Palo Alto Networks Threat Vault

9 min

the palo alto networks threat vault connector allows users to query and retrieve detailed threat intelligence data, enhancing security operations with actionable insights palo alto networks threat vault is a comprehensive threat intelligence database that provides metadata for antivirus, anti spyware, and file signatures the connector enables swimlane turbine users to retrieve this valuable threat metadata, enhancing incident response and threat hunting capabilities within their security operations by integrating with threat vault, users can automate the enrichment of security incidents, leverage detailed intelligence for better decision making, and streamline their threat analysis processes without the need for complex coding prerequisites to effectively utilize the palo alto networks threat vault connector, ensure you have the following api key authentication url the endpoint url for the threat vault api api key a valid api key provided by palo alto networks to authenticate requests capabilities this connector provides the following capabilities get threat metadata configurations palo alto threat vault api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x api key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get threat metadata retrieve metadata for antivirus, anti spyware, or file signatures from palo alto networks threat vault endpoint url service/v1/threats method get input argument name type required description id string optional unique identifier name string optional name of the resource cve string optional parameter for get threat metadata vendor string optional parameter for get threat metadata fromreleasedate string optional date value toreleasedate string optional date value fromreleaseversion string optional parameter for get threat metadata toreleaseversion string optional parameter for get threat metadata releasedate string optional date value releaseversion string optional parameter for get threat metadata type string optional type of the resource sha256 string optional parameter for get threat metadata md5 string optional parameter for get threat metadata limit string optional parameter for get threat metadata offset string optional parameter for get threat metadata normalise output boolean optional normalise the output data output parameter type description status code number http status code of the response reason string response reason phrase count number count value data array response data fileformat array output field fileformat file name string name of the resource file string output field file spyware array output field spyware file name string name of the resource file string output field file vulnerability array output field vulnerability id string unique identifier name string name of the resource description string output field description category string output field category min version string output field min version max version string output field max version severity string output field severity default action string output field default action cve array output field cve vendor array output field vendor reference array output field reference status string status value details object output field details ori release version string output field ori release version example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "count" 6, "data" \[], "link" \[], "message" "successful", "success" true } } ] notes api docs https //pan dev/threat vault/api/threats/ https //pan dev/threat vault/api/threats/