Palo Alto Networks Threat Intelligence
Unified threat intelligence capability for researching IOCs, submitting malware samples, analyzing DNS threats, and tracking security advisories across Threat Vault, WildFire, DNS Security, and Security Advisories.
What You Can Do
MCP Tools
search-threat-signatures
Search for threat signatures by type, ID, SHA256, name, CVE, or date range in Threat Vault.
get-threat-history
Get the history of a specific threat signature by ID and type from Threat Vault.
get-atp-reports
Get Advanced Threat Prevention reports from Threat Vault.
download-atp-pcaps
Download packet captures from ATP reports in Threat Vault.
get-release-notes
Get release notes for threat content updates from Threat Vault.
get-threat-vault-stats
Get Threat Vault API usage statistics.
submit-file-for-analysis
Submit a file for WildFire malware analysis.
submit-url-for-analysis
Submit a URL for WildFire malware analysis.
submit-link-for-analysis
Submit a link for WildFire malware analysis.
get-verdict
Get the WildFire verdict for a file hash.
get-bulk-verdicts
Get WildFire verdicts for multiple file hashes (max 500).
get-analysis-report
Get the WildFire analysis report for a file hash.
download-sample
Download a malware sample file by hash from WildFire.
download-pcap
Download a packet capture for a file hash from WildFire.
lookup-domain
Get DNS threat intelligence for a specific domain.
bulk-lookup-domains
Get DNS threat intelligence for multiple domains in bulk.
get-dns-network-stats
Get DNS network statistics for a given time range.
list-security-advisories
List Palo Alto Networks security advisories with optional filtering by severity and affected product.
get-security-advisory
Get details of a specific Palo Alto Networks security advisory by ID.
get-advisory-by-cve
Get a Palo Alto Networks security advisory by its CVE identifier.
list-affected-products
List all Palo Alto Networks products affected by security advisories.