Home
EN
Location
Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base
Clear
AutoFocus® API Reference
:
STIX Elements and Fields
Updated on
Fri Sep 01 02:09:44 UTC 2023
Focus
Download PDF
Updated on
Fri Sep 01 02:09:44 UTC 2023
Focus
Home
AutoFocus
AutoFocus® API Reference
About the AutoFocus API
AutoFocus API STIX Support
STIX Elements and Fields
Download PDF
AutoFocus® API Reference
STIX Elements and Fields
Table of Contents
Filter
Expand all
|
Collapse all
About the AutoFocus API
AutoFocus API Overview
AutoFocus API Prerequisites
AutoFocus API Rate Limits
Rate Limits and Points Allotment
How to Track Points
Points Usage
AutoFocus API Resources
Resources for Initiating Searches
Resources for Viewing Search Results
Resources for Direct Searches
AutoFocus API STIX Support
STIX Elements and Fields
Get Started with the AutoFocus API
Get Your API Key
Make Your First AutoFocus API Calls
Start a Search
View Results
Perform AutoFocus Searches
Search Samples and Sessions
Search Field Names
General Artifacts
Sample Artifacts
Session Artifacts
Analysis Artifacts
Linux Artifacts
Windows Artifacts
Mac Artifacts
Android Artifacts
Macro Artifacts
Search Parameter Types and Operators
Search Countries and Country Codes
Search Top Tags, Session Histogram, and Session Aggregate Data
Search for Signatures
View Search Results
Perform Direct Searches
Get Session Details
Get Sample Analysis
Get Tags
Get Tag Details
Get Threat Indicator Feed
Get Custom Threat Indicator Feed
Get Threat Intelligence Card Summary
Export List
Get Anti-spyware, Vulnerability, and File-Format Signature
Get Antivirus Signature
Get DNS Signature
Get Geolocation
Get Anti-spyware, Vulnerability, and File-Format Release Info
AutoFocus API Error Codes
AutoFocus API Error Codes
STIX Elements and Fields
The following table lists STIX-enabled resources along with the corresponding
STIX
,
MAEC
, and
CybOX
elements visible in the response:
Resource
Element
Fields
Get Samples
(
Search Samples and Sessions
)
cybox:Observables
Observables are events or stateful properties such as the value of a registry key, deletion of a file, or the receipt of an HTTP GET.
cybox:Observable
cybox:Description
cybox:Object
cybox:Properties
Get Sessions
(
Search Samples and Sessions
)
stix:Incident
Incidents are discrete instances of observable patterns affecting an organization; it includes information discovered during an incident response investigation.
incident:Description
incident:Victim
incident:Related_Observables
Get Sample Analysis
ttp:MalwareType
TTPs (Tactics, Techniques, and Procedures) represent adversarial behavior, such as potentially targeted victims, attack patterns and malware, leveraged resources (infrastructure, tools, personas).
ttp:Title
ttp:Description
ttp:Behavior
ttp:Malware
ttp:Malware_Instance
maecPackage:MAEC_Package
maecPackage:Malware_Subjects
-
maecPackage:Malware_Subject
Get Tags
stix:Indicator
Indicators convey specific observable patterns combined with contextual information. They represent artifacts and behaviors of interest.
indicator:Title
indicator:Description
indicator:Short_Description
indicator:Sightings
indicator:Producer
stixCommon:Description
stixCommon:Identity
stixCommon:Name
Get Tag Details
stix:Indicator
indicator:Title
indicator:Description
indicator:Short_Description
indicator:Composite_Indicator_Expression
indicator:Indicator
indicator:Sightings
indicator:Producer
Previous
AutoFocus API STIX Support
Next
Get Started with the AutoFocus API
