Get Device Details per Device ID
Table of Contents
Expand all | Collapse all
-
- Get Device Details per Device ID
- Get Device Details per IP Address
- Get the Device Inventory
- Get Profile Mapping
- Get Security Alerts
- Resolve a Security Alert
- Get Vulnerability Instances
- Resolve Vulnerability Instances
- Add User-defined Tags
- Get a List of User-defined Tags
- Get Active Policy Rule Recommendations
Get Device Details per Device ID
Use the IoT Security API to get device details for a
specific device using its device ID.
Synopsis
| URI | /pub/v4.0/device |
| HTTP Method | GET |
| FQDN | <customer-name>.iot.paloaltonetworks.com |
Description
Get a list of device details
for the device with the specified device ID. The device ID is typically
a MAC address, but an IP address is used for devices configured
as static IP devices.
Request Fields
The URL of this request
contains the following parameters:
| Field | Description |
|---|---|
| customerid | (Required) The customer ID specifies
the API call for a specific tenant. The following value is
a string. |
| deviceid | (Required) The device ID specifies
the MAC address of the device for which you want to get details.
It’s an IP address when the device is configured as a static IP
device. The following value is a string. |
For additional common parameters you can
use with this request, check Get Started with the IoT Security API.
Request
Example
curl --location -X GET 'https://acmecorp.iot.paloaltonetworks.com/pub/v4.0/device?customerid=acmecorp&deviceid=34:02:86:44:65:36' \ -H 'X-Key-Id: KEY_ID' \ -H 'X-Access-Key: ACCESS_KEY'
The --location option
is necessary because some API requests elicit a 3xx response code,
indicating that redirection to another destination is required to
fetch the requested data, and the --location option
enables curl to redo the request to the new destination.
Success Response
Upon success,
the HTTP response code is 200. In addition, this API returns a JSON
object containing an array of JSON objects, each of which represents
a single device attribute.
| Field | Description |
|---|---|
| deviceid | The device ID, which IoT Security uses to identify and track the device (string) |
| hostname | The device hostname (string) |
| category | The category to which the device belongs (string) |
| profile | The device profile assigned to the device (string) |
| profile_type | The type of device profile, such as IoT or Non_IoT (string) |
| profile_vertical | The industry vertical for the profile such as Medical, IT Devices, and Office (string) |
| ip_address | The IP address of the device (string) |
| mac_address | The MAC address of the device (string) |
| tagIdList | A list of IDs for user- and system-defined tags assigned to the device |
| risk_score | The risk score of the device (integer) |
| risk_level | The risk level of the device; there are four: low, medium, high, and critical (string) |
| last_activity | A UTC timestamp for the last detected device activity (object) |
| confidence_score | The confidence score for device classification (integer) |
| subnet | The subnet to which the device is attached (string) |
| number_of_critical_alerts | The number of critical alerts for the device (integer) |
| number_of_warning_alerts | The number of warning alerts for the device (integer) |
| number_of_caution_alerts | The number of caution alerts for the device (integer) |
| number_of_info_alerts | The number of info alerts for the device (integer) |
| allTags | An array of user-defined tags assigned to the device. Each item in the array consists of three attributes: tagType, tagValue, and tagId. |
| tagType | The key for a user-defined tag |
| tagValue | The value of the tag key for a user-defined tag |
| tagId | The ID of a user-defined tag |
Success Response Example
{ "deviceid": "34:02:86:44:65:36", "hostname": "InfusionPump-20", "category": "Infusion System", "profile": "Sigma Spectrum Infusion System", "profile_type": "IoT", "profile_vertical": "Medical", "ip_address": "192.168.10.121", "mac_address": "34:02:86:44:65:36", "tagIdList": [ "6030135777a1d6fb488e26ad", "60301332ff1679e9481b62a6", "602ca12179bc780a2333895d", ], "risk_score": 0, "risk_level": "low", "last_activity": "2018-05-31T18:39:37.404Z", "confidence_score": 90, "subnet": "192.168.10.121/28", "number_of_critical_alerts": 0, "number_of_warning_alerts": 0, "number_of_caution_alerts": 0, "number_of_info_alerts": 0, "allTags": [ { "tagType": "infusion", "tagValue": "pump1", "tagId": "6030135777a1d6fb488e26ad", }, { "tagType": "infusion", "tagValue": "pump2", "tagId": "60301332ff1679e9481b62a6", }, { "tagType": "infusion", "tagValue": "pump3", "tagId": "60f221a219e22f10003a965e", }, ], ... }
Error Response
Upon error,
the reply includes an HTTP response code, an error message, and
additional information describing the error. The HTTP response code
is one of the following:
| Field | Description |
|---|---|
| 400 | Bad Request. This occurs when an HTTP request contains an invalid query string. |
| 403 | Forbidden access. Either the provided API Key is invalid or it does not have the required RBAC permissions to run this API. |
| 429 | Too many requests. The number of requests for device details for a single device exceeded the rate limit of 180 queries per minute per tenant. |
| 500 | Internal server error. A unified status for API communication type errors. |
Error Response Format
{code: STATUS_CODE, msg: GENERAL_MESSAGE}