Palo Alto Networks Threat Vault v2

Use the Palo Alto Networks Threat Vault to research the latest threats (vulnerabilities/exploits, viruses, and spyware) that Palo Alto Networks next-generation firewalls can detect and prevent. Query the Advanced Threat Protection (ATP) API endpoint for Analysis reports and PCAPs.

Data Enrichment & Threat Intelligence · Threat Vault by Palo Alto Networks

Configuration parameters

  • url — URL (required)
  • credentials — (required)
  • integrationReliability — Source Reliability
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • isFetch — Fetch incidents
  • incidentType — Incident type
  • first_fetch — First fetch timestamp (<number> <time unit>, e.g., 3 days)
  • incidentFetchInterval — Incidents Fetch Interval

Commands (9)

  • cve

    Checks the reputation of CVE in Threat Vault.

  • file

    Checks the reputation of an antivirus in Threat Vault.

  • ip

    Returns information about IPs.

  • threatvault-atp-batch-report-get

    Retrieve the Advanced Threat Prevention (ATP) report by report ID in batch mode. Batch limit is 100 entries. Get one or more ATP reports. Must provide one or more report IDs.

  • threatvault-atp-report-pcap-get

    Retrieve the Advanced Threat Prevention (ATP) analysis report PCAP by reportID

  • threatvault-release-note-get

    Retrieve the release notes information by version.

  • threatvault-threat-batch-search

    Retrieve the threats signature metadata by id, name or sample hash (sha256 or md5) in batch mode. Batch limit is 100 entries.

  • threatvault-threat-search

    Retrieves threat metadata. The nature of the query is determined by the query parameter that you provide.

  • threatvault-threat-signature-get

    Gets the antivirus or anti-spyware or files signature.