openapi: 3.1.0 info: title: Palo Alto Networks Prisma SD-WAN API description: >- REST API for the Prisma SD-WAN branch networking platform providing programmatic access to site management, WAN and LAN interface configuration, QoS rules, path policy rules, site performance metrics, application usage monitoring, and alarm management. Prisma SD-WAN enables intelligent path selection, application-aware routing, and centralized management of branch office connectivity across the SASE fabric. The unified API is available at https://api.sase.paloaltonetworks.com. A legacy CloudGenix-compatible API is available at https://api.cloudgenix.com/v4.7. version: '1.0' contact: name: Palo Alto Networks Developer Support url: https://pan.dev/ license: name: Proprietary url: https://www.paloaltonetworks.com/legal servers: - url: https://api.sase.paloaltonetworks.com description: Prisma SD-WAN unified SASE API server. - url: https://api.cloudgenix.com/v4.7 description: Legacy CloudGenix API server (v4.7). security: - oauth2: [] tags: - name: LANNetworks description: >- LAN network configuration for defining local networks at SD-WAN sites. - name: Monitoring description: >- Site performance metrics, application usage data, and alarm monitoring. - name: PathRules description: >- Path policy rule management for controlling traffic steering decisions across available WAN links. - name: QoSRules description: >- Quality of Service rule management for traffic prioritization across WAN links. - name: Sites description: >- SD-WAN site management for branch offices, data centers, and remote locations. - name: WANInterfaces description: >- WAN interface configuration for defining upstream connectivity including ISP links, MPLS circuits, and LTE connections. paths: /sdwan/config/v1/sites: get: operationId: listSites summary: Palo Alto Networks List SD-WAN Sites description: >- Returns a list of all SD-WAN sites configured in the tenant. Each site represents a physical location such as a branch office, data center, or retail store with one or more ION devices providing SD-WAN functionality. tags: - Sites parameters: - name: offset in: query description: Starting offset for pagination. schema: type: integer default: 0 example: 0 - name: limit in: query description: Maximum number of sites to return. schema: type: integer default: 100 maximum: 1000 example: 100 - name: name in: query description: Filter sites by name. schema: type: string example: Production Sensor 29 responses: '200': description: Sites returned successfully. content: application/json: schema: type: object properties: count: type: integer description: Total number of sites matching the query. items: type: array items: $ref: '#/components/schemas/Site' examples: ListSites200Example: summary: Default listSites 200 response x-microcks-default: true value: count: 322 items: - id: example-id name: Corporate Agent 04 description: Malware Security network monitoring network policy threat configured. admin_state: active element_cluster_role: SPOKE address: &id001 street: example-street city: example-city state: example-state post_code: example-post_code country: GB location: &id002 latitude: 87.48 longitude: 37.43 tags: &id003 - production created_at: '2026-10-04T07:36:12Z' updated_at: '2024-08-23T22:58:22Z' - id: example-id name: Corporate Agent 04 description: Malware Security network monitoring network policy threat configured. admin_state: active element_cluster_role: SPOKE address: *id001 location: *id002 tags: *id003 created_at: '2026-10-04T07:36:12Z' updated_at: '2024-08-23T22:58:22Z' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createSite summary: Palo Alto Networks Create an SD-WAN Site description: >- Creates a new SD-WAN site definition. After creation, ION elements and WAN interfaces can be configured and assigned to the site. tags: - Sites requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Site' examples: CreateSiteRequestExample: summary: Default createSite request x-microcks-default: true value: id: example-id name: Corporate Agent 04 description: Malware Security network monitoring network policy threat configured. admin_state: active element_cluster_role: SPOKE address: *id001 location: *id002 tags: *id003 created_at: '2026-10-04T07:36:12Z' updated_at: '2024-08-23T22:58:22Z' responses: '200': description: Site created successfully. content: application/json: schema: $ref: '#/components/schemas/Site' examples: CreateSite200Example: summary: Default createSite 200 response x-microcks-default: true value: id: example-id name: Corporate Agent 04 description: Malware Security network monitoring network policy threat configured. admin_state: active element_cluster_role: SPOKE address: *id001 location: *id002 tags: *id003 created_at: '2026-10-04T07:36:12Z' updated_at: '2024-08-23T22:58:22Z' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sdwan/config/v1/sites/{site_id}: get: operationId: getSite summary: Palo Alto Networks Get an SD-WAN Site description: Returns the configuration of a specific SD-WAN site by ID. tags: - Sites parameters: - name: site_id in: path required: true description: Unique site identifier. schema: type: string example: '330934' responses: '200': description: Site returned successfully. content: application/json: schema: $ref: '#/components/schemas/Site' examples: GetSite200Example: summary: Default getSite 200 response x-microcks-default: true value: id: example-id name: Corporate Agent 04 description: Malware Security network monitoring network policy threat configured. admin_state: active element_cluster_role: SPOKE address: *id001 location: *id002 tags: *id003 created_at: '2026-10-04T07:36:12Z' updated_at: '2024-08-23T22:58:22Z' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK put: operationId: updateSite summary: Palo Alto Networks Update an SD-WAN Site description: Updates the configuration of an existing SD-WAN site. tags: - Sites parameters: - name: site_id in: path required: true description: Unique site identifier. schema: type: string example: '655853' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Site' examples: UpdateSiteRequestExample: summary: Default updateSite request x-microcks-default: true value: id: example-id name: Corporate Agent 04 description: Malware Security network monitoring network policy threat configured. admin_state: active element_cluster_role: SPOKE address: *id001 location: *id002 tags: *id003 created_at: '2026-10-04T07:36:12Z' updated_at: '2024-08-23T22:58:22Z' responses: '200': description: Site updated successfully. content: application/json: schema: $ref: '#/components/schemas/Site' examples: UpdateSite200Example: summary: Default updateSite 200 response x-microcks-default: true value: id: example-id name: Corporate Agent 04 description: Malware Security network monitoring network policy threat configured. admin_state: active element_cluster_role: SPOKE address: *id001 location: *id002 tags: *id003 created_at: '2026-10-04T07:36:12Z' updated_at: '2024-08-23T22:58:22Z' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: operationId: deleteSite summary: Palo Alto Networks Delete an SD-WAN Site description: Deletes an SD-WAN site and all associated configuration. tags: - Sites parameters: - name: site_id in: path required: true description: Unique site identifier. schema: type: string example: '653838' responses: '200': description: Site deleted successfully. '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sdwan/config/v1/sites/{site_id}/wan-interfaces: get: operationId: listSiteWANInterfaces summary: Palo Alto Networks List WAN Interfaces at a Site description: >- Returns a list of WAN interfaces configured at the specified site. WAN interfaces represent upstream network connections such as broadband ISP links, MPLS circuits, or LTE backup links. tags: - WANInterfaces parameters: - name: site_id in: path required: true description: Unique site identifier. schema: type: string example: '315148' - name: offset in: query schema: type: integer default: 0 example: 0 - name: limit in: query schema: type: integer default: 100 example: 100 responses: '200': description: WAN interfaces returned successfully. content: application/json: schema: type: object properties: count: type: integer items: type: array items: $ref: '#/components/schemas/WANInterface' examples: ListSiteWaninterfaces200Example: summary: Default listSiteWANInterfaces 200 response x-microcks-default: true value: count: 787 items: - id: example-id name: Production Policy 71 description: Configured incident suspicious activity threat blocked configured network detected traffic threat policy. type: privatewan link_bw_down: 60.87 link_bw_up: 77.3 cost: 63 lqm_enabled: true label_id: '854028' site_id: '372160' created_at: '2025-04-10T23:35:40Z' updated_at: '2026-06-05T22:18:20Z' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createSiteWANInterface summary: Palo Alto Networks Create a WAN Interface at a Site description: Creates a new WAN interface configuration at the specified site. tags: - WANInterfaces parameters: - name: site_id in: path required: true description: Unique site identifier. schema: type: string example: '816030' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/WANInterface' examples: CreateSiteWaninterfaceRequestExample: summary: Default createSiteWANInterface request x-microcks-default: true value: id: example-id name: Production Policy 71 description: Configured incident suspicious activity threat blocked configured network detected traffic threat policy. type: privatewan link_bw_down: 60.87 link_bw_up: 77.3 cost: 63 lqm_enabled: true label_id: '854028' site_id: '372160' created_at: '2025-04-10T23:35:40Z' updated_at: '2026-06-05T22:18:20Z' responses: '200': description: WAN interface created successfully. content: application/json: schema: $ref: '#/components/schemas/WANInterface' examples: CreateSiteWaninterface200Example: summary: Default createSiteWANInterface 200 response x-microcks-default: true value: id: example-id name: Production Policy 71 description: Configured incident suspicious activity threat blocked configured network detected traffic threat policy. type: privatewan link_bw_down: 60.87 link_bw_up: 77.3 cost: 63 lqm_enabled: true label_id: '854028' site_id: '372160' created_at: '2025-04-10T23:35:40Z' updated_at: '2026-06-05T22:18:20Z' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sdwan/config/v1/sites/{site_id}/lan-networks: get: operationId: listSiteLANNetworks summary: Palo Alto Networks List LAN Networks at a Site description: >- Returns a list of LAN networks configured at the specified site. LAN networks define the local subnets and VLAN configurations served by the SD-WAN device at the site. tags: - LANNetworks parameters: - name: site_id in: path required: true description: Unique site identifier. schema: type: string example: '999561' - name: offset in: query schema: type: integer default: 0 example: 0 - name: limit in: query schema: type: integer default: 100 example: 100 responses: '200': description: LAN networks returned successfully. content: application/json: schema: type: object properties: count: type: integer items: type: array items: $ref: '#/components/schemas/LANNetwork' examples: ListSiteLannetworks200Example: summary: Default listSiteLANNetworks 200 response x-microcks-default: true value: count: 152 items: - id: example-id name: Branch Agent 29 description: Malware activity violation traffic configured applied endpoint on blocked rule. network: example-network vlan_id: 1844 dhcp_enabled: false site_id: '464822' created_at: '2026-11-11T20:32:51Z' updated_at: '2024-05-16T20:23:02Z' - id: example-id name: Branch Agent 29 description: Malware activity violation traffic configured applied endpoint on blocked rule. network: example-network vlan_id: 1844 dhcp_enabled: false site_id: '464822' created_at: '2026-11-11T20:32:51Z' updated_at: '2024-05-16T20:23:02Z' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createSiteLANNetwork summary: Palo Alto Networks Create a LAN Network at a Site description: Creates a new LAN network configuration at the specified site. tags: - LANNetworks parameters: - name: site_id in: path required: true description: Unique site identifier. schema: type: string example: '768166' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/LANNetwork' examples: CreateSiteLannetworkRequestExample: summary: Default createSiteLANNetwork request x-microcks-default: true value: id: example-id name: Branch Agent 29 description: Malware activity violation traffic configured applied endpoint on blocked rule. network: example-network vlan_id: 1844 dhcp_enabled: false site_id: '464822' created_at: '2026-11-11T20:32:51Z' updated_at: '2024-05-16T20:23:02Z' responses: '200': description: LAN network created successfully. content: application/json: schema: $ref: '#/components/schemas/LANNetwork' examples: CreateSiteLannetwork200Example: summary: Default createSiteLANNetwork 200 response x-microcks-default: true value: id: example-id name: Branch Agent 29 description: Malware activity violation traffic configured applied endpoint on blocked rule. network: example-network vlan_id: 1844 dhcp_enabled: false site_id: '464822' created_at: '2026-11-11T20:32:51Z' updated_at: '2024-05-16T20:23:02Z' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sdwan/config/v1/policies/qos-rules: get: operationId: listQoSRules summary: Palo Alto Networks List QoS Rules description: >- Returns a list of Quality of Service rules configured in the SD-WAN tenant. QoS rules define traffic prioritization and bandwidth allocation policies for applications traversing WAN links. tags: - QoSRules parameters: - name: offset in: query schema: type: integer default: 0 example: 0 - name: limit in: query schema: type: integer default: 100 example: 100 responses: '200': description: QoS rules returned successfully. content: application/json: schema: type: object properties: count: type: integer items: type: array items: $ref: '#/components/schemas/QoSRule' examples: ListQoSrules200Example: summary: Default listQoSRules 200 response x-microcks-default: true value: count: 844 items: - id: example-id name: Primary Firewall 86 description: Traffic suspicious policy detected incident investigation Security. priority: default dscp_class: example-dscp_class app_filters: &id004 - example-app_filters_item - example-app_filters_item bandwidth_limit_up: 31.68 bandwidth_limit_down: 7.47 enabled: true created_at: '2025-12-11T11:28:34Z' updated_at: '2025-01-25T09:11:56Z' - id: example-id name: Primary Firewall 86 description: Traffic suspicious policy detected incident investigation Security. priority: default dscp_class: example-dscp_class app_filters: *id004 bandwidth_limit_up: 31.68 bandwidth_limit_down: 7.47 enabled: true created_at: '2025-12-11T11:28:34Z' updated_at: '2025-01-25T09:11:56Z' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createQoSRule summary: Palo Alto Networks Create a QoS Rule description: Creates a new QoS traffic prioritization rule. tags: - QoSRules requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/QoSRule' examples: CreateQoSruleRequestExample: summary: Default createQoSRule request x-microcks-default: true value: id: example-id name: Primary Firewall 86 description: Traffic suspicious policy detected incident investigation Security. priority: default dscp_class: example-dscp_class app_filters: *id004 bandwidth_limit_up: 31.68 bandwidth_limit_down: 7.47 enabled: true created_at: '2025-12-11T11:28:34Z' updated_at: '2025-01-25T09:11:56Z' responses: '200': description: QoS rule created successfully. content: application/json: schema: $ref: '#/components/schemas/QoSRule' examples: CreateQoSrule200Example: summary: Default createQoSRule 200 response x-microcks-default: true value: id: example-id name: Primary Firewall 86 description: Traffic suspicious policy detected incident investigation Security. priority: default dscp_class: example-dscp_class app_filters: *id004 bandwidth_limit_up: 31.68 bandwidth_limit_down: 7.47 enabled: true created_at: '2025-12-11T11:28:34Z' updated_at: '2025-01-25T09:11:56Z' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sdwan/config/v1/policies/path-rules: get: operationId: listPathRules summary: Palo Alto Networks List Path Policy Rules description: >- Returns a list of path policy rules. Path rules control traffic steering decisions across available WAN links based on application identity, source, destination, and link quality conditions. tags: - PathRules parameters: - name: offset in: query schema: type: integer default: 0 example: 0 - name: limit in: query schema: type: integer default: 100 example: 100 responses: '200': description: Path policy rules returned successfully. content: application/json: schema: type: object properties: count: type: integer items: type: array items: $ref: '#/components/schemas/PathRule' examples: ListPathRules200Example: summary: Default listPathRules 200 response x-microcks-default: true value: count: 207 items: - id: example-id name: Branch Sensor 65 description: Alert suspicious incident policy rule detected investigation malware rule suspicious traffic applied. app_filters: &id005 - example-app_filters_item - example-app_filters_item preferred_paths: &id006 - label: Primary Sensor 13 type: active - label: Branch Agent 67 type: backup sla_threshold: &id007 latency_ms: 949 packet_loss_pct: 91.65 jitter_ms: 547 enabled: true priority: 446 created_at: '2025-11-26T11:25:53Z' updated_at: '2025-12-01T02:58:26Z' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createPathRule summary: Palo Alto Networks Create a Path Policy Rule description: Creates a new path policy rule for traffic steering. tags: - PathRules requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PathRule' examples: CreatePathRuleRequestExample: summary: Default createPathRule request x-microcks-default: true value: id: example-id name: Branch Sensor 65 description: Alert suspicious incident policy rule detected investigation malware rule suspicious traffic applied. app_filters: *id005 preferred_paths: *id006 sla_threshold: *id007 enabled: true priority: 446 created_at: '2025-11-26T11:25:53Z' updated_at: '2025-12-01T02:58:26Z' responses: '200': description: Path policy rule created successfully. content: application/json: schema: $ref: '#/components/schemas/PathRule' examples: CreatePathRule200Example: summary: Default createPathRule 200 response x-microcks-default: true value: id: example-id name: Branch Sensor 65 description: Alert suspicious incident policy rule detected investigation malware rule suspicious traffic applied. app_filters: *id005 preferred_paths: *id006 sla_threshold: *id007 enabled: true priority: 446 created_at: '2025-11-26T11:25:53Z' updated_at: '2025-12-01T02:58:26Z' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sdwan/monitor/v1/sites/{site_id}/metrics: get: operationId: getSiteMetrics summary: Palo Alto Networks Get Site Performance Metrics description: >- Returns performance metrics for a specific SD-WAN site including WAN link utilization, latency, jitter, and packet loss data collected from the site's ION devices. tags: - Monitoring parameters: - name: site_id in: path required: true description: Unique site identifier. schema: type: string example: '222584' - name: start_time in: query description: Start of the time range in ISO 8601 format. schema: type: string format: date-time example: '2025-02-14T19:41:54Z' - name: end_time in: query description: End of the time range in ISO 8601 format. schema: type: string format: date-time example: '2026-02-21T15:57:03Z' - name: metric_type in: query description: Type of metric to retrieve. schema: type: string enum: - bandwidth - latency - jitter - packet_loss example: packet_loss - name: granularity in: query description: Time granularity for metric aggregation. schema: type: string enum: - 5m - 15m - 1h - 1d default: 1h example: 1h responses: '200': description: Site metrics returned successfully. content: application/json: schema: type: object properties: site_id: type: string data: type: array items: $ref: '#/components/schemas/SiteMetric' examples: GetSiteMetrics200Example: summary: Default getSiteMetrics 200 response x-microcks-default: true value: site_id: '662718' data: - timestamp: '2025-09-01T22:29:24Z' site_id: '161135' interface_name: Corporate Policy 17 metric_type: packet_loss value: 78.22 unit: example-unit direction: download '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sdwan/monitor/v1/applications: get: operationId: getApplicationUsage summary: Palo Alto Networks Get Application Usage description: >- Returns application usage and performance data across all SD-WAN sites. Includes bandwidth consumption, session counts, and quality metrics per application. tags: - Monitoring parameters: - name: start_time in: query description: Start of the time range in ISO 8601 format. schema: type: string format: date-time example: '2026-03-04T16:23:46Z' - name: end_time in: query description: End of the time range in ISO 8601 format. schema: type: string format: date-time example: '2025-01-10T18:24:30Z' - name: site_id in: query description: Filter by specific site. schema: type: string example: '614282' - name: offset in: query schema: type: integer default: 0 example: 0 - name: limit in: query schema: type: integer default: 100 example: 100 responses: '200': description: Application usage returned successfully. content: application/json: schema: type: object properties: count: type: integer items: type: array items: $ref: '#/components/schemas/ApplicationUsage' examples: GetApplicationUsage200Example: summary: Default getApplicationUsage 200 response x-microcks-default: true value: count: 185 items: - application: web-browsing site_id: '410918' bytes_up: 73 bytes_down: 230 sessions: 208 avg_latency_ms: 38.32 timestamp: '2024-08-27T23:45:05Z' - application: web-browsing site_id: '410918' bytes_up: 73 bytes_down: 230 sessions: 208 avg_latency_ms: 38.32 timestamp: '2024-08-27T23:45:05Z' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sdwan/monitor/v1/alarms: get: operationId: listAlarms summary: Palo Alto Networks List Active Alarms description: >- Returns a list of active SD-WAN alarms across all monitored sites. Alarms indicate conditions requiring attention such as WAN link failures, high latency, device disconnections, and tunnel state changes. tags: - Monitoring parameters: - name: site_id in: query description: Filter alarms by site. schema: type: string example: '823482' - name: severity in: query description: Filter alarms by severity level. schema: type: string enum: - critical - major - minor - info example: critical - name: acknowledged in: query description: Filter by acknowledgement status. schema: type: boolean example: false - name: offset in: query schema: type: integer default: 0 example: 0 - name: limit in: query schema: type: integer default: 100 example: 100 responses: '200': description: Alarms returned successfully. content: application/json: schema: type: object properties: count: type: integer items: type: array items: $ref: '#/components/schemas/Alarm' examples: ListAlarms200Example: summary: Default listAlarms 200 response x-microcks-default: true value: count: 704 items: - id: example-id type: advanced severity: info site_id: '409586' site_name: Staging Sensor 34 element_id: '467131' message: Monitoring network monitoring configured endpoint policy on traffic. acknowledged: true acknowledged_by: example-acknowledged_by acknowledged_at: '2026-06-22T16:54:17Z' raised_at: '2026-05-16T13:49:38Z' cleared_at: '2024-10-17T10:24:44Z' - id: example-id type: advanced severity: info site_id: '409586' site_name: Staging Sensor 34 element_id: '467131' message: Monitoring network monitoring configured endpoint policy on traffic. acknowledged: true acknowledged_by: example-acknowledged_by acknowledged_at: '2026-06-22T16:54:17Z' raised_at: '2026-05-16T13:49:38Z' cleared_at: '2024-10-17T10:24:44Z' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK components: securitySchemes: oauth2: type: oauth2 description: >- OAuth 2.0 client credentials flow for obtaining an access token. Requires a client ID and client secret from the Palo Alto Networks SASE identity provider. flows: clientCredentials: tokenUrl: https://auth.apps.paloaltonetworks.com/oauth2/access_token scopes: {} responses: Unauthorized: description: Missing or invalid OAuth2 access token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' Forbidden: description: Insufficient permissions for this operation. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' BadRequest: description: Invalid request parameters or body. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' NotFound: description: The requested resource was not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' InternalServerError: description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' schemas: Site: type: object required: - name properties: id: type: string description: Unique identifier for the site. readOnly: true example: example-id name: type: string description: Name of the SD-WAN site. example: Corporate Agent 04 description: type: string description: Optional description of the site. example: Malware Security network monitoring network policy threat configured. admin_state: type: string enum: - active - disabled default: active description: Administrative state of the site. example: active element_cluster_role: type: string enum: - SPOKE - HUB - NONE default: SPOKE description: Role of the site in the SD-WAN topology. example: SPOKE address: type: object description: Physical address of the site. properties: street: type: string example: example-street city: type: string example: example-city state: type: string example: example-state post_code: type: string example: example-post_code country: type: string example: GB example: *id001 location: type: object description: Geographic coordinates of the site. properties: latitude: type: number format: double example: 91.22 longitude: type: number format: double example: 29.43 example: *id002 tags: type: array items: type: string description: Tags for organizing and filtering sites. example: *id003 created_at: type: string format: date-time readOnly: true example: '2026-10-04T07:36:12Z' updated_at: type: string format: date-time readOnly: true example: '2024-08-23T22:58:22Z' WANInterface: type: object required: - name - type properties: id: type: string description: Unique identifier for the WAN interface. readOnly: true example: example-id name: type: string description: Name of the WAN interface. example: Production Policy 71 description: type: string example: Configured incident suspicious activity threat blocked configured network detected traffic threat policy. type: type: string enum: - publicwan - privatewan description: Type of WAN connection. example: privatewan link_bw_down: type: number description: Downstream bandwidth in Mbps. example: 60.87 link_bw_up: type: number description: Upstream bandwidth in Mbps. example: 77.3 cost: type: integer minimum: 0 maximum: 255 description: Cost metric for path selection. Lower cost is preferred. example: 63 lqm_enabled: type: boolean default: true description: Whether Link Quality Monitoring is enabled. example: true label_id: type: string description: WAN interface label for policy-based routing. example: '854028' site_id: type: string readOnly: true example: '372160' created_at: type: string format: date-time readOnly: true example: '2025-04-10T23:35:40Z' updated_at: type: string format: date-time readOnly: true example: '2026-06-05T22:18:20Z' LANNetwork: type: object required: - name - network properties: id: type: string description: Unique identifier for the LAN network. readOnly: true example: example-id name: type: string description: Name of the LAN network. example: Branch Agent 29 description: type: string example: Malware activity violation traffic configured applied endpoint on blocked rule. network: type: string description: Subnet CIDR for the LAN network (e.g., 192.168.1.0/24). example: example-network vlan_id: type: integer minimum: 1 maximum: 4094 description: VLAN identifier for this LAN network. example: 1844 dhcp_enabled: type: boolean default: false description: Whether the ION device serves DHCP for this network. example: false site_id: type: string readOnly: true example: '464822' created_at: type: string format: date-time readOnly: true example: '2026-11-11T20:32:51Z' updated_at: type: string format: date-time readOnly: true example: '2024-05-16T20:23:02Z' QoSRule: type: object required: - name properties: id: type: string description: Unique identifier for the QoS rule. readOnly: true example: example-id name: type: string description: Name of the QoS rule. example: Primary Firewall 86 description: type: string example: Traffic suspicious policy detected incident investigation Security. priority: type: string enum: - high - medium - low - default description: Traffic priority for matching flows. example: default dscp_class: type: string description: DSCP class to apply for marking traffic. example: example-dscp_class app_filters: type: array items: type: string description: Application names or identifiers this rule applies to. example: *id004 bandwidth_limit_up: type: number description: Upstream bandwidth limit in Mbps for matched traffic. example: 31.68 bandwidth_limit_down: type: number description: Downstream bandwidth limit in Mbps for matched traffic. example: 7.47 enabled: type: boolean default: true description: Whether the rule is active. example: true created_at: type: string format: date-time readOnly: true example: '2025-12-11T11:28:34Z' updated_at: type: string format: date-time readOnly: true example: '2025-01-25T09:11:56Z' PathRule: type: object required: - name properties: id: type: string description: Unique identifier for the path rule. readOnly: true example: example-id name: type: string description: Name of the path rule. example: Branch Sensor 65 description: type: string example: Alert suspicious incident policy rule detected investigation malware rule suspicious traffic applied. app_filters: type: array items: type: string description: Application identifiers this path rule applies to. example: *id005 preferred_paths: type: array items: type: object properties: label: type: string description: WAN interface label for the preferred path. example: Production Agent 68 type: type: string enum: - active - backup description: Whether this path is active or backup. example: active description: Ordered list of preferred WAN paths for traffic steering. example: *id006 sla_threshold: type: object description: SLA thresholds that trigger path switching. properties: latency_ms: type: integer description: Maximum acceptable latency in milliseconds. example: 703 packet_loss_pct: type: number description: Maximum acceptable packet loss percentage. example: 12.38 jitter_ms: type: integer description: Maximum acceptable jitter in milliseconds. example: 2 example: *id007 enabled: type: boolean default: true description: Whether the rule is active. example: true priority: type: integer description: Rule evaluation priority. Lower numbers are evaluated first. example: 446 created_at: type: string format: date-time readOnly: true example: '2025-11-26T11:25:53Z' updated_at: type: string format: date-time readOnly: true example: '2025-12-01T02:58:26Z' SiteMetric: type: object properties: timestamp: type: string format: date-time description: Time bucket for the aggregated metric. example: '2025-09-01T22:29:24Z' site_id: type: string description: Site identifier. example: '161135' interface_name: type: string description: WAN interface name. example: Corporate Policy 17 metric_type: type: string enum: - bandwidth - latency - jitter - packet_loss description: Type of metric. example: packet_loss value: type: number description: Metric value. example: 78.22 unit: type: string description: Unit of measurement (e.g., Mbps, ms, pct). example: example-unit direction: type: string enum: - upload - download description: Traffic direction for bandwidth metrics. example: download ApplicationUsage: type: object properties: application: type: string description: Application name. example: web-browsing site_id: type: string description: Site where the application traffic was observed. example: '410918' bytes_up: type: integer format: int64 description: Uploaded bytes for the application. example: 73 bytes_down: type: integer format: int64 description: Downloaded bytes for the application. example: 230 sessions: type: integer description: Number of application sessions. example: 208 avg_latency_ms: type: number description: Average latency for application traffic. example: 38.32 timestamp: type: string format: date-time description: Time bucket for the usage data. example: '2024-08-27T23:45:05Z' Alarm: type: object properties: id: type: string description: Unique alarm identifier. example: example-id type: type: string description: Alarm type identifier. example: advanced severity: type: string enum: - critical - major - minor - info description: Alarm severity level. example: info site_id: type: string description: Site where the alarm was generated. example: '409586' site_name: type: string description: Name of the site where the alarm was generated. example: Staging Sensor 34 element_id: type: string description: ION element identifier that generated the alarm. example: '467131' message: type: string description: Human-readable alarm description. example: Monitoring network monitoring configured endpoint policy on traffic. acknowledged: type: boolean description: Whether the alarm has been acknowledged. example: true acknowledged_by: type: string description: User who acknowledged the alarm. example: example-acknowledged_by acknowledged_at: type: string format: date-time description: Timestamp when the alarm was acknowledged. example: '2026-06-22T16:54:17Z' raised_at: type: string format: date-time description: Timestamp when the alarm was raised. example: '2026-05-16T13:49:38Z' cleared_at: type: string format: date-time description: Timestamp when the alarm was cleared. Null if still active. example: '2024-10-17T10:24:44Z' ErrorResponse: type: object properties: _error: type: array items: type: object properties: code: type: string example: example-code message: type: string example: Investigation firewall on investigation blocked malware on on activity traffic. example: - code: example-code message: Traffic activity blocked incident activity alert rule alert firewall incident. - code: example-code message: Traffic policy on violation blocked Security investigation blocked rule on malware network.