Palo Alto Networks · Schema

Endpoint

An endpoint enrolled in Cortex XDR protection.

Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Properties

Name Type Description
endpoint_id string Unique endpoint identifier.
endpoint_name string Endpoint hostname.
endpoint_type string
endpoint_status string
os_type string
ip array IP addresses assigned to the endpoint.
users array Users logged into the endpoint.
domain string
alias string
first_seen integer First connection timestamp as Unix epoch milliseconds.
last_seen integer Last connection timestamp as Unix epoch milliseconds.
content_version string Cortex XDR agent content version.
installation_package string
active_directory string
install_date integer
endpoint_version string Cortex XDR agent version.
is_isolated string
isolation_reason string
scan_status string
group_name array
View JSON Schema on GitHub

JSON Schema

cortex-xdr-api-endpoint-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "Endpoint",
  "description": "An endpoint enrolled in Cortex XDR protection.",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/cortex-xdr-api-endpoint-schema.json",
  "type": "object",
  "properties": {
    "endpoint_id": {
      "type": "string",
      "description": "Unique endpoint identifier."
    },
    "endpoint_name": {
      "type": "string",
      "description": "Endpoint hostname."
    },
    "endpoint_type": {
      "type": "string",
      "enum": [
        "SERVER",
        "WORKSTATION",
        "LAPTOP"
      ]
    },
    "endpoint_status": {
      "type": "string",
      "enum": [
        "CONNECTED",
        "DISCONNECTED",
        "LOST",
        "UNINSTALLED"
      ]
    },
    "os_type": {
      "type": "string",
      "enum": [
        "AGENT_OS_WINDOWS",
        "AGENT_OS_LINUX",
        "AGENT_OS_MAC"
      ]
    },
    "ip": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "IP addresses assigned to the endpoint."
    },
    "users": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "Users logged into the endpoint."
    },
    "domain": {
      "type": "string"
    },
    "alias": {
      "type": "string"
    },
    "first_seen": {
      "type": "integer",
      "description": "First connection timestamp as Unix epoch milliseconds."
    },
    "last_seen": {
      "type": "integer",
      "description": "Last connection timestamp as Unix epoch milliseconds."
    },
    "content_version": {
      "type": "string",
      "description": "Cortex XDR agent content version."
    },
    "installation_package": {
      "type": "string"
    },
    "active_directory": {
      "type": "string"
    },
    "install_date": {
      "type": "integer"
    },
    "endpoint_version": {
      "type": "string",
      "description": "Cortex XDR agent version."
    },
    "is_isolated": {
      "type": "string",
      "enum": [
        "AGENT_ISOLATED",
        "AGENT_UNISOLATED",
        "PENDING_ISOLATION",
        "PENDING_UNISOLATION"
      ]
    },
    "isolation_reason": {
      "type": "string"
    },
    "scan_status": {
      "type": "string",
      "enum": [
        "SCAN_STATUS_NONE",
        "SCAN_STATUS_PENDING",
        "SCAN_STATUS_IN_PROGRESS",
        "SCAN_STATUS_DONE",
        "SCAN_STATUS_FAILED",
        "SCAN_STATUS_CANCELLED"
      ]
    },
    "group_name": {
      "type": "array",
      "items": {
        "type": "string"
      }
    }
  }
}