Palo Alto Networks · Schema

DomainDetail

DomainDetail schema from Palo Alto Networks DNS Security API

Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Properties

Name Type Description
domain string Fully qualified domain name queried.
category string URL filtering category assigned to the domain (e.g., malware, phishing, command-and-control, business-and-economy).
risk_level string Risk level assessment for the domain.
risk_score number Numeric risk score from 0.0 (no risk) to 100.0 (critical risk).
dns_security_category string DNS Security category classification used for policy enforcement.
first_seen string Timestamp when the domain was first observed by DNS Security.
last_seen string Timestamp when the domain was most recently observed.
registrar string Domain registrar name.
registration_date string Date the domain was registered.
ip_addresses array Current IP addresses the domain resolves to.
View JSON Schema on GitHub

JSON Schema

dns-security-api-domain-detail-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "DomainDetail",
  "description": "DomainDetail schema from Palo Alto Networks DNS Security API",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/dns-security-api-domain-detail-schema.json",
  "type": "object",
  "properties": {
    "domain": {
      "type": "string",
      "description": "Fully qualified domain name queried."
    },
    "category": {
      "type": "string",
      "description": "URL filtering category assigned to the domain (e.g., malware, phishing, command-and-control, business-and-economy)."
    },
    "risk_level": {
      "type": "string",
      "enum": [
        "low",
        "medium",
        "high",
        "critical"
      ],
      "description": "Risk level assessment for the domain."
    },
    "risk_score": {
      "type": "number",
      "format": "float",
      "description": "Numeric risk score from 0.0 (no risk) to 100.0 (critical risk).",
      "minimum": 0.0,
      "maximum": 100.0
    },
    "dns_security_category": {
      "type": "string",
      "enum": [
        "benign",
        "malware",
        "phishing",
        "command-and-control",
        "grayware",
        "dynamic-dns",
        "newly-registered",
        "parked",
        "unknown"
      ],
      "description": "DNS Security category classification used for policy enforcement."
    },
    "first_seen": {
      "type": "string",
      "format": "date-time",
      "description": "Timestamp when the domain was first observed by DNS Security."
    },
    "last_seen": {
      "type": "string",
      "format": "date-time",
      "description": "Timestamp when the domain was most recently observed."
    },
    "registrar": {
      "type": "string",
      "description": "Domain registrar name."
    },
    "registration_date": {
      "type": "string",
      "format": "date",
      "description": "Date the domain was registered."
    },
    "ip_addresses": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "Current IP addresses the domain resolves to."
    }
  }
}