Request Advanced Threat Prevention Report in Batch Mode
POST/atp/reports
A POST request to retrieve the ATP report by report id in batch mode. Batch limit is 100 entries. Get one or more ATP reports. User must provide one or more report IDs in request body.
Request
- application/json
Body
required
Provides the ATP report by matching the report id of the customer.
curl -v -X POST -H 'X-API-KEY: API_KEY' \
-H 'Content-Type: application/json' \
-d '{"id": ["c25b5d86d8ac77e10376000517491157a07ac008bfc799f08795d59c57e23a50", "a23b5d46d6ac77e70376080517991187a07ac008bfc799f08795d59c57e23a50"]}' \
'https://api.threatvault.paloaltonetworks.com/service/v1/atp/reports'
Responses
- 200
- 4XX
- 5XX
Request succeeded
Response Headers
X-Day-RateLimit-Limit integer
Example: 2000The maximum number of requests that the user is permitted to make per day.
X-Day-RateLimit-Remaining integer
The number of requests remaining in the current rate limit window (one day).
X-Day-RateLimit-Reset integer
The epoch timestamp at which the current rate limit window (one day) resets.
X-Minute-RateLimit-Limit integer
Example: 200The maximum number of requests that the user is permitted to make per minute.
X-Minute-RateLimit-Remaining integer
The number of requests remaining in the current rate limit window (one minute).
X-Minute-RateLimit-Reset integer
The epoch timestamp at which the current rate limit window (one minute) resets.
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- Array [
- ]
- ]
The response status.
data object[]
The data of the response.
The id of the ATP report.
Any error message related to the report.
panos_info object
All related PAN-OS information.
Firewall Hostname.
Firewall MP interface IPv4.
Firewall MP interface IPv6. (Can be empty)
Firewall Content package version.
Firewall PANOS version.
Firewall Serial Number.
Firewall model.
session_info object
All related session information.
Session ID.
Session timestamp.
flow_info object
Session source IP address.
Session destination IP address.
Session source IP port.
Session destination IP port.
Possible values: [http, ssl, unknown-tcp, unknown-udp]
The payload type.
transaction_data object
The list of transactions of the session. One session may have one or many transactions.
The transaction id.
The SHA256 hash value of the payload.
reports object[]
The list of detection service reports.
The detection service name.
ds_report object
The list of detection service reports.
Optional payload information.
malware_families object
The list of malware families.
The name/type of the malware family.
The confidence value.
A flag to indicate the report is ready or not.
Generic response message.
{
"success": true,
"data": [
{
"report_id": "c25b5d86d8ac77e10376000517491157a07ac008bfc799f08795d59c57e23a50",
"err_msg": "Error",
"panos_info": {
"fw_hostname": "fw-1",
"fw_addr_v4": "10.0.0.0",
"fw_addr_v6": "2001:0db8:85a3:0000:0000:8a2e:0370:7334",
"fw_app_version": "8527-12345",
"fw_sw_version": "10.2.1",
"fw_serial": "000000000000001",
"fw_model": "PA-VM"
},
"session_info": {
"session_id": "123456",
"session_timestamp": "2022-04-11T10:00:00.740261097-07:00",
"flow_info": {
"saddr": "1.1.1.1",
"daddr": "1.1.1.2",
"sport": "49234",
"dport": "80",
"data_type": "http"
}
},
"transaction_data": {
"transaction_id": "0",
"payload_sha256": "a15e20ddc3a0850b64cdc87a23230b51466f9879345435973ce360e80e1f670e",
"reports": [
{
"ds_name": "mlc2-http-ids",
"ds_report": {
"payload_info": {},
"malware_families": {}
},
"status": "ok"
}
]
}
}
],
"message": "Successful"
}
Client related error response
- application/json
- Schema
- Example (from schema)
Schema
Generic response message.
The response status.
{
"message": "Error message.",
"success": false
}
Server related error response
- application/json
- Schema
- Example (from schema)
Schema
Generic response message.
The response status.
{
"message": "Error message.",
"success": false
}