Home
Products
Releases
Best Practices
Resources
By Type
EN
Location
Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base
Products
Releases
Best Practices
Resources
By Type
Network Security
Cloud-Delivered Security Services
Advanced DNS Security
Advanced WildFire
Advanced Threat Prevention
Advanced URL Filtering
AI Access Security
Enterprise Data Loss Prevention
SaaS Security
IoT Security
Cloud Identity Engine
Cloud NGFW for AWS
Cloud NGFW for Azure
CN-Series
Common Services
License Activation & Subscription Management
Tenant Management
Identity & Access Management
Device Associations
FAQ
GlobalProtect
Next-Generation Firewall
PAN-OS
AIOps for NGFW
Firewalls
SD-WAN
Service Provider
Panorama
Strata Logging Service
Strata Cloud Manager
AI Runtime Security
VM-Series
Secure Access Service Edge
Common Services
License Activation & Subscription Management
Tenant Management
Identity & Access Management
Device Associations
FAQ
FedRAMP
Next-Generation CASB
Prisma Access
Autonomous DEM
Prisma Access Browser
Prisma SD-WAN
ION Devices
Remote Browser Isolation
Strata Cloud Manager
Strata Multitenant Cloud Manager
Cloud-Native Security
Prisma Cloud
Security Operations
Cortex XDR
Cortex XSOAR
Cortex XPANSE
Cortex XSIAM
What's New
What's New Releases
All Release Notes
View All Release Notes
Recently Updated Release Notes
AI Runtime Security Release Notes
PAN-OS Release Notes (PAN-OS 11.2)
PAN-OS Release Notes (PAN-OS 11.1)
PAN-OS Release Notes (PAN-OS 10.2)
GlobalProtect™ App Release Notes (6.2)
VM-Series and Panorama Plugins Release Notes
Cloud NGFW for AWS Release Notes
Release Notes
Prisma Access CloudBlade Integration Release Notes (Cloud-Managed) (Prisma Access CloudBlade Cloud Managed )
Prisma SD-WAN CloudBlades Release Notes (Prisma SD-WAN CloudBlades)
See All Recently Updated Release Notes
Recently Updated Documentation
Administration
Network Security: Security Policy
GlobalProtect Administrator's Guide (10.1 & Later)
Getting Started
Prisma Access Release Notes (5.2 Preferred and Innovation)
SD-WAN Activation & Onboarding
Activation & Onboarding
Palo Alto Networks Compatibility Matrix
Panorama SD-WAN Plugin Help (3.3)
SD-WAN Administration
See All Recent Updates
Applications and Threats Content Updates
Best Practices for Migrating to Application-Based Policy
Data Center
Decryption
DoS and Zone
Get Started
Internet Gateway Security Policy
Secure Administrative Access
Security Policy
WildFire
Zero Trust
VIEW ALL
All Release Notes
Blog
Compatibility Matrix
Experts Corner
Infographics
Licensing, Registration, and Activation
OSS Listings
Translated Documents
VIEW ALL
API Documentation
Release Notes
AutoFocus® API Reference
AutoFocus® API Reference
All AutoFocus Documentation
All Documentation
Clear
Search
Loading
Clear
AutoFocus® API Reference
:
STIX Elements and Fields
Updated on
Sep 1, 2023
Focus
Download PDF
Updated on
Sep 1, 2023
Focus
Home
AutoFocus
AutoFocus® API Reference
About the AutoFocus API
AutoFocus API STIX Support
STIX Elements and Fields
Download PDF
AutoFocus® API Reference
STIX Elements and Fields
Table of Contents
Filter
Expand all
|
Collapse all
About the AutoFocus API
AutoFocus API Overview
AutoFocus API Prerequisites
AutoFocus API Rate Limits
Rate Limits and Points Allotment
How to Track Points
Points Usage
AutoFocus API Resources
Resources for Initiating Searches
Resources for Viewing Search Results
Resources for Direct Searches
AutoFocus API STIX Support
STIX Elements and Fields
Get Started with the AutoFocus API
Get Your API Key
Make Your First AutoFocus API Calls
Start a Search
View Results
Perform AutoFocus Searches
Search Samples and Sessions
Search Field Names
General Artifacts
Sample Artifacts
Session Artifacts
Analysis Artifacts
Linux Artifacts
Windows Artifacts
Mac Artifacts
Android Artifacts
Macro Artifacts
Search Parameter Types and Operators
Search Countries and Country Codes
Search Top Tags, Session Histogram, and Session Aggregate Data
Search for Signatures
View Search Results
Perform Direct Searches
Get Session Details
Get Sample Analysis
Get Tags
Get Tag Details
Get Threat Indicator Feed
Get Custom Threat Indicator Feed
Get Threat Intelligence Card Summary
Export List
Get Anti-spyware, Vulnerability, and File-Format Signature
Get Antivirus Signature
Get DNS Signature
Get Geolocation
Get Anti-spyware, Vulnerability, and File-Format Release Info
AutoFocus API Error Codes
AutoFocus API Error Codes
STIX Elements and Fields
The following table lists STIX-enabled resources along with the corresponding
STIX
,
MAEC
, and
CybOX
elements visible in the response:
Resource
Element
Fields
Get Samples
(
Search Samples and Sessions
)
cybox:Observables
Observables are events or stateful properties such as the value of a registry key, deletion of a file, or the receipt of an HTTP GET.
cybox:Observable
cybox:Description
cybox:Object
cybox:Properties
Get Sessions
(
Search Samples and Sessions
)
stix:Incident
Incidents are discrete instances of observable patterns affecting an organization; it includes information discovered during an incident response investigation.
incident:Description
incident:Victim
incident:Related_Observables
Get Sample Analysis
ttp:MalwareType
TTPs (Tactics, Techniques, and Procedures) represent adversarial behavior, such as potentially targeted victims, attack patterns and malware, leveraged resources (infrastructure, tools, personas).
ttp:Title
ttp:Description
ttp:Behavior
ttp:Malware
ttp:Malware_Instance
maecPackage:MAEC_Package
maecPackage:Malware_Subjects
-
maecPackage:Malware_Subject
Get Tags
stix:Indicator
Indicators convey specific observable patterns combined with contextual information. They represent artifacts and behaviors of interest.
indicator:Title
indicator:Description
indicator:Short_Description
indicator:Sightings
indicator:Producer
stixCommon:Description
stixCommon:Identity
stixCommon:Name
Get Tag Details
stix:Indicator
indicator:Title
indicator:Description
indicator:Short_Description
indicator:Composite_Indicator_Expression
indicator:Indicator
indicator:Sightings
indicator:Producer
Previous
AutoFocus API STIX Support
Next
Get Started with the AutoFocus API
