Palo Alto Networks · JSON Structure
Threat Vault Api Threat List Structure
ThreatList schema from Palo Alto Networks Threat Vault API
Type: object
Properties: 6
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR
ThreatList is a JSON Structure definition published by Palo Alto Networks, describing 6 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.
Properties
success
data
count
total
offset
limit
Meta-schema: https://json-structure.org/meta/core/v0/#
JSON Structure
{
"$schema": "https://json-structure.org/meta/core/v0/#",
"$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/threat-vault-api-threat-list-structure.json",
"name": "ThreatList",
"description": "ThreatList schema from Palo Alto Networks Threat Vault API",
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"zingbox": {
"type": "array",
"items": {
"type": "object",
"description": "Threat signature metadata record.",
"properties": {
"id": {
"type": "int32",
"description": "Unique signature identifier."
},
"name": {
"type": "string",
"description": "Signature name."
},
"type": {
"type": "string",
"description": "Signature type category.",
"enum": [
"antivirus",
"antispyware",
"vulnerability",
"dns",
"fileformat"
]
},
"subtype": {
"type": "string",
"description": "Signature subtype (e.g., virus, trojan, exploit)."
},
"severity": {
"type": "string",
"enum": [
"critical",
"high",
"medium",
"low",
"informational"
]
},
"description": {
"type": "string",
"description": "Human-readable description of the threat."
},
"cve": {
"type": "array",
"description": "Associated CVE identifiers.",
"items": {
"type": "string"
}
},
"default_action": {
"type": "string",
"description": "Default action applied to traffic matching this signature.",
"enum": [
"alert",
"allow",
"drop",
"reset-both",
"reset-client",
"reset-server",
"block-ip",
"sinkhole"
]
},
"min_version": {
"type": "string",
"description": "Minimum PAN-OS version supporting this signature."
},
"max_version": {
"type": "string",
"description": "Maximum PAN-OS version supporting this signature (empty if still active)."
},
"status": {
"type": "string",
"enum": [
"released",
"deprecated",
"disabled"
]
},
"ori_release_version": {
"type": "string",
"description": "Content version in which this signature was first released."
},
"latest_release_version": {
"type": "string",
"description": "Most recent content version that updated this signature."
},
"first_release_time": {
"type": "datetime",
"description": "Timestamp when the signature was first released."
},
"latest_release_time": {
"type": "datetime",
"description": "Timestamp of the most recent signature update."
},
"sha256": {
"type": "array",
"description": "SHA-256 hashes associated with this signature (antivirus).",
"items": {
"type": "string"
}
}
}
}
}
}
},
"count": {
"type": "int32",
"description": "Total number of matching signatures."
},
"total": {
"type": "int32"
},
"offset": {
"type": "int32"
},
"limit": {
"type": "int32"
}
}
}