Palo Alto Networks · Schema
CustomQuery
Custom query definition with flexible filters
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR
Properties
| Name | Type | Description |
|---|---|---|
| resource | string | Data resource to query |
| query | object | Query parameters for a data resource request |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "CustomQuery",
"description": "Custom query definition with flexible filters",
"$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-access-insights-api-custom-query-schema.json",
"type": "object",
"properties": {
"resource": {
"type": "string",
"description": "Data resource to query"
},
"query": {
"type": "object",
"description": "Query parameters for a data resource request",
"properties": {
"query": {
"type": "object",
"description": "Query definition including filters and time range",
"properties": {
"properties": {
"type": "object",
"description": "Property filters for the query",
"properties": {
"time_range": {
"type": "object",
"description": "Time range specification for the query",
"required": [
"type"
],
"properties": {
"type": {
"type": "string",
"description": "Type of time range (absolute or relative)",
"enum": [
"ABSOLUTE",
"RELATIVE"
]
},
"value": {
"type": "object",
"description": "Time range value (required for ABSOLUTE type)",
"properties": {
"from": {
"type": "string",
"format": "date-time",
"description": "Start of the time range (ISO 8601)"
},
"to": {
"type": "string",
"format": "date-time",
"description": "End of the time range (ISO 8601)"
}
}
},
"last": {
"type": "object",
"description": "Relative time range (required for RELATIVE type)",
"properties": {
"units": {
"type": "string",
"enum": [
"HOURS",
"DAYS",
"WEEKS"
],
"description": "Unit of time for relative range"
},
"value": {
"type": "integer",
"description": "Number of units for relative range"
}
}
}
}
},
"filter": {
"type": "object",
"description": "Filter criteria for the data resource query",
"properties": {
"operator": {
"type": "string",
"description": "Logical operator for combining filter rules",
"enum": [
"AND",
"OR"
]
},
"rules": {
"type": "array",
"description": "List of filter rules",
"items": {
"type": "object",
"properties": {
"property": {
"type": "string",
"description": "Property name to filter on"
},
"operator": {
"type": "string",
"description": "Comparison operator",
"enum": [
"equals",
"not_equals",
"contains",
"in",
"not_in",
"greater_than",
"less_than"
]
},
"values": {
"type": "array",
"description": "Values to match against",
"items": {
"type": "string"
}
}
}
}
}
}
}
}
}
}
},
"count": {
"type": "integer",
"description": "Maximum number of results to return",
"minimum": 1,
"maximum": 1000,
"default": 100
},
"histogram": {
"type": "object",
"description": "Histogram aggregation configuration",
"properties": {
"property": {
"type": "string",
"description": "Property to aggregate over"
},
"enabledGranularity": {
"type": "string",
"enum": [
"15_MIN",
"1_HOUR",
"1_DAY"
],
"description": "Time granularity for histogram buckets"
}
}
},
"group_by": {
"type": "array",
"description": "Properties to group results by",
"items": {
"type": "string"
}
},
"sort": {
"type": "object",
"description": "Sort configuration for results",
"properties": {
"order": {
"type": "string",
"enum": [
"asc",
"desc"
]
},
"property": {
"type": "string"
}
}
}
}
}
}
}