1. Home
    2. AutoFocus
    3. AutoFocus™ API References
    4. Perform AutoFocus Searches
    5. Search for Signatures

    Search for Signatures

    Use these endpoints to search for signatures that match the specified parameters.

    Resource

    • Anti-spyware, vulnerability, and file-format signatures
      https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/ips/search
    • Antivirus Signatures
      https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/panav/search
    • DNS | RTDNS Signatures
      https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/dns/search

    Request Parameters

    The following table describes the parameters used with this endpoint.
    Parameters
    Description
    Type
    Example or Possible Values
    apiKey
    (
    Required
    ) API key tied to your license. All users attached to a license share a single API key.
    string
    Example (obfuscated):
    d32108a5-XXX-XXXX-XXXX-c04bda5b8450
    {signatureName}
    Palo Alto Networks textual identifier for the threat.
    string
    A valid signature name.
    Example:
    TDSS/Win32.fey.a
    For
    /ips/search
     queries, the signature is an approximate string (fuzzy) search.
    {vendor}
    The identification number for a security vendor.
    Only available for
    :
    /ips/search
    exactString
    A valid vendor reference number.
    Example:
    25461
    {cve}
    The reference number for a vulnerability as defined by Common Vulnerabilities and Exposures (CVE).
    Only available for
    :
    /ips/search
    exactString
    A CVE reference number for a vulnerability.
    Example:
    cve-2015-8650
    {domainName}
    The name of the domain.
    Only available for
    :
    /dns/search
    string
    A valid Internet domain.
    Example:
    google.com

    Sample Request

    curl -X POST -H "Content-Type: application/json" -d '{"from": 0, "size":10, "field": "signatureName", "value": "ExpertAntivirus_4_1" }' 'https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/ips/search?api_key=apikey'

    Sample Response

    The response to signature searches is similar to sample and sessions searches. Use the
    af_cookie
     parameter from the initial response to view the results of your search: 
    
				{
				{
				"total_count": 1,
				"page_count": 1,
				"signatures": [{
				"metadata": {
				"severity": "low",
				"reference": "http://www.spywareguide.com/spydet_3531_expertantivirus.html,http://www.ca.com/securityadvisor/pest/pest.aspx?id=45311130",
				"panOsMaximumVersion": "",
				"description": "This signature detects the runtime behavior of ExpertAntivirus 4.1ExpertAntivirus is a rogue anti-spyware program that reports false positive infections.",
				"panOsMinimumVersion": "6.1.0",
				"action": "alert",
				"category": "adware",
				"changeData": ""
				},
				"cve": "",
				"signatureName": "ExpertAntivirus_4_1",
				"vendor": "",
				"signatureType": "spyware",
				"firstReleaseTime": "2015-06-26 UTC",
				"signatureId": 11785,
				"latestReleaseTime": "2020-06-09 UTC",
				"latestReleaseVersion": 8281,
				"status": "released",
				"firstReleaseVersion": 509
				}]
				}
    Use the
    af_cookie
     parameter when you check on the results of your search using the
    /ips/search/result/, /panav/search/result, or dns/search/result/
     resource.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo