: Resources for Direct Searches
Focus
Focus

Resources for Direct Searches

Table of Contents

Resources for Direct Searches

The following table describes resources available for direct searches.
Resources for Direct Searches
Format
Description
Point Cost
https://autofocus.paloaltonetworks.com/api/intel/v1/ip/{ip_address}/geolocation
JSON
View geolocation details of a specified IP address
2
https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/ips/release/{release_id}
JSON
2
https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/dns/signature/{DNS_RTDNS_signature_id}
JSON
View DNS/RTDNS signature details for a given signature ID.
2
https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/ips/signature/{signature_id}
JSON
2
https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/panav/signature/{antivirus_signature_id}
JSON
View antivirus signature details based on a specified signature ID or SHA256 hash.
2
https://autofocus.paloaltonetworks.com/api/intel/v1/file/{sha256}/signature
2
/session/{_id}
JSON
2
/sample/{sample_id}/analysis/
JSON
View file analysis data related to a specified sample. The results correspond to the File Analysistab shown when you click a sample hash on the search editor.
2
/stix/sample/{sample_id}/analysis/
STIX
/tags/
JSON
2
/stix/tags/
STIX
/tag/{public_tag_name}
JSON
View tag details for the given public tag name.
2
/stix/tag/{public_tag_name}
STIX
/export/
JSON
Export a list based on previously saved artifacts.
2
/output/threatFeedResult
JSON
0
/IOCFeed/{outputFeedId}/{outputFeedName}
JSON
View custom threat indicator feed details based on the feed type (URL or EDL custom feed) and authentication details associated with the feed.
0
EDL/IOCFeed/{outputFeedId}/{outputFeedName}
/tic?indicatorType=​{indicator_type}&indicatorValue=​{value_of_indicator}&includeTags=​{true_or_false}'
JSON
View Threat Intelligence Card summary based on the indicator type and value (domains, URLs, file hash, or IP address).
0