Palo Alto Networks · JSON Structure

Threat Vault Api Atp Report Structure

Advanced Threat Prevention inline analysis report.

Type: object Properties: 6
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

AtpReport is a JSON Structure definition published by Palo Alto Networks, describing 6 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

id sha256 status verdict create_time report

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/threat-vault-api-atp-report-structure.json",
  "name": "AtpReport",
  "description": "Advanced Threat Prevention inline analysis report.",
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "description": "Unique report identifier."
    },
    "sha256": {
      "type": "string",
      "description": "SHA-256 hash of the analyzed sample."
    },
    "status": {
      "type": "string",
      "enum": [
        "pending",
        "complete",
        "error"
      ]
    },
    "verdict": {
      "type": "string",
      "enum": [
        "benign",
        "malware",
        "grayware",
        "phishing",
        "unknown"
      ]
    },
    "create_time": {
      "type": "datetime"
    },
    "report": {
      "type": "object",
      "description": "Detailed behavioral analysis data.",
      "properties": {
        "file_type": {
          "type": "string"
        },
        "size": {
          "type": "int32"
        },
        "behaviors": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "name": {
                "type": "string"
              },
              "description": {
                "type": "string"
              },
              "severity": {
                "type": "string"
              }
            }
          }
        },
        "network": {
          "type": "object",
          "properties": {
            "dns_queries": {
              "type": "array",
              "items": {
                "type": "string"
              }
            },
            "http_requests": {
              "type": "array",
              "items": {
                "type": "string"
              }
            },
            "connections": {
              "type": "array",
              "items": {
                "type": "object",
                "properties": {
                  "dst_ip": {
                    "type": "string"
                  },
                  "dst_port": {
                    "type": "int32"
                  },
                  "protocol": {
                    "type": "string"
                  }
                }
              }
            }
          }
        }
      }
    }
  }
}