Home
EN
Location
Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base
Clear
AutoFocus® API Reference
:
Session Artifacts
Updated on
Fri Sep 01 02:09:44 UTC 2023
Focus
Download PDF
Updated on
Fri Sep 01 02:09:44 UTC 2023
Focus
Home
AutoFocus
AutoFocus® API Reference
Perform AutoFocus Searches
Search Field Names
Session Artifacts
Download PDF
AutoFocus® API Reference
Session Artifacts
Table of Contents
Filter
Expand all
|
Collapse all
About the AutoFocus API
AutoFocus API Overview
AutoFocus API Prerequisites
AutoFocus API Rate Limits
Rate Limits and Points Allotment
How to Track Points
Points Usage
AutoFocus API Resources
Resources for Initiating Searches
Resources for Viewing Search Results
Resources for Direct Searches
AutoFocus API STIX Support
STIX Elements and Fields
Get Started with the AutoFocus API
Get Your API Key
Make Your First AutoFocus API Calls
Start a Search
View Results
Perform AutoFocus Searches
Search Samples and Sessions
Search Field Names
General Artifacts
Sample Artifacts
Session Artifacts
Analysis Artifacts
Linux Artifacts
Windows Artifacts
Mac Artifacts
Android Artifacts
Macro Artifacts
Search Parameter Types and Operators
Search Countries and Country Codes
Search Top Tags, Session Histogram, and Session Aggregate Data
Search for Signatures
View Search Results
Perform Direct Searches
Get Session Details
Get Sample Analysis
Get Tags
Get Tag Details
Get Threat Indicator Feed
Get Custom Threat Indicator Feed
Get Threat Intelligence Card Summary
Export List
Get Anti-spyware, Vulnerability, and File-Format Signature
Get Antivirus Signature
Get DNS Signature
Get Geolocation
Get Anti-spyware, Vulnerability, and File-Format Release Info
AutoFocus API Error Codes
AutoFocus API Error Codes
Session Artifacts
The following table provides field names and related information for session artifacts.
Field Name
Artifact Type as it Appears on AutoFocus Web Portal
Field Type
Acceptable Values and Examples
session.app
Application
select
Refer to
Application Research Center
for application names.
session.device_country
Device Country
select
Refer to
Search Countries and Country Codes
for valid values.
session.device_countrycode
Device Country Code
select
Refer to
Search Countries and Country Codes
for valid values.
session.device_hostname
Device Hostname
exactString
Valid device hostname.
session.device_serial
Observed In
exactStringList
Valid device identifier.
session.vsys
Device vsys
exactString
Example:
1
session.dst_country
Destination Country
select
Refer to
Search Countries and Country Codes
for valid values.
session.dst_countrycode
Destination Country Code
select
Refer to
Search Countries and Country Codes
for valid values.
session.dst_ip
Destination IP
exactStringList
Valid IP address..
session.dst_port
Destination Port
number
Valid port number.
session.emailrecipient
Email Recipient Address
string
Valid email address.
session.emailsbjcharset
Email Charset
exactString
Example:
koi8-r
session.emailsender
Email Sender Address
string
Valid email address.
session.emailsubject
Email Subject
string
Valid email subject.
session.filename
File Name
string
Valid file name.
session.fileurl
File URL
url
Valid URL.
session.imei
IMEI
exactStringList
IMEI (International Mobile Equipment Identity) of the mobile device
session.device_industry
Industry
select
Aerospace and Defense
Agriculture
Automotive
Construction
Consulting
Education
Education - K thru 12
Energy
Finance
Government
Healthcare
High Tech
Higher Education
Hospitality
Insurance
Lower Education
Manufacturing
Media and Entertainment
Non-Profit
Other
Pharma and Life Sciences
Professional and Legal Services
Real Estate
Service Provider
Telecommunications
Transportation and Logistics
Utilities
Waste Management
Wholesale and Retail
session.user_id
Recipient User ID
string
Valid user ID.
session.region
Region
singleSelect
Possible values:
Wildfire global cloud:
us
Wildfire EU cloud:
eu
Wildfire Japan cloud:
jp
Wildfire Singapore cloud:
sg
Wildfire UK cloud:
uk
Wildfire Canada cloud:
ca
session.src_country
Source Country
select
Refer to
Search Countries and Country Codes
for valid values.
session.src_countrycode
Source Country Code
select
Refer to
Search Countries and Country Codes
for valid values.
session.src_ip
Source IP
exactStringList
Valid IP address
session.src_port
Source Port
number
Valid port number
session.sha256
SHA256
exactStringList
Valid SHA256 hash
session.status
Status
singleSelect
Possible value:
Blocked
session.tstamp
Time
date
Valid timestamp
Example:
2015-09-21T11:33:20
session.upload_src
Upload Source
exactStringList
Possible values:
Firewall
Proofpoint
Traps
Magnifier
Manual API
Traps Android
WF Appliance
Prisma SaaS
Prisma Access
Cortex XDR
Previous
Sample Artifacts
Next
Analysis Artifacts
