Palo Alto Networks · Schema
ThreatSignature
Threat signature metadata record.
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR
Properties
| Name | Type | Description |
|---|---|---|
| id | integer | Unique signature identifier. |
| name | string | Signature name. |
| type | string | Signature type category. |
| subtype | string | Signature subtype (e.g., virus, trojan, exploit). |
| severity | string | |
| description | string | Human-readable description of the threat. |
| cve | array | Associated CVE identifiers. |
| default_action | string | Default action applied to traffic matching this signature. |
| min_version | string | Minimum PAN-OS version supporting this signature. |
| max_version | string | Maximum PAN-OS version supporting this signature (empty if still active). |
| status | string | |
| ori_release_version | string | Content version in which this signature was first released. |
| latest_release_version | string | Most recent content version that updated this signature. |
| first_release_time | string | Timestamp when the signature was first released. |
| latest_release_time | string | Timestamp of the most recent signature update. |
| sha256 | array | SHA-256 hashes associated with this signature (antivirus). |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "ThreatSignature",
"description": "Threat signature metadata record.",
"$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/threat-vault-api-threat-signature-schema.json",
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "Unique signature identifier."
},
"name": {
"type": "string",
"description": "Signature name."
},
"type": {
"type": "string",
"enum": [
"antivirus",
"antispyware",
"vulnerability",
"dns",
"fileformat"
],
"description": "Signature type category."
},
"subtype": {
"type": "string",
"description": "Signature subtype (e.g., virus, trojan, exploit)."
},
"severity": {
"type": "string",
"enum": [
"critical",
"high",
"medium",
"low",
"informational"
]
},
"description": {
"type": "string",
"description": "Human-readable description of the threat."
},
"cve": {
"type": "array",
"items": {
"type": "string"
},
"description": "Associated CVE identifiers."
},
"default_action": {
"type": "string",
"enum": [
"alert",
"allow",
"drop",
"reset-both",
"reset-client",
"reset-server",
"block-ip",
"sinkhole"
],
"description": "Default action applied to traffic matching this signature."
},
"min_version": {
"type": "string",
"description": "Minimum PAN-OS version supporting this signature."
},
"max_version": {
"type": "string",
"description": "Maximum PAN-OS version supporting this signature (empty if still active)."
},
"status": {
"type": "string",
"enum": [
"released",
"deprecated",
"disabled"
]
},
"ori_release_version": {
"type": "string",
"description": "Content version in which this signature was first released."
},
"latest_release_version": {
"type": "string",
"description": "Most recent content version that updated this signature."
},
"first_release_time": {
"type": "string",
"format": "date-time",
"description": "Timestamp when the signature was first released."
},
"latest_release_time": {
"type": "string",
"format": "date-time",
"description": "Timestamp of the most recent signature update."
},
"sha256": {
"type": "array",
"items": {
"type": "string"
},
"description": "SHA-256 hashes associated with this signature (antivirus)."
}
}
}