Skip to main content

Request Threat Signature Metadata in Batch Mode

POST 
/threats

A POST request to retrieve the threats signature metadata by id, name or sample hash (sha256 or md5) in batch mode. Batch limit is 100 entries.

  • Notes:
    • Optionally, each query parameter can be used together with the "type" query parameter to filter out the results.
    • Any Antivirus / WildFire release summary information before February 2020 is best-effort since the information is not available.

Request

Body

required
    id string[]

    Provides the threat signatures metadata by exact match of the signature ids.

    curl -v -X POST -H 'X-API-KEY: API_KEY' \
      -H 'Content-Type: application/json' \
      -d '{"id": ["280392504"]}' \
      'https://api.threatvault.paloaltonetworks.com/service/v1/threats'
    md5 string[]

    Provides the file information and threat signatures that match the hash of the sample.

    curl -v -X POST -H 'X-API-KEY: API_KEY' \
      -H 'Content-Type: application/json' \
      -d '{"md5": ["ca066f965dfbc5392871d3fa281236cf"]}' \
      'https://api.threatvault.paloaltonetworks.com/service/v1/threats'
    name string[]

    Provides the threat signatures metadata by exact match of the signature names.

    curl -v -X POST -H 'X-API-KEY: API_KEY' \
      -H 'Content-Type: application/json' \
      -d '{"name": ["Microsoft PE File"]}' \
      'https://api.threatvault.paloaltonetworks.com/service/v1/threats'
    sha256 string[]

    Provides the file information and threat signatures that match the hash of the sample.

    curl -v -X POST -H 'X-API-KEY: API_KEY' \
      -H 'Content-Type: application/json' \
      -d '{"sha256": ["7879722cd37b1c5b2703ea5a1a92a036a96f4a1fc6272b92c197b3a4b17267cc"]}' \
      'https://api.threatvault.paloaltonetworks.com/service/v1/threats'
    type string

    Possible values: [ips, fileformat, spyware, vulnerability, antivirus, dns, rtdns, spywarec2]

    Provides the threat signature metadata based on the threat type. Use together with the other fields to filter out the results.

    ⚠️ Use without quotes

    • Options:
      • antivirus (Provides Antivirus signatures metadata)
      • dns (Provides DNS signatures metadata)
      • fileformat (Provides all IPS File-Format signature metadata)
      • ips (Provides all IPS signature metadata)
      • rtdns (Provides Real-Time DNS Detection entries metadata)
      • spyware (Provides all IPS Anti-Spyware signature metadata)
      • spywarec2 (Provides Spyware C2 signatures metadata)
      • vulnerability (Provides all IPS Vulnerability Protection signature metadata)
    curl -v -X POST -H 'X-API-KEY: API_KEY' \
      -H 'Content-Type: application/json' \
      -d '{"id": ["280392504"], "type":"antivirus"}' \
      'https://api.threatvault.paloaltonetworks.com/service/v1/threats'

Responses

Request succeeded

Response Headers
  • X-Day-RateLimit-Limit integer
    Example: 2000

    The maximum number of requests that the user is permitted to make per day.

  • X-Day-RateLimit-Remaining integer

    The number of requests remaining in the current rate limit window (one day).

  • X-Day-RateLimit-Reset integer

    The epoch timestamp at which the current rate limit window (one day) resets.

  • X-Minute-RateLimit-Limit integer
    Example: 200

    The maximum number of requests that the user is permitted to make per minute.

  • X-Minute-RateLimit-Remaining integer

    The number of requests remaining in the current rate limit window (one minute).

  • X-Minute-RateLimit-Reset integer

    The epoch timestamp at which the current rate limit window (one minute) resets.

Schema
    count integer

    The total number of entries found.

    data object[]

    The data of the response.

  • Array [
    • antivirus object[]

    List of Antivirus signatures.

  • Array [
    • id string

    The unique threat signature id.

    name string

    The threat signature name.

    severity string

    The threat signature severity. List: low, informative, medium, high or critical

    type string

    A numerical value describing the type of the threat signature.

    subtype string

    The threat signature subtype.

    action string

    The threat signature default action. This is generally empty for Antivirus signatures.

    description string

    The threat signature description.

    create_time string

    The threat signature creation time.

    status string

    The threat signature creation time. List: active or inactive

    related_sha256_hashes string[]

    The list of related sha256 hashes for the threat signature.

    release object

    The threat signature release information.

    antivirus object

    The threat signature information related to Antivirus package updates.

    first_release_version string

    The release version when the threat signature was first released with Antivirus package.

    first_release_time string

    The release time when the threat signature was first released with Antivirus package.

    last_release_version string

    The release version when the threat signature was last released with Antivirus package.

    last_release_time string

    The release time when the threat signature was last released with Antivirus package.

    wildfire object

    The threat signature information related to WildFire package updates.

    first_release_version string

    The release version when the threat signature was first released with WildFire package.

    first_release_time string

    The release time when the threat signature was first released with WildFire package.

    last_release_version string

    The release version when the threat signature was last released with WildFire package.

    last_release_time string

    The release time when the threat signature was last released with WildFire package.

  • ]
  • ]
    • link object[]

    The pagination information of the results.

  • Array [
    • next string

    The URL of previous page with results.

    previous string

    The URL of next page with results.

  • ]
    • message string

    Generic response message.

    success boolean

    The response status.

Loading...