1. Home
    2. AutoFocus
    3. AutoFocus™ API References
    4. About the AutoFocus API
    5. AutoFocus API Resources
    6. Resources for Direct Searches

    Resources for Direct Searches

    The following table describes resources available for direct searches.
    Resources for Direct Searches
    Format
    Description
    Point Cost
    https://autofocus.paloaltonetworks.com/api/intel/v1/ip/{ip_address}/geolocation
    JSON
    View geolocation details of a specified IP address
    2
    https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/ips/release/{release_id}
    JSON
    2
    https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/dns/signature/{DNS_RTDNS_signature_id}
    JSON
    View DNS/RTDNS signature details for a given signature ID.
    2
    https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/ips/signature/{signature_id}
    JSON
    2
    https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/panav/signature/{antivirus_signature_id}
    JSON
    View antivirus signature details based on a specified signature ID or SHA256 hash.
    2
    https://autofocus.paloaltonetworks.com/api/intel/v1/file/{sha256}/signature
    2
    /session/{_id}
    JSON
    2
    /sample/{sample_id}/analysis/
    JSON
    View file analysis data related to a specified sample. The results correspond to the 
    File Analysis
    tab shown when you click a sample hash on the search editor.
    2
    /stix/sample/{sample_id}/analysis/
    STIX
    /tags/
    JSON
    2
    /stix/tags/
    STIX
    /tag/{public_tag_name}
    JSON
    View tag details for the given public tag name.
    2
    /stix/tag/{public_tag_name}
    STIX
    /export/
    JSON
    Export a list based on previously saved artifacts.
    2
    /output/threatFeedResult
    JSON
    0
    /IOCFeed/{outputFeedId}/{outputFeedName}
    JSON
    View custom threat indicator feed details based on the feed type (URL or EDL custom feed) and authentication details associated with the feed.
    0
    EDL/IOCFeed/{outputFeedId}/{outputFeedName}
    /tic?indicatorType=​{indicator_type}&indicatorValue=​{value_of_indicator}&includeTags=​{true_or_false}'
    JSON
    View Threat Intelligence Card summary based on the indicator type and value (domains, URLs, file hash, or IP address).
    0

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo