "requestor" "", "approver" "", "additionalnotes" "", "enabled" false, "ids" \[] } }, "createdon" 1660812837143, "createdby" "skavanagh\@guidewire com", "lastmodifiedon" 1660838872638, "lastmodifiedby" "skavanagh\@guidewire com", "deleted" false, "alertrulenotificationconfig" \[], "allowautoremediate" false, "delaynotificationms" 240000, "scanconfigtype" "standard", "notifyonopen" true, "notifyonsnoozed" false, "notifyondismissed" false, "notifyonresolved" false, "owner" "guidewire", "notificationchannels" \[ "jira" ], "openalertscount" 0, "readonly" false }, { "policyscanconfigid" "895b6eeb a98d 40ab a35d 2fed528fc3d4", "name" "prisma aws healthcheck alerts", "description" "", "enabled" true, "scanall" false, "policies" \[ "5980b7f5 c030 48a5 b0e3 7f154dd54483" ], "policylabels" \[], "excludedpolicies" \[], "target" { "accountgroups" \[ "80206a95 51e3 4b95 98ff 5e6df927b93b" ], "excludedaccounts" \[], "regions" \[], "tags" \[] }, "createdon" 1680006229139, "createdby" "suhas jagannath", "lastmodifiedon" 1712232832009, "lastmodifiedby" "thejas k a", "deleted" false, "alertrulenotificationconfig" \[], "allowautoremediate" false, "delaynotificationms" 0, list alerts v2 get retrieve a paginated list of alerts based on time filters from the prisma cloud platform, requiring timetype, timeamount, and timeunit parameters endpoint url /v2/alert method get input argument name type required description timetype string required time type timeamount string required number of timeunits timeunit string required time unit detailed boolean required return detailed alert data fields string optional array of specific fields to return sortby string optional response object property by which to sort response list limit number optional the maximum number of items that will be returned in one response pagetoken string optional token that identifies the required page of data alert id string optional alert id alert status string optional alert status cloud account string optional cloud account cloud accountid string optional cloud account id account group string optional account group cloud type string optional cloud type cloud region string optional cloud region cloud service string optional cloud service policy id string optional policy id policy name string optional policy name policy severity string optional policy severity policy label string optional policy label policy type string optional policy type policy compliancestandard string optional policy compliance standard name policy compliancerequirement string optional policy compliance requirement name policy compliancesection string optional policy compliance section id policy remediable string optional policy is remediable output parameter type description status code number http status code of the response reason string response reason phrase dynamiccolumns array output field dynamiccolumns infomsg string output field infomsg items array output field items alertadditionalinfo object output field alertadditionalinfo alertattribution object output field alertattribution alertcount number count value alertrules array output field alertrules file name string name of the resource file string output field file alerttime number time value appmetadata array response data connectiondetails array output field connectiondetails file name string name of the resource file string output field file dismissalduration string output field dismissalduration dismissalnote string output field dismissalnote dismissaluntilts number output field dismissaluntilts dismissedby string output field dismissedby eventoccurred number output field eventoccurred firstseen number output field firstseen history array output field history file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "mon, 15 jul 2024 04 32 38 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x ratelimit remaining" "9", "x ratelimit requested tokens" "1", "x ratelimit burst capacity" "10", "x ratelimit replenish rate" "3", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff" }, "reason" "ok", "json body" { "dynamiccolumns" \[], "infomsg" "string", "items" \[], "nextpagetoken" "string", "sortallowedcolumns" \[], "totalrows" 0 } } ] list alerts v2 post retrieve a paginated list of prisma cloud alerts within a specified time range requires 'timerange' in the json body endpoint url /v2/alert method post input argument name type required description detailed boolean optional return detailed alert data detailed boolean optional detailed fields array optional array of specific fields to return filters array optional filtering parameters name string optional name of the resource operator string optional parameter for list alerts v2 post value string optional value for the parameter groupby array optional for asset or data inventory only limit number optional maximum number of items to return offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties timerange object required parameter for list alerts v2 post relativetimetype string optional direction in which to count time type string optional type of the resource value object required model for relativetimeduration amount number optional number of time units unit string optional time unit output parameter type description status code number http status code of the response reason string response reason phrase dynamiccolumns array output field dynamiccolumns infomsg string output field infomsg items array output field items alertadditionalinfo object output field alertadditionalinfo alertattribution object output field alertattribution attributioneventlist array output field attributioneventlist file name string name of the resource file string output field file resourcecreatedby string output field resourcecreatedby resourcecreatedon number output field resourcecreatedon alertcount number count value alertrules array output field alertrules file name string name of the resource file string output field file alerttime number time value appmetadata array response data connectiondetails array output field connectiondetails file name string name of the resource file string output field file dismissalduration string output field dismissalduration dismissalnote string output field dismissalnote dismissaluntilts number output field dismissaluntilts dismissedby string output field dismissedby example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "dynamiccolumns" \[], "infomsg" "string", "items" \[], "nextpagetoken" "string", "sortallowedcolumns" \[], "totalrows" 0 } } ] list inventory dashboard filter retrieve autocomplete suggestions for inventory dashboard filters in palo alto networks prisma cloud, requiring a 'filtername' endpoint url /filter/v2/inventory/suggest method post input argument name type required description filtername string required filter name query string optional case insensitive fuzzy search autocomplete filter includes only items that contain the query as a substring output parameter type description status code number http status code of the response reason string response reason phrase valid boolean unique identifier offset number output field offset suggestions array output field suggestions translate boolean output field translate needsoffsetupdate boolean date value queryremainder string output field queryremainder completeparameters array parameters for the list inventory dashboard filter action file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "fri, 12 jul 2024 05 41 28 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "aacb39863b934ed9bde0594015ca0631" }, "reason" "ok", "json body" { "valid" false, "offset" 16, "suggestions" \[], "translate" false, "needsoffsetupdate" true, "queryremainder" "cloud service = string", "completeparameters" \[] } } ] list inventory filters v2 retrieve an object listing supported asset inventory filters with default options in palo alto networks prisma cloud endpoint url /filter/v2/inventory/suggest method get output parameter type description status code number http status code of the response reason string response reason phrase account group object output field account group options array output field options file name string name of the resource file string output field file staticfilter boolean output field staticfilter cloud account object count value options array output field options file name string name of the resource file string output field file staticfilter boolean output field staticfilter cloud region object output field cloud region options array output field options staticfilter boolean output field staticfilter cloud service object output field cloud service options array output field options file name string name of the resource file string output field file staticfilter boolean output field staticfilter resource type object type of the resource options array output field options file name string name of the resource file string output field file staticfilter boolean output field staticfilter example \[ { "status code" 200, "response headers" { "date" "fri, 12 jul 2024 05 23 03 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "cc7d8ad700f948b496ade044f9559371" }, "reason" "ok", "json body" { "account group" {}, "cloud account" {}, "cloud region" {}, "cloud service" {}, "resource type" {}, "asset class" {}, "policy compliancestandard" {}, "policy compliancerequirement" {}, "policy compliancesection" {}, "resourcelist tag" {}, "cloud type" {} } } ] list saved asset inventory filters retrieve a list of saved asset inventory filters from palo alto networks prisma cloud endpoint url /filter/inventory method get output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "fri, 12 jul 2024 05 37 46 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "fd6f747e2b6b4ef9b865e5497439cff4" }, "reason" "ok", "json body" \[ {} ] } ] list top n assets retrieves the top n assets with the highest alert counts over the last 30 days, filtered by swimlane type and time range endpoint url api/v1/top assets/{{swimlane type}} method post input argument name type required description swimlane type string required type of the swimlane filters array optional list of filters that can be applied for the api name string optional filtertype operator string optional only allowed operator for the filter is '=' value string optional value for the applied filter timerange object required parameter for list top n assets type string optional type of time ranges value object optional absolute time containing start and end time maximum time range supported is last 30 days starttime number optional time value endtime number optional time value limit number optional limit on the number of resources requested supported values >= 1 and <= 10 output parameter type description status code number http status code of the response reason string response reason phrase value array value for the parameter externalresourceid string unique identifier resourcename string name of the resource cloudname string name of the resource servicename string name of the resource accountname string name of the resource alertcount number count value criticalalertcount number count value highalertcount number count value starttime number time value endtime number time value swimlanetype string type of the resource lastscants number output field lastscants example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "value" \[], "starttime" 0, "endtime" 0, "swimlanetype" "misconfigurations", "lastscants" 0 } } ] list top policies retrieve the top policies with the most alerts from palo alto networks prisma cloud, specifying time range, accounts, and swimlane type endpoint url api/v1/top policies/{{swimlane type}} method post input argument name type required description swimlane type string required type of the swimlane filters array optional list of filters that can be applied for the api name string optional filtertype operator string optional only allowed operator for the filter is '=' value string optional value for the applied filter timerange object required parameter for list top policies type string optional type of time ranges value object optional absolute time containing start and end time maximum time range supported is last 30 days starttime number optional time value endtime number optional time value limit number optional limit on the number of resources requested supported values >= 1 and <= 10 output parameter type description status code number http status code of the response reason string response reason phrase value array value for the parameter policyid string unique identifier policyname string name of the resource policytype string type of the resource severity string output field severity alertcount number count value policydescription string output field policydescription starttime number time value endtime number time value swimlanetype string type of the resource lastscants number output field lastscants example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "value" \[], "starttime" 0, "endtime" 0, "swimlanetype" "misconfigurations", "lastscants" 0 } } ] list top vulnerabilities retrieve the top 5 hosts and images with the most vulnerabilities from palo alto networks prisma cloud, filterable by type, time, accounts, and groups endpoint url v1/top vulnerabilities method post input argument name type required description limit number optional parameter for list top vulnerabilities type string optional type of the resource filters array optional list of filters that can be applied for the api name string optional filtertype operator string optional only allowed operator for the filter is '=' value string optional value for the applied filter timerange object optional parameter for list top vulnerabilities type string optional type of time ranges value object optional absolute time containing start and end time maximum time range supported is last 30 days starttime number optional time value endtime number optional time value output parameter type description status code number http status code of the response reason string response reason phrase value array value for the parameter unifiedassetid string unique identifier resourcename string name of the resource numcriticalvulnerabilities number output field numcriticalvulnerabilities numhighvulnerabilities number output field numhighvulnerabilities totalvulnerabilities number output field totalvulnerabilities date string date value ts number output field ts lastscants number output field lastscants example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "value" \[], "date" "11 04 2024", "ts" 0, "lastscants" 0 } } ] list total alerts based on the severity retrieve a count of prisma cloud alerts by severity over a specified time range, requiring account and group details endpoint url api/v1/summary/{{swimlane type}} method post input argument name type required description swimlane type string required type of the swimlane filters array optional list of filters that can be applied for the api name string optional filtertype operator string optional only allowed operator for the filter is '=' value string optional value for the applied filter timerange object required parameter for list total alerts based on the severity type string optional type of time ranges value object optional absolute time containing start and end time maximum time range supported is last 30 days starttime number optional time value endtime number optional time value output parameter type description status code number http status code of the response reason string response reason phrase value object value for the parameter totalcriticalalerts number output field totalcriticalalerts totalhighalerts number output field totalhighalerts starttime number time value endtime number time value swimlanetype string type of the resource lastscants number output field lastscants example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "value" {}, "starttime" 0, "endtime" 0, "swimlanetype" "misconfigurations", "lastscants" 0 } } ] list total vulnerable images and hosts retrieve a summary of all vulnerable images and hosts within specified time, accounts, and account groups in palo alto networks prisma cloud endpoint url v1/vulnerabilities/summary method post input argument name type required description prismaid string optional unique identifier filters array optional list of filters that can be applied for the api name string optional filtertype operator string optional only allowed operator for the filter is '=' value string optional value for the applied filter timerange object optional parameter for list total vulnerable images and hosts type string optional type of time ranges value object optional absolute time containing start and end time maximum time range supported is last 30 days starttime number optional time value endtime number optional time value output parameter type description status code number http status code of the response reason string response reason phrase value object value for the parameter images object output field images totalcriticalvulnerabilities number output field totalcriticalvulnerabilities totalhighvulnerabilities number output field totalhighvulnerabilities hosts object output field hosts totalcriticalvulnerabilities number output field totalcriticalvulnerabilities totalhighvulnerabilities number output field totalhighvulnerabilities totalbyseverity object output field totalbyseverity totalcriticalvulnerabilities number output field totalcriticalvulnerabilities totalhighvulnerabilities number output field totalhighvulnerabilities date string date value ts number output field ts lastscants number output field lastscants example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "value" {}, "date" "11 04 2024", "ts" 0, "lastscants" 0 } } ] remediate alert remediates a specified alert in palo alto networks prisma cloud when associated with a remediable policy, requiring an alert id endpoint url /alert/remediation/{{id}} method patch input argument name type required description findingid string optional unique identifier id string required alert id output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] reopen alerts reopens dismissed or snoozed alerts in palo alto networks prisma cloud using specified filters and time range endpoint url /alert/reopen method post input argument name type required description alerts array optional alert ids dismissalnote string optional reason for dismissal dismissaltimerange object required parameter for reopen alerts type string required type of the resource relativetimetype string optional direction in which to count time value object required model for relativetimeduration amount number optional number of time units unit string optional time unit filter object required model for filter detailed boolean optional detailed fields array optional array of specific fields to return filters array optional filtering parameters name string optional name operator string optional operator value string optional value groupby array optional for asset or data inventory only limit number optional maximum number of items to return offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties timerange object required parameter for reopen alerts relativetimetype string optional direction in which to count time type string optional type of the resource value object required model for relativetimeduration amount number optional number of time units output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] save asset inventory filter saves a specified asset inventory filter in palo alto networks prisma cloud with a defined time range endpoint url /filter/inventory method post input argument name type required description detailed boolean optional detailed fields array optional array of specific fields to return filters array optional filtering parameters name string optional name operator string optional operator value string optional value groupby array optional for asset or data inventory only group returned items by cloud type, cloud service, cloud region, cloud account, and/or resource type limit number optional maximum number of items to return offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties timerange object required parameter for save asset inventory filter relativetimetype string optional direction in which to count time type string optional type of the resource value object required value for the parameter amount number optional number of time units unit string optional time unit output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] submit alert csv generation job submits a job to generate a downloadable csv file of alerts within the specified time range returns job id and status endpoint url /alert/csv method post input argument name type required description detailed boolean optional return detailed alert data detailed boolean optional detailed fields array optional array of specific fields to return filters array optional filtering parameters name string optional name operator string optional operator value string optional value groupby array optional for asset or data inventory only limit number optional maximum number of items to return offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties timerange object required parameter for submit alert csv generation job relativetimetype string optional direction in which to count time type string optional type of the resource value object required model for relativetimeduration amount number optional number of time units unit string optional time unit output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier customerid number unique identifier status string status value createdby string output field createdby createdon number output field createdon statusuri string status value example \[ { "status code" 200, "response headers" { "date" "thu, 11 jul 2024 04 51 46 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "64d72b491e50469a9d2e510e6148daa1" }, "reason" "ok", "json body" { "id" "937771fea1964b3ab1c768dc62ef6789", "customerid" 87, "status" "in progress", "createdby" "prisma swimlane integration", "createdon" 1720673503890, "statusuri" "/alert/csv/937771fea1964b3ab1c768dc62ef6789/status" } } ] submit job to list alerts submits a job to palo alto networks prisma cloud to generate a list of alerts within a specified time range, providing a job id and status endpoint url /alert/jobs method post input argument name type required description detailed boolean optional detailed fields array optional array of specific fields to return filters array optional filtering parameters name string optional name of the resource operator string optional parameter for submit job to list alerts value string optional value for the parameter groupby array optional for asset or data inventory only limit number optional maximum number of items to return offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties timerange object required parameter for submit job to list alerts relativetimetype string optional direction in which to count time type string optional type of the resource value object required model for relativetimeduration amount number optional number of time units unit string optional time unit output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier customerid number unique identifier status string status value createdby string output field createdby createdon number output field createdon statusuri string status value example \[ { "status code" 200, "response headers" { "date" "thu, 11 jul 2024 04 15 19 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "cc45c24d93ae447cb597580ed0f946b0" }, "reason" "ok", "json body" { "id" "e09b247a62af4e0aafd4bf4c4b12fec7", "customerid" 87, "status" "completed", "createdby" "prisma swimlane integration", "createdon" 1720671319436, "statusuri" "/alert/jobs/e09b247a62af4e0aafd4bf4c4b12fec7/status" } } ] submit job to list alerts by policy submits a job to prisma cloud to generate alerts grouped by policy violation, returning job id and status requires a 'timerange' in the json body endpoint url /alert/policy/jobs method post input argument name type required description detailed boolean optional detailed fields array optional array of specific fields to return filters array optional filtering parameters name string optional name of the resource operator string optional parameter for submit job to list alerts by policy value string optional value for the parameter groupby array optional for asset or data inventory only limit number optional maximum number of items to return offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties timerange object required parameter for submit job to list alerts by policy relativetimetype string optional direction in which to count time type string optional type of the resource value object required model for relativetimeduration amount number optional number of time units unit string optional time unit output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier customerid number unique identifier status string status value createdby string output field createdby createdon number output field createdon statusuri string status value example \[ { "status code" 200, "response headers" { "date" "thu, 11 jul 2024 05 42 59 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "7a8f7bcaa3da417dbce2740fd8c8c05f" }, "reason" "ok", "json body" { "id" "b70ac365a19446a59da964785d03142d", "customerid" 87, "status" "completed", "createdby" "prisma swimlane integration", "createdon" 1720676579637, "statusuri" "/alert/policy/jobs/b70ac365a19446a59da964785d03142d/status" } } ] update account group updates an existing account group in palo alto networks prisma cloud using the specified 'id', 'accountids', and 'name' endpoint url /cloud/group/{{id}} method put input argument name type required description id string required account group id accountids array required cloud account ids cloudaccountinfos array optional cloud account details of account associated with this account group accountid string optional account id cloudtype string optional cloud type lastmodifiedby string optional last modified by description string optional description name string required name output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] update dismissal note requirement enforces or waives the requirement for a dismissal note when an alert is dismissed in palo alto networks prisma cloud endpoint url /alert/dismiss/require dismissal note method put input argument name type required description requiredismissalnote boolean optional require dismissal note output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 200, "response headers" { "date" "wed, 10 jul 2024 11 52 44 gmt", "content length" "0", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "24eff50bdb8041de89a1858e1e2e6ddf", "vary" "origin, access control request method, access control request headers, accept en " }, "reason" "ok", "response text" "" } ] update saved asset inventory filter updates an existing saved asset inventory filter in palo alto networks prisma cloud with a specific id and time range endpoint url filter/inventory/{{id}} method put input argument name type required description id string required asset inventory id detailed boolean optional detailed fields array optional array of specific fields to return filters array optional parameter for update saved asset inventory filter name string optional name value string optional value for the parameter operator string optional operator groupby array optional for asset or data inventory only group returned items by cloud type, cloud service, cloud region, cloud account, and/or resource type limit number optional maximum number of items to return when data is paginated, maximum number of items per page the maximum cannot exceed 10,000 offset number optional the number of items to skip before selecting items to return pagetoken string optional setting this pagination token to the nextpagetoken from a response object returns the next page of data sortby array optional array of sort properties append \ asc or \ desc to the key to sort by ascending or descending order respectively timerange object required parameter for update saved asset inventory filter relativetimetype string optional direction in which to count time type string optional type of the resource value object required value for the parameter amount number optional number of time units unit string optional time unit output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "mon, 08 jul 2024 05 22 32 gmt", "content length" "0", "connection" "keep alive", "access control allow origin" " ", "access control allow headers" "x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 ", "access control allow methods" "post, put, get, options, delete, patch", "access control expose headers" "x redlock auth,x redlock request id,x redlock status, x redlock filename,content ", "access control max age" "60", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "content security policy" "default src 'self'", "x redlock request id" "83dad81764e7471d95b2c5be31fddbaa", "x redlock status" "\[{\\"i18nkey\\" \\"missing filter target\\",\\"severity\\" \\"error\\",\\"subject\\"\ null}]" }, "reason" "ok", "json body" {} } ] response headers header description example access control allow headers http response header access control allow headers x redlock request id,x redlock auth,rl json rule,terraform version,terraform 012 parameters,rl variable file names,rl parameters,content type,x b3 traceid,x b3 spanid,sentry trace access control allow methods http response header access control allow methods post, put, get, options, delete, patch access control allow origin http response header access control allow origin access control expose headers http response header access control expose headers x redlock auth,x redlock request id,x redlock status, x redlock filename,content disposition,x record count access control max age http response header access control max age 60 cache control directives for caching mechanisms no cache, no store, max age=0, must revalidate connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 0 content security policy http response header content security policy default src 'self' content type the media type of the resource application/json date the date and time at which the message was originated fri, 12 jul 2024 05 37 46 gmt expires the date/time after which the response is considered stale 0 pragma http response header pragma no cache referrer policy http response header referrer policy no referrer strict transport security http response header strict transport security max age=31536000 ; includesubdomains tracer id http response header tracer id 0b2c8db9ce63fd1aa372abf3419c7533 transfer encoding http response header transfer encoding chunked vary http response header vary origin, access control request method, access control request headers, x redlock auth, origin x content type options http response header x content type options nosniff x download options http response header x download options noopen x frame options http response header x frame options deny x permitted cross domain policies http response header x permitted cross domain policies none x ratelimit burst capacity http response header x ratelimit burst capacity 40 x ratelimit remaining the number of requests remaining in the current rate limit window 39