Palo Alto Networks Threat Vault

the palo alto networks threat vault connector allows users to query and retrieve detailed threat intelligence data, enhancing security operations with actionable insights palo alto networks threat vault is a comprehensive threat intelligence database that provides metadata for antivirus, anti spyware, and file signatures the connector enables swimlane turbine users to retrieve this valuable threat metadata, enhancing incident response and threat hunting capabilities within their security operations by integrating with threat vault, users can automate the enrichment of security incidents, leverage detailed intelligence for better decision making, and streamline their threat analysis processes without the need for complex coding prerequisites to effectively utilize the palo alto networks threat vault connector, ensure you have the following api key authentication url the endpoint url for the threat vault api api key a valid api key provided by palo alto networks to authenticate requests capabilities this connector provides the following capabilities get threat metadata notes api docs https //pan dev/threat vault/api/threats/ configurations palo alto threat vault api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x api key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get threat metadata retrieve metadata for antivirus, anti spyware, or file signatures from palo alto networks threat vault endpoint url service/v1/threats method get input argument name type required description parameters id string optional parameters for the get threat metadata action parameters name string optional parameters for the get threat metadata action parameters cve string optional parameters for the get threat metadata action parameters vendor string optional parameters for the get threat metadata action parameters fromreleasedate string optional parameters for the get threat metadata action parameters toreleasedate string optional parameters for the get threat metadata action parameters fromreleaseversion string optional parameters for the get threat metadata action parameters toreleaseversion string optional parameters for the get threat metadata action parameters releasedate string optional parameters for the get threat metadata action parameters releaseversion string optional parameters for the get threat metadata action parameters type string optional parameters for the get threat metadata action parameters sha256 string optional parameters for the get threat metadata action parameters md5 string optional parameters for the get threat metadata action parameters limit string optional parameters for the get threat metadata action parameters offset string optional parameters for the get threat metadata action normalise output boolean optional normalise the output data input example {"parameters" {"id" "12345678 1234 1234 1234 123456789abc","name" "example name","cve" "string","vendor" "string","fromreleasedate" "string","toreleasedate" "string","fromreleaseversion" "string","toreleaseversion" "string","releasedate" "string","releaseversion" "string","type" "string","sha256" "string","md5" "string","limit" "string","offset" "string"},"normalise output"\ true} output parameter type description status code number http status code of the response reason string response reason phrase count number count value data array response data data fileformat array response data data fileformat file name string response data data fileformat file string response data data spyware array response data data spyware file name string response data data spyware file string response data data vulnerability array response data data vulnerability id string response data data vulnerability name string response data data vulnerability description string response data data vulnerability category string response data data vulnerability min version string response data data vulnerability max version string response data data vulnerability severity string response data data vulnerability default action string response data data vulnerability cve array response data data vulnerability vendor array response data data vulnerability reference array response data data vulnerability status string response data data vulnerability details object response data data vulnerability ori release version string response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"count" 6,"data" \[{}],"link" \[{}],"message" "successful","success"\ true}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt