Juniper ATP Cloud API
Advanced Threat Prevention API for threat intelligence and security analytics.
OpenAPI Specification
openapi: 3.1.0
info:
title: Juniper Networks Juniper Advanced Threat Prevention (ATP) Cloud API
description: >-
Juniper Advanced Threat Prevention (ATP) Cloud API provides access to
threat intelligence, malware analysis, and security event management.
The API enables querying threat feeds, submitting files for analysis,
retrieving detection verdicts, managing allow/block lists, and accessing
threat intelligence data for integration with SRX Series firewalls and
other security infrastructure.
version: 1.0.0
contact:
name: Juniper Support
url: https://www.juniper.net/us/en/products/security/advanced-threat-prevention.html
email: support@juniper.net
license:
name: Proprietary
url: https://www.juniper.net/us/en/legal-notices.html
externalDocs:
description: ATP Cloud Documentation
url: https://www.juniper.net/documentation/us/en/software/atp/
servers:
- url: https://{atp_server}/api/v1
description: ATP Cloud Server
variables:
atp_server:
default: atp.juniper.net
description: ATP Cloud server hostname
security:
- apiKey: []
tags:
- name: Allowlists and Blocklists
description: Allowlist and blocklist management
- name: Authentication
description: Authentication and session management
- name: Enrolled Devices
description: Enrolled SRX device management
- name: File Analysis
description: Malware analysis and file submission
- name: Indicators of Compromise
description: IoC management and lookup
- name: Reports
description: Threat and activity reports
- name: Threat Intelligence
description: Threat feed and intelligence data
paths:
/auth/login:
post:
operationId: login
summary: Juniper Networks Authenticate
description: Authenticates a user and returns an API session token.
tags:
- Authentication
security: []
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- username
- password
properties:
username:
type: string
password:
type: string
realm:
type: string
description: Authentication realm
responses:
'200':
description: Authentication successful
content:
application/json:
schema:
type: object
properties:
token:
type: string
expires:
type: string
format: date-time
'401':
description: Authentication failed
/threat-intelligence/feeds:
get:
operationId: listThreatFeeds
summary: Juniper Networks List threat feeds
description: Returns available threat intelligence feeds and their status.
tags:
- Threat Intelligence
responses:
'200':
description: List of threat feeds
content:
application/json:
schema:
type: object
properties:
feeds:
type: array
items:
$ref: '#/components/schemas/ThreatFeed'
/threat-intelligence/ip-lookup:
get:
operationId: lookupIpReputation
summary: Juniper Networks Look up IP reputation
description: Returns the threat reputation score and details for an IP address.
tags:
- Threat Intelligence
parameters:
- name: ip
in: query
required: true
description: IP address to look up
schema:
type: string
responses:
'200':
description: IP reputation data
content:
application/json:
schema:
$ref: '#/components/schemas/IpReputation'
/threat-intelligence/url-lookup:
get:
operationId: lookupUrlReputation
summary: Juniper Networks Look up URL reputation
description: Returns the threat reputation and category for a URL.
tags:
- Threat Intelligence
parameters:
- name: url
in: query
required: true
description: URL to look up
schema:
type: string
responses:
'200':
description: URL reputation data
content:
application/json:
schema:
$ref: '#/components/schemas/UrlReputation'
/threat-intelligence/domain-lookup:
get:
operationId: lookupDomainReputation
summary: Juniper Networks Look up domain reputation
description: Returns the threat reputation for a domain name.
tags:
- Threat Intelligence
parameters:
- name: domain
in: query
required: true
description: Domain name to look up
schema:
type: string
responses:
'200':
description: Domain reputation data
content:
application/json:
schema:
$ref: '#/components/schemas/DomainReputation'
/threat-intelligence/hash-lookup:
get:
operationId: lookupFileHash
summary: Juniper Networks Look up file hash
description: Returns the malware analysis verdict for a file hash.
tags:
- Threat Intelligence
parameters:
- name: hash
in: query
required: true
description: File hash (MD5, SHA1, or SHA256)
schema:
type: string
- name: hash_type
in: query
description: Hash type
schema:
type: string
enum:
- md5
- sha1
- sha256
responses:
'200':
description: File hash verdict
content:
application/json:
schema:
$ref: '#/components/schemas/FileVerdict'
/file-analysis/submit:
post:
operationId: submitFile
summary: Juniper Networks Submit file for analysis
description: Submits a file for malware analysis in the ATP Cloud sandbox.
tags:
- File Analysis
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
required:
- file
properties:
file:
type: string
format: binary
description: File to analyze
file_name:
type: string
description: Original filename
priority:
type: string
enum:
- low
- normal
- high
responses:
'202':
description: File submitted for analysis
content:
application/json:
schema:
type: object
properties:
submission_id:
type: string
status:
type: string
sha256:
type: string
/file-analysis/submissions/{submission_id}:
get:
operationId: getSubmissionStatus
summary: Juniper Networks Get file analysis status
description: Returns the status and results of a file analysis submission.
tags:
- File Analysis
parameters:
- name: submission_id
in: path
required: true
schema:
type: string
responses:
'200':
description: Submission status and results
content:
application/json:
schema:
$ref: '#/components/schemas/AnalysisResult'
/file-analysis/submissions:
get:
operationId: listSubmissions
summary: Juniper Networks List file submissions
description: Returns a list of file analysis submissions.
tags:
- File Analysis
parameters:
- name: status
in: query
description: Filter by analysis status
schema:
type: string
enum:
- pending
- in_progress
- completed
- name: start_date
in: query
schema:
type: string
format: date-time
- name: end_date
in: query
schema:
type: string
format: date-time
- name: limit
in: query
schema:
type: integer
default: 50
responses:
'200':
description: List of submissions
content:
application/json:
schema:
type: object
properties:
submissions:
type: array
items:
$ref: '#/components/schemas/AnalysisResult'
total:
type: integer
/lists/allowlist:
get:
operationId: getAllowlist
summary: Juniper Networks Get allowlist entries
description: Returns all entries in the allowlist.
tags:
- Allowlists and Blocklists
responses:
'200':
description: Allowlist entries
content:
application/json:
schema:
type: object
properties:
entries:
type: array
items:
$ref: '#/components/schemas/ListEntry'
post:
operationId: addToAllowlist
summary: Juniper Networks Add to allowlist
description: Adds an entry to the allowlist.
tags:
- Allowlists and Blocklists
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ListEntry'
responses:
'201':
description: Entry added
/lists/blocklist:
get:
operationId: getBlocklist
summary: Juniper Networks Get blocklist entries
description: Returns all entries in the blocklist.
tags:
- Allowlists and Blocklists
responses:
'200':
description: Blocklist entries
content:
application/json:
schema:
type: object
properties:
entries:
type: array
items:
$ref: '#/components/schemas/ListEntry'
post:
operationId: addToBlocklist
summary: Juniper Networks Add to blocklist
description: Adds an entry to the blocklist.
tags:
- Allowlists and Blocklists
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ListEntry'
responses:
'201':
description: Entry added
/enrolled-devices:
get:
operationId: listEnrolledDevices
summary: Juniper Networks List enrolled devices
description: Returns all SRX devices enrolled with ATP Cloud.
tags:
- Enrolled Devices
responses:
'200':
description: List of enrolled devices
content:
application/json:
schema:
type: object
properties:
devices:
type: array
items:
$ref: '#/components/schemas/EnrolledDevice'
/enrolled-devices/{device_id}:
get:
operationId: getEnrolledDevice
summary: Juniper Networks Get enrolled device details
description: Returns details for a specific enrolled device.
tags:
- Enrolled Devices
parameters:
- name: device_id
in: path
required: true
schema:
type: string
responses:
'200':
description: Device details
content:
application/json:
schema:
$ref: '#/components/schemas/EnrolledDevice'
/reports/threats:
get:
operationId: getThreatReport
summary: Juniper Networks Get threat report
description: Returns a summary report of threats detected over a time period.
tags:
- Reports
parameters:
- name: start_date
in: query
required: true
schema:
type: string
format: date-time
- name: end_date
in: query
required: true
schema:
type: string
format: date-time
responses:
'200':
description: Threat report
content:
application/json:
schema:
$ref: '#/components/schemas/ThreatReport'
/ioc/indicators:
get:
operationId: listIndicators
summary: Juniper Networks List indicators of compromise
description: Returns indicators of compromise detected in the environment.
tags:
- Indicators of Compromise
parameters:
- name: type
in: query
description: Filter by indicator type
schema:
type: string
enum:
- ip
- domain
- url
- hash
- email
- name: limit
in: query
schema:
type: integer
default: 100
responses:
'200':
description: List of indicators
content:
application/json:
schema:
type: object
properties:
indicators:
type: array
items:
$ref: '#/components/schemas/Indicator'
total:
type: integer
components:
securitySchemes:
apiKey:
type: apiKey
in: header
name: X-Auth-Token
description: API token obtained from the login endpoint
schemas:
ThreatFeed:
type: object
properties:
id:
type: string
name:
type: string
description:
type: string
enabled:
type: boolean
last_updated:
type: string
format: date-time
entry_count:
type: integer
feed_type:
type: string
enum:
- ip
- domain
- url
- hash
IpReputation:
type: object
properties:
ip:
type: string
threat_score:
type: integer
minimum: 0
maximum: 10
description: Threat score from 0 (clean) to 10 (malicious)
categories:
type: array
items:
type: string
country:
type: string
asn:
type: integer
last_seen:
type: string
format: date-time
feeds:
type: array
items:
type: string
UrlReputation:
type: object
properties:
url:
type: string
threat_score:
type: integer
minimum: 0
maximum: 10
categories:
type: array
items:
type: string
host:
type: string
last_seen:
type: string
format: date-time
DomainReputation:
type: object
properties:
domain:
type: string
threat_score:
type: integer
minimum: 0
maximum: 10
categories:
type: array
items:
type: string
registrar:
type: string
created_date:
type: string
format: date-time
last_seen:
type: string
format: date-time
FileVerdict:
type: object
properties:
sha256:
type: string
md5:
type: string
sha1:
type: string
verdict:
type: string
enum:
- clean
- malicious
- suspicious
- unknown
malware_family:
type: string
threat_score:
type: integer
minimum: 0
maximum: 10
first_seen:
type: string
format: date-time
last_seen:
type: string
format: date-time
AnalysisResult:
type: object
properties:
submission_id:
type: string
sha256:
type: string
file_name:
type: string
file_type:
type: string
file_size:
type: integer
status:
type: string
enum:
- pending
- in_progress
- completed
- failed
verdict:
type: string
enum:
- clean
- malicious
- suspicious
- unknown
threat_score:
type: integer
minimum: 0
maximum: 10
malware_info:
type: object
properties:
family:
type: string
type:
type: string
enum:
- trojan
- ransomware
- worm
- adware
- spyware
- backdoor
- rootkit
- other
analysis_details:
type: object
properties:
static_analysis:
type: object
dynamic_analysis:
type: object
submitted_at:
type: string
format: date-time
completed_at:
type: string
format: date-time
ListEntry:
type: object
properties:
id:
type: string
type:
type: string
enum:
- ip
- domain
- url
- hash
value:
type: string
description:
type: string
created_at:
type: string
format: date-time
created_by:
type: string
EnrolledDevice:
type: object
properties:
device_id:
type: string
hostname:
type: string
serial_number:
type: string
model:
type: string
description: Device model (e.g., SRX340, SRX4600)
os_version:
type: string
status:
type: string
enum:
- connected
- disconnected
- pending
last_seen:
type: string
format: date-time
enrolled_at:
type: string
format: date-time
license_type:
type: string
ThreatReport:
type: object
properties:
period:
type: object
properties:
start:
type: string
format: date-time
end:
type: string
format: date-time
summary:
type: object
properties:
total_threats:
type: integer
malware_detected:
type: integer
c2_connections_blocked:
type: integer
phishing_blocked:
type: integer
top_threats:
type: array
items:
type: object
properties:
name:
type: string
category:
type: string
count:
type: integer
severity:
type: string
top_targeted_hosts:
type: array
items:
type: object
properties:
hostname:
type: string
ip:
type: string
threat_count:
type: integer
Indicator:
type: object
properties:
id:
type: string
type:
type: string
enum:
- ip
- domain
- url
- hash
- email
value:
type: string
threat_score:
type: integer
minimum: 0
maximum: 10
confidence:
type: number
minimum: 0
maximum: 1
source:
type: string
first_seen:
type: string
format: date-time
last_seen:
type: string
format: date-time
tags:
type: array
items:
type: string