Palo Alto Networks · JSON Structure

Dns Security Api Domain Detail Structure

DomainDetail schema from Palo Alto Networks DNS Security API

Type: object Properties: 10
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

DomainDetail is a JSON Structure definition published by Palo Alto Networks, describing 10 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

domain category risk_level risk_score dns_security_category first_seen last_seen registrar registration_date ip_addresses

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/dns-security-api-domain-detail-structure.json",
  "name": "DomainDetail",
  "description": "DomainDetail schema from Palo Alto Networks DNS Security API",
  "type": "object",
  "properties": {
    "domain": {
      "type": "string",
      "description": "Fully qualified domain name queried."
    },
    "category": {
      "type": "string",
      "description": "URL filtering category assigned to the domain (e.g., malware, phishing, command-and-control, business-and-economy)."
    },
    "risk_level": {
      "type": "string",
      "description": "Risk level assessment for the domain.",
      "enum": [
        "low",
        "medium",
        "high",
        "critical"
      ]
    },
    "risk_score": {
      "type": "float",
      "description": "Numeric risk score from 0.0 (no risk) to 100.0 (critical risk).",
      "minimum": 0.0,
      "maximum": 100.0
    },
    "dns_security_category": {
      "type": "string",
      "description": "DNS Security category classification used for policy enforcement.",
      "enum": [
        "benign",
        "malware",
        "phishing",
        "command-and-control",
        "grayware",
        "dynamic-dns",
        "newly-registered",
        "parked",
        "unknown"
      ]
    },
    "first_seen": {
      "type": "datetime",
      "description": "Timestamp when the domain was first observed by DNS Security."
    },
    "last_seen": {
      "type": "datetime",
      "description": "Timestamp when the domain was most recently observed."
    },
    "registrar": {
      "type": "string",
      "description": "Domain registrar name."
    },
    "registration_date": {
      "type": "date",
      "description": "Date the domain was registered."
    },
    "ip_addresses": {
      "type": "array",
      "description": "Current IP addresses the domain resolves to.",
      "items": {
        "type": "string"
      }
    }
  }
}