Get Device Details per IP Address

Use the IoT Security API to get device details for a specific device using its IP address.

Synopsis

URI
/pub/v4.0/device/ip
HTTP Method
GET
FQDN
<customer-name>.iot.paloaltonetworks.com

Description

Get a list of device details for the device with the specified IP address.

Request Fields

The URL of this request contains the following parameters:
Field
Description
customerid
(
Required
) The customer ID specifies the API call for a specific tenant.
The following value is a string.
ip
(
Required
) Thia is the IP address of the device for which you want to get details.
The following value is a string.
Request Example
curl 'https://acmecorp.iot.paloaltonetworks.com/pub/v4.0/device/ip?customerid=acmecorp&ip=192.168.10.121' -H 'X-Key-Id: <key_id>' -H 'X-Access-Key: <access_key>'

Success Response

Upon success, the HTTP response code is 200. In addition, this API returns a JSON object containing an array of JSON objects, each of which represents a single device attribute.
Field
Description
deviceid
The device ID, which IoT Security uses to identify and track the device (string)
hostname
The device hostname (string)
category
The category to which the device belongs (string)
profile
The device profile assigned to the device (string)
profile_type
The type of device profile, such as
IoT
or
Non_IoT
(string)
profile_vertical
The industry vertical for the profile such as
Medical
,
IT Devices
, and
Office
(string)
ip_address
The IP address of the device (string)
mac_address
The MAC address of the device (string)
risk_score
The risk score of the device (integer)
risk_level
The risk level of the device; there are four:
low
,
medium
,
high
, and
critical
(string)
last_activity
A UTC timestamp for the last detected device activity (object)
confidence_score
The confidence score for device classification (integer)
subnet
The subnet to which the device is attached (string)
number_of_critical_alerts
The number of critical alerts for the device (integer)
number_of_warning_alerts
The number of warning alerts for the device (integer)
number_of_caution_alerts
The number of caution alerts for the device (integer)
number_of_info_alerts
The number of info alerts for the device (integer)
Success Response Example
{ "deviceid": "34:02:86:44:65:36", "hostname": "InfusionPump-20", "category": "Infusion System", "profile": "Sigma Spectrum Infusion System", "profile_type": "IoT", "profile_vertical": "Medical", "ip_address": "192.168.10.121", "mac_address": "34:02:86:44:65:36", "risk_score": 0, "risk_level": "low", "last_activity": "2018-05-31T18:39:37.404Z", "confidence_score": 90, "subnet": "192.168.10.121/28", "number_of_critical_alerts": 0, "number_of_warning_alerts": 0, "number_of_caution_alerts": 0, "number_of_info_alerts": 0, ... }

Error Response

Upon error, the reply includes an HTTP response code, an error message, and additional information describing the error. The HTTP response code is one of the following:
Field
Description
400
Bad Request. Got an invalid JSON.
401
Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
402
Unauthorized access. User does not have the required license type to run this API.
403
Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.
500
Internal server error. A unified status for API communication type errors.
Error Response Format
{code: STATUS_CODE, msg: GENERAL_MESSAGE}

Recommended For You