Palo Alto Networks · Example Payload

Cortex Xdr Api Endpoint Example

Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Cortex Xdr Api Endpoint Example is an example object payload from Palo Alto Networks, with 20 top-level fields. It illustrates the shape of data this provider's APIs accept or return.

Top-level fields

endpoint_idendpoint_nameendpoint_typeendpoint_statusos_typeipusersdomainaliasfirst_seenlast_seencontent_versioninstallation_packageactive_directoryinstall_dateendpoint_versionis_isolatedisolation_reasonscan_statusgroup_name

Example Payload

Raw ↑ 
{
  "endpoint_id": "777920",
  "endpoint_name": "Remote Policy 43",
  "endpoint_type": "WORKSTATION",
  "endpoint_status": "CONNECTED",
  "os_type": "AGENT_OS_MAC",
  "ip": [
    "example-ip_item",
    "example-ip_item",
    "example-ip_item"
  ],
  "users": [
    "jsmith",
    "admin",
    "soc-analyst"
  ],
  "domain": "mail.acme-systems.org",
  "alias": "example-alias",
  "first_seen": 169,
  "last_seen": 333,
  "content_version": "10.1.8",
  "installation_package": "example-installation_package",
  "active_directory": "example-active_directory",
  "install_date": 232,
  "endpoint_version": "2.0.8",
  "is_isolated": "PENDING_ISOLATION",
  "isolation_reason": "And security malware violation alert suspicious incident for traffic applied policy blocked incident response.",
  "scan_status": "SCAN_STATUS_IN_PROGRESS",
  "group_name": [
    "Branch Firewall 39"
  ]
}