Hoja de referencia rápida de la API de Threat Vault

Hoja de referencia rápida de la API de Threat Vault

7468
Created On 08/22/22 10:37 AM - Last Modified 08/21/25 11:08 AM


Objective


Proporcionar una guía rápida de los comandos más comunes que se usan para la API de Threat Vault.

Environment


Threat Vault API




 

Procedure


Antes de empezar:

Cómo obtener la clave de API de Threat Vault

 

Consultas

Identificación de la amenaza:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?id=<Threat_ID>' 


MD5:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?md5=<MD5_HASH>'


SHA256:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?sha256=<SHA256_HASH>' 


Nombre de la firma:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?name=<Signature+Name or Group+of+words>' 
  • Las consultas con varias palabras deben usar + en lugar de espacios, por ejemplo: Comando+y+Control


CVE:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?CVE=<CVE-XXXX-XXX or CVE-XXXX>' 


Fecha:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?releaseDate=<DATE>' 

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?fromReleaseDate=<FROMDATE>&toReleaseDate=<TODATE>' 


Versión del contenido:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?releaseVersion=<VERSION>' 
curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?&fromReleaseVersion=<FROMVERSION>&toReleaseVersion=<TOVERSION>' 


Historial de firmas, paquete antivirus:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats/history?id=<Threat_ID>&type=antivirus' 
  • Nota: solo disponible para firmas que se liberan, no disponible para firmas reemplazadas o deshabilitadas


Historial de firmas, paquete WildFire:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats/history?id=<Threat_ID>&type=wildfire' 
  • Nota: solo disponible para firmas que se liberan, no disponible para firmas reemplazadas o deshabilitadas



Consultas por lotes

El límite de las consultas por lotes es de 100 entradas por consulta (los ejemplos muestran 3 entradas). Las consultas por lotes disponibles son:

Identificación de la amenaza: 
curl -v -X POST -H 'X-API-KEY: <APIKEY>'  -H 'Content-Type: application/json' -d '{"id":["<Threat_ID>","<Threat_ID>","<Threat_ID>"]}' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats'

MD5: 
curl -v -X POST -H 'X-API-KEY: <APIKEY>'  -H 'Content-Type: application/json' -d '{"md5":["<MD5_HASH>","<MD5_HASH>","<MD5_HASH>"]}' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats'

SHA256: 
curl -v -X POST -H 'X-API-KEY: <APIKEY>'  -H 'Content-Type: application/json' -d '{"sha256":["<SHA256_HASH>","<SHA256_HASH>","<SHA256_HASH>"]}' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats'


Nombre de la firma:

curl -v -X POST -H 'X-API-KEY: <APIKEY>'  -H 'Content-Type: application/json' -d '{"name":["<Signature+Name or Group+of+words>","<Signature+Name or Group+of+words>","<Signature+Name or Group+of+words>"]}' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats'
  • Las consultas con varias palabras deben usar + en lugar de espacios, por ejemplo: Comando+y+Control

Additional Information


Threat Vault API

Introducción a las API de CDSS

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sYpBCAU&lang=es&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language