Focus

IoT Security API Reference

Get Device Details per IP Address

Table of Contents

Get Device Details per IP Address

Use the IoT Security API to get device details for a specific device using its IP address.

Synopsis

URI	/pub/v4.0/device/ip
HTTP Method	GET
FQDN	<customer-name>.iot.paloaltonetworks.com

Description

Get a list of device details for the device with the specified IP address.

Request Fields

The URL of this request contains the following parameters:

Field	Description
customerid	(`Required`) The customer ID specifies the API call for a specific tenant. The following value is a string.
ip	(`Required`) This is the IP address of the device for which you want to get details. The following value is a string.

For additional common parameters you can use with this request, check Get Started with the IoT Security API.

Request Example

curl --location -X GET 'https://acmecorp.iot.paloaltonetworks.com/pub/v4.0/device/ip?customerid=acmecorp&ip=192.168.10.121' \
-H 'X-Key-Id: KEY_ID' \
-H 'X-Access-Key: ACCESS_KEY'

Success Response

Upon success, the HTTP response code is 200. In addition, this API returns a JSON object containing an array of JSON objects, each of which represents a single device attribute.

Field	Description
deviceid	The device ID, which IoT Security uses to identify and track the device (string)
hostname	The device hostname (string)
category	The category to which the device belongs (string)
profile	The device profile assigned to the device (string)
profile_type	The type of device profile, such as IoT or Non_IoT (string)
profile_vertical	The industry vertical for the profile such as Medical, IT Devices, and Office (string)
ip_address	The IP address of the device (string)
mac_address	The MAC address of the device (string)
risk_score	The risk score of the device (integer)
risk_level	The risk level of the device; there are four: low, medium, high, and critical (string)
last_activity	A UTC timestamp for the last detected device activity (object)
confidence_score	The confidence score for device classification (integer)
subnet	The subnet to which the device is attached (string)
number_of_critical_alerts	The number of critical alerts for the device (integer)
number_of_warning_alerts	The number of warning alerts for the device (integer)
number_of_caution_alerts	The number of caution alerts for the device (integer)
number_of_info_alerts	The number of info alerts for the device (integer)
tagIdList	A list of IDs for user- and system-defined tags assigned to the device

Success Response Example

{
    "deviceid": "34:02:86:44:65:36",
    "hostname": "InfusionPump-20",
    "category": "Infusion System",
    "profile": "Sigma Spectrum Infusion System",
    "profile_type": "IoT",
    "profile_vertical": "Medical",
    "ip_address": "192.168.10.121",
    "mac_address": "34:02:86:44:65:36",
    "risk_score": 0,
    "risk_level": "low",
    "last_activity": "2018-05-31T18:39:37.404Z",
    "confidence_score": 90,
    "subnet": "192.168.10.121/28",
    "number_of_critical_alerts": 0,
    "number_of_warning_alerts": 0,
    "number_of_caution_alerts": 0,
    "number_of_info_alerts": 0,
    "tagIdList":
    ...
    }

Error Response

Upon error, the reply includes an HTTP response code, an error message, and additional information describing the error. The HTTP response code is one of the following:

Field	Description
400	Bad Request. This occurs when an HTTP request contains an invalid query string.
403	Forbidden access. Either the provided API Key is invalid or it does not have the required RBAC permissions to run this API.
429	Too many requests. The number of requests for device details for a single device exceeded the rate limit of 180 queries per minute per tenant.
500	Internal server error. A unified status for API communication type errors.

Error Response Format

{code: STATUS_CODE, msg: GENERAL_MESSAGE}

Get Device Details per Device ID

Get the Device Inventory