Skip to main content

Welcome to the Aggregate Monitoring APIs

Welcome to the Aggregate Monitoring APIs. These APIs are available to customers that utilize Cloud Management for service onboarding, configuration, and operations.

After you create a tenant service group, create a service account, and obtain an access token, you can use the Aggregate Monitoring API Reference to discover how to perform aggregated monitoring queries for the following resources:

  • Data Resource API: retrieve aggregated summaries and counts across all your tenants of a Prisma Access instance for threats, alerts, risky applications, URLs, and connectivity status.
  • Insights Resource API: retrieve an aggregated list of insights, such as all upgrade statuses across tenants.
  • License Resource API: retrieve aggregated lists across Prisma Access tenants for license quotas, setup status, and utilization.
  • Tenant Resources API: list all Prisma Access tenants in the hierarchy.

The monitoring functionality exposed by these APIs can also be performed using the Prisma SASE Platform's Multitentant Portal user interface.

Authentication

Use the Prisma SASE API Quick Start for information about the Authentication Service common authentication mechanism and base URL.

API Requests

Send all API requests to the base URL plus the path and parameter of /mt/monitor/v1/agg/<path>?<query_parameter>.

For example, using curl:

curl -X POST "https://api.sase.paloaltonetworks.com/mt/monitor/v1/agg/alerts/list?agg_by=tenant" \
-H 'accept: application/json' \
-H "Authorization: Bearer <ACCESS_TOKEN>" \
-H "Content-Type: application/json" \
-H "X-PANW-Region: de" \
-d '{"properties":[{"property":"sub_tenant_id"},{"property":"total_count"}],"filter":{"operator":"AND","rules":[{"property":"domain","operator":"in","values":["External","external"]},{"property":"event_time","operator":"last_n_days","values":[7]}]}}'

Depending on the query and the query parameter, there are also query filters and properties that you need to use in the request body.

X-PANW-Region Header Parameter

The X-PANW-Region header parameter is the region you chose when setting up your tenant. It must be one of the following: de, americas, europe, uk, sg, ca, jp, au, in. The API will then return details from the specified Cortex Data Lake (CDL) region.

If you need to verify which region to use, you can list tenant hierarchy to see the region in the response.