Palo Alto Networks · JSON Structure
Prisma Access Insights Api Custom Query Structure
Custom query definition with flexible filters
Type: object
Properties: 2
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR
CustomQuery is a JSON Structure definition published by Palo Alto Networks, describing 2 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.
Properties
resource
query
Meta-schema: https://json-structure.org/meta/core/v0/#
JSON Structure
{
"$schema": "https://json-structure.org/meta/core/v0/#",
"$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-access-insights-api-custom-query-structure.json",
"name": "CustomQuery",
"description": "Custom query definition with flexible filters",
"type": "object",
"properties": {
"resource": {
"type": "string",
"description": "Data resource to query"
},
"query": {
"type": "object",
"description": "Query parameters for a data resource request",
"properties": {
"query": {
"type": "object",
"description": "Query definition including filters and time range",
"properties": {
"properties": {
"type": "object",
"description": "Property filters for the query",
"properties": {
"time_range": {
"type": "object",
"description": "Time range specification for the query",
"properties": {
"type": {
"type": "string",
"description": "Type of time range (absolute or relative)",
"enum": [
"ABSOLUTE",
"RELATIVE"
]
},
"value": {
"type": "object",
"description": "Time range value (required for ABSOLUTE type)",
"properties": {
"from": {
"type": "datetime",
"description": "Start of the time range (ISO 8601)"
},
"to": {
"type": "datetime",
"description": "End of the time range (ISO 8601)"
}
}
},
"last": {
"type": "object",
"description": "Relative time range (required for RELATIVE type)",
"properties": {
"units": {
"type": "string",
"description": "Unit of time for relative range",
"enum": [
"HOURS",
"DAYS",
"WEEKS"
]
},
"value": {
"type": "int32",
"description": "Number of units for relative range"
}
}
}
},
"required": [
"type"
]
},
"filter": {
"type": "object",
"description": "Filter criteria for the data resource query",
"properties": {
"operator": {
"type": "string",
"description": "Logical operator for combining filter rules",
"enum": [
"AND",
"OR"
]
},
"rules": {
"type": "array",
"description": "List of filter rules",
"items": {
"type": "object",
"properties": {
"property": {
"type": "string",
"description": "Property name to filter on"
},
"operator": {
"type": "string",
"description": "Comparison operator",
"enum": [
"equals",
"not_equals",
"contains",
"in",
"not_in",
"greater_than",
"less_than"
]
},
"values": {
"type": "array",
"description": "Values to match against",
"items": {
"type": "string"
}
}
}
}
}
}
}
}
}
}
},
"count": {
"type": "int32",
"description": "Maximum number of results to return",
"minimum": 1,
"maximum": 1000,
"default": 100
},
"histogram": {
"type": "object",
"description": "Histogram aggregation configuration",
"properties": {
"property": {
"type": "string",
"description": "Property to aggregate over"
},
"enabledGranularity": {
"type": "string",
"description": "Time granularity for histogram buckets",
"enum": [
"15_MIN",
"1_HOUR",
"1_DAY"
]
}
}
},
"group_by": {
"type": "array",
"description": "Properties to group results by",
"items": {
"type": "string"
}
},
"sort": {
"type": "object",
"description": "Sort configuration for results",
"properties": {
"order": {
"type": "string",
"enum": [
"asc",
"desc"
]
},
"property": {
"type": "string"
}
}
}
}
}
}
}