AutoFocus® API Reference
  • AutoFocus® API Reference
  • All AutoFocus Documentation
  • All Documentation
AutoFocus® API Reference
: Resources for Direct Searches
Focus
Download PDF
Focus
  1. Home
  2. AutoFocus
  3. AutoFocus® API Reference
  4. About the AutoFocus API
  5. AutoFocus API Resources
  6. Resources for Direct Searches
Download PDF

AutoFocus® API Reference

Resources for Direct Searches

Table of Contents

Resources for Direct Searches

The following table describes resources available for direct searches.
Resources for Direct Searches
Format
Description
Point Cost
https://autofocus.paloaltonetworks.com/api/intel/v1/ip/{ip_address}/geolocation
JSON
View geolocation details of a specified IP address
2
https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/ips/release/{release_id}
JSON
View anti-spyware, vulnerability, and file-format release info for a given release ID.
2
https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/dns/signature/{DNS_RTDNS_signature_id}
JSON
View DNS/RTDNS signature details for a given signature ID.
2
https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/ips/signature/{signature_id}
JSON
View anti-spyware, vulnerability, and file-format signature details for a given signature ID.
2
https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/panav/signature/{antivirus_signature_id}
JSON
View antivirus signature details based on a specified signature ID or SHA256 hash.
2
https://autofocus.paloaltonetworks.com/api/intel/v1/file/{sha256}/signature
2
/session/{_id}
JSON
View details of a specified session.
2
/sample/{sample_id}/analysis/
JSON
View file analysis data related to a specified sample. The results correspond to the File Analysistab shown when you click a sample hash on the search editor.
2
/stix/sample/{sample_id}/analysis/
STIX
/tags/
JSON
View a list of all tags.
2
/stix/tags/
STIX
/tag/{public_tag_name}
JSON
View tag details for the given public tag name.
2
/stix/tag/{public_tag_name}
STIX
/export/
JSON
Export a list based on previously saved artifacts.
2
/output/threatFeedResult
JSON
View threat indicators added to the feed list in the past 24 hours.
0
/IOCFeed/{outputFeedId}/{outputFeedName}
JSON
View custom threat indicator feed details based on the feed type (URL or EDL custom feed) and authentication details associated with the feed.
0
EDL/IOCFeed/{outputFeedId}/{outputFeedName}
/tic?indicatorType=​{indicator_type}&indicatorValue=​{value_of_indicator}&includeTags=​{true_or_false}'
JSON
View Threat Intelligence Card summary based on the indicator type and value (domains, URLs, file hash, or IP address).
0

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.