Palo Alto Networks · JSON Structure

Iot Security Api Device Structure

Device schema from Palo Alto Networks IoT Security API

Type: object Properties: 18
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Device is a JSON Structure definition published by Palo Alto Networks, describing 18 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

deviceid ip mac hostname profile category risk_score os os_version vendor model site subnet first_seen last_seen monitored confidence_score tags

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/iot-security-api-device-structure.json",
  "name": "Device",
  "description": "Device schema from Palo Alto Networks IoT Security API",
  "type": "object",
  "properties": {
    "deviceid": {
      "type": "string",
      "description": "Unique device identifier."
    },
    "ip": {
      "type": "string",
      "description": "IPv4 address of the device."
    },
    "mac": {
      "type": "string",
      "description": "MAC address of the device."
    },
    "hostname": {
      "type": "string",
      "description": "Hostname or NetBIOS name of the device."
    },
    "profile": {
      "type": "string",
      "description": "Device profile classification (e.g., IP Camera, Infusion Pump)."
    },
    "category": {
      "type": "string",
      "description": "Device category (e.g., IoT, OT, IT)."
    },
    "risk_score": {
      "type": "int32",
      "description": "Aggregate risk score from 0 (lowest) to 100 (highest).",
      "minimum": 0,
      "maximum": 100
    },
    "os": {
      "type": "string",
      "description": "Detected operating system."
    },
    "os_version": {
      "type": "string",
      "description": "Detected operating system version."
    },
    "vendor": {
      "type": "string",
      "description": "Device manufacturer or vendor."
    },
    "model": {
      "type": "string",
      "description": "Device model identifier."
    },
    "site": {
      "type": "string",
      "description": "Network site where the device was discovered."
    },
    "subnet": {
      "type": "string",
      "description": "Subnet the device belongs to."
    },
    "first_seen": {
      "type": "datetime",
      "description": "Timestamp when the device was first discovered."
    },
    "last_seen": {
      "type": "datetime",
      "description": "Timestamp when the device was last active."
    },
    "monitored": {
      "type": "string",
      "description": "Whether the device is currently monitored.",
      "enum": [
        "yes",
        "no"
      ]
    },
    "confidence_score": {
      "type": "int32",
      "description": "Confidence level of the device profile classification."
    },
    "tags": {
      "type": "array",
      "description": "User-defined or system-assigned tags.",
      "items": {
        "type": "string"
      }
    }
  }
}