Palo Alto Networks · Schema
ThreatList
ThreatList schema from Palo Alto Networks Threat Vault API
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR
Properties
| Name | Type | Description |
|---|---|---|
| success | boolean | |
| data | object | |
| count | integer | Total number of matching signatures. |
| total | integer | |
| offset | integer | |
| limit | integer |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "ThreatList",
"description": "ThreatList schema from Palo Alto Networks Threat Vault API",
"$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/threat-vault-api-threat-list-schema.json",
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"zingbox": {
"type": "array",
"items": {
"type": "object",
"description": "Threat signature metadata record.",
"properties": {
"id": {
"type": "integer",
"description": "Unique signature identifier."
},
"name": {
"type": "string",
"description": "Signature name."
},
"type": {
"type": "string",
"enum": [
"antivirus",
"antispyware",
"vulnerability",
"dns",
"fileformat"
],
"description": "Signature type category."
},
"subtype": {
"type": "string",
"description": "Signature subtype (e.g., virus, trojan, exploit)."
},
"severity": {
"type": "string",
"enum": [
"critical",
"high",
"medium",
"low",
"informational"
]
},
"description": {
"type": "string",
"description": "Human-readable description of the threat."
},
"cve": {
"type": "array",
"items": {
"type": "string"
},
"description": "Associated CVE identifiers."
},
"default_action": {
"type": "string",
"enum": [
"alert",
"allow",
"drop",
"reset-both",
"reset-client",
"reset-server",
"block-ip",
"sinkhole"
],
"description": "Default action applied to traffic matching this signature."
},
"min_version": {
"type": "string",
"description": "Minimum PAN-OS version supporting this signature."
},
"max_version": {
"type": "string",
"description": "Maximum PAN-OS version supporting this signature (empty if still active)."
},
"status": {
"type": "string",
"enum": [
"released",
"deprecated",
"disabled"
]
},
"ori_release_version": {
"type": "string",
"description": "Content version in which this signature was first released."
},
"latest_release_version": {
"type": "string",
"description": "Most recent content version that updated this signature."
},
"first_release_time": {
"type": "string",
"format": "date-time",
"description": "Timestamp when the signature was first released."
},
"latest_release_time": {
"type": "string",
"format": "date-time",
"description": "Timestamp of the most recent signature update."
},
"sha256": {
"type": "array",
"items": {
"type": "string"
},
"description": "SHA-256 hashes associated with this signature (antivirus)."
}
}
}
}
}
},
"count": {
"type": "integer",
"description": "Total number of matching signatures."
},
"total": {
"type": "integer"
},
"offset": {
"type": "integer"
},
"limit": {
"type": "integer"
}
}
}