Threat Vault API 备忘单

Threat Vault API 备忘单

7438
Created On 08/22/22 10:37 AM - Last Modified 08/21/25 11:08 AM


Objective


为用于 Threat Vault API 的最常见命令提供快速指南。

Environment


威胁库 API




 

Procedure


开始之前:

如何获取 Threat Vault API 密钥

 

查询

威胁 ID:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?id=<Threat_ID>' 


MD5:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?md5=<MD5_HASH>'


SHA256的:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?sha256=<SHA256_HASH>' 


签名名称:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?name=<Signature+Name or Group+of+words>' 
  • 包含多个单词的查询必须使用 + 代替空格,例如:command+and+control


CVE格式:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?CVE=<CVE-XXXX-XXX or CVE-XXXX>' 


日期:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?releaseDate=<DATE>' 

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?fromReleaseDate=<FROMDATE>&toReleaseDate=<TODATE>' 


内容版本:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?releaseVersion=<VERSION>' 
curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats?&fromReleaseVersion=<FROMVERSION>&toReleaseVersion=<TOVERSION>' 


签名历史记录,防病毒包:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats/history?id=<Threat_ID>&type=antivirus' 
  • 注意: 仅适用于已释放的签名,不适用于替换或禁用的签名


签名历史,WildFire 包:

curl -v -H 'X-API-KEY: <APIKEY>' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats/history?id=<Threat_ID>&type=wildfire' 
  • 注意: 仅适用于已释放的签名,不适用于替换或禁用的签名



批量查询

批处理查询的限制是每个查询 100 个条目(示例显示 3 个条目)。 可用的批处理查询包括:

威胁 ID: 
curl -v -X POST -H 'X-API-KEY: <APIKEY>'  -H 'Content-Type: application/json' -d '{"id":["<Threat_ID>","<Threat_ID>","<Threat_ID>"]}' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats'

MD5: 
curl -v -X POST -H 'X-API-KEY: <APIKEY>'  -H 'Content-Type: application/json' -d '{"md5":["<MD5_HASH>","<MD5_HASH>","<MD5_HASH>"]}' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats'

SHA256的: 
curl -v -X POST -H 'X-API-KEY: <APIKEY>'  -H 'Content-Type: application/json' -d '{"sha256":["<SHA256_HASH>","<SHA256_HASH>","<SHA256_HASH>"]}' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats'


签名名称:

curl -v -X POST -H 'X-API-KEY: <APIKEY>'  -H 'Content-Type: application/json' -d '{"name":["<Signature+Name or Group+of+words>","<Signature+Name or Group+of+words>","<Signature+Name or Group+of+words>"]}' 'https://api.threatvault.paloaltonetworks.com/service/v1/threats'
  • 包含多个单词的查询必须使用 + 代替空格,例如:command+and+control

Additional Information


威胁库 API

CDSS API 入门

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sYpBCAU&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language