Get Device Details per IP Address

Use the IoT Security API to get device details for a specific device using its IP address.

Synopsis

URI
/pub/v4.0/device/ip
HTTP Method
GET
FQDN
<customer-name>.iot.paloaltonetworks.com

Description

Get a list of device details for the device with the specified IP address.

Request Fields

The URL of this request contains the following parameters:
Field
Description
customerid
(
Required
) The customer ID specifies the API call for a specific tenant.
The following value is a string.
ip
(
Required
) This is the IP address of the device for which you want to get details.
The following value is a string.
For additional common parameters you can use with this request, check Get Started with the IoT Security API.
Request Example
curl --location -X GET 'https://acmecorp.iot.paloaltonetworks.com/pub/v4.0/device/ip?customerid=acmecorp&ip=192.168.10.121' \ -H 'X-Key-Id: KEY_ID' \ -H 'X-Access-Key: ACCESS_KEY'

Success Response

Upon success, the HTTP response code is 200. In addition, this API returns a JSON object containing an array of JSON objects, each of which represents a single device attribute.
Field
Description
deviceid
The device ID, which IoT Security uses to identify and track the device (string)
hostname
The device hostname (string)
category
The category to which the device belongs (string)
profile
The device profile assigned to the device (string)
profile_type
The type of device profile, such as
IoT
or
Non_IoT
(string)
profile_vertical
The industry vertical for the profile such as
Medical
,
IT Devices
, and
Office
(string)
ip_address
The IP address of the device (string)
mac_address
The MAC address of the device (string)
risk_score
The risk score of the device (integer)
risk_level
The risk level of the device; there are four:
low
,
medium
,
high
, and
critical
(string)
last_activity
A UTC timestamp for the last detected device activity (object)
confidence_score
The confidence score for device classification (integer)
subnet
The subnet to which the device is attached (string)
number_of_critical_alerts
The number of critical alerts for the device (integer)
number_of_warning_alerts
The number of warning alerts for the device (integer)
number_of_caution_alerts
The number of caution alerts for the device (integer)
number_of_info_alerts
The number of info alerts for the device (integer)
tagIdList
A list of IDs for user- and system-defined tags assigned to the device
Success Response Example
{ "deviceid": "34:02:86:44:65:36", "hostname": "InfusionPump-20", "category": "Infusion System", "profile": "Sigma Spectrum Infusion System", "profile_type": "IoT", "profile_vertical": "Medical", "ip_address": "192.168.10.121", "mac_address": "34:02:86:44:65:36", "risk_score": 0, "risk_level": "low", "last_activity": "2018-05-31T18:39:37.404Z", "confidence_score": 90, "subnet": "192.168.10.121/28", "number_of_critical_alerts": 0, "number_of_warning_alerts": 0, "number_of_caution_alerts": 0, "number_of_info_alerts": 0, "tagIdList": ... }

Error Response

Upon error, the reply includes an HTTP response code, an error message, and additional information describing the error. The HTTP response code is one of the following:
Field
Description
400
Bad Request. This occurs when an HTTP request contains an invalid query string.
403
Forbidden access. Either the provided API Key is invalid or it does not have the required RBAC permissions to run this API.
429
Too many requests. The number of requests for device details for a single device exceeded the rate limit of 180 queries per minute per tenant.
500
Internal server error. A unified status for API communication type errors.
Error Response Format
{code: STATUS_CODE, msg: GENERAL_MESSAGE}

Recommended For You