openapi: 3.1.0 info: title: Palo Alto Networks Security Advisory API description: >- Public REST API for querying Palo Alto Networks Product Security Incident Response Team (PSIRT) security advisories. Beta release. Provides access to published vulnerability advisories including CVE identifiers, severity ratings, CVSS scores, affected products and versions, fixed versions, and remediation guidance. No authentication is required. Advisory data covers PAN-OS, Cortex XDR, Prisma Cloud, GlobalProtect, and other Palo Alto Networks products. version: '1.0-beta' contact: name: Palo Alto Networks Developer Support url: https://pan.dev/ license: name: Proprietary url: https://www.paloaltonetworks.com/legal servers: - url: https://security.paloaltonetworks.com/api description: Palo Alto Networks Security Advisory API (public beta). security: [] tags: - name: Advisories description: Query and retrieve PSIRT security advisories. - name: Products description: Query affected products referenced in security advisories. paths: /advisories: get: operationId: listAdvisories summary: Palo Alto Networks List All Security Advisories description: >- Returns a paginated list of published PSIRT security advisories. Supports filtering by severity, affected product, and sorting by publication date or CVSS score. This endpoint is publicly accessible and does not require authentication. Results include advisory metadata, CVE identifiers, severity ratings, and affected product summaries. tags: - Advisories parameters: - name: severity in: query description: Filter advisories by severity level. schema: type: string enum: - NONE - LOW - MEDIUM - HIGH - CRITICAL example: MEDIUM - name: affected_product in: query description: >- Filter by affected product name. Examples: PAN-OS, Cortex XDR Agent, Prisma Cloud, GlobalProtect, Cortex XSOAR. schema: type: string example: example-affected_product - name: sort in: query description: Field and direction to sort results by. schema: type: string enum: - -publishedDate - publishedDate - -cvssScore - cvssScore default: -publishedDate example: -publishedDate - name: limit in: query description: Maximum number of advisories to return per page. schema: type: integer default: 50 maximum: 200 example: 50 - name: offset in: query description: Number of results to skip for pagination. schema: type: integer default: 0 example: 0 responses: '200': description: Security advisories returned. content: application/json: schema: type: object properties: total: type: integer description: Total number of advisories matching the query. offset: type: integer description: Current pagination offset. limit: type: integer description: Number of results per page. data: type: array items: $ref: '#/components/schemas/Advisory' examples: ListAdvisories200Example: summary: Default listAdvisories 200 response x-microcks-default: true value: total: 156 offset: 236 limit: 422 data: - advisory_id: '234493' cve_id: '128548' title: Corporate Agent 18 description: Rule suspicious endpoint investigation firewall suspicious blocked configured. severity: CRITICAL cvss_score: 7.06 cvss_vector: example-cvss_vector cwe: example-cwe affected_products: &id001 - product: example-product versions: - version: 3.0.0 status: Unaffected - product: example-product versions: - version: 5.7.5 status: Unaffected - version: 7.8.2 status: Fixed fixed_versions: &id002 - 1.5.8 - 8.6.4 workarounds: example-workarounds exploit_status: None published_date: '2025-03-02T01:26:35Z' last_modified_date: '2025-08-23T12:10:49Z' references: &id003 - url: https://vpn.test-corp.net/3c1d96 description: Traffic threat blocked activity incident monitoring violation Security Security. '400': description: Invalid query parameters. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListAdvisories400Example: summary: Default listAdvisories 400 response x-microcks-default: true value: error: example-error message: Malware on activity detected policy configured investigation rule Security alert network alert. '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListAdvisories500Example: summary: Default listAdvisories 500 response x-microcks-default: true value: error: example-error message: Malware on activity detected policy configured investigation rule Security alert network alert. x-microcks-operation: delay: 0 dispatcher: FALLBACK /advisories/{advisory_id}: get: operationId: getAdvisory summary: Palo Alto Networks Get a Single Security Advisory description: >- Returns full details for a specific security advisory by its advisory ID. Includes the complete description, CVSS scoring, affected product versions, fixed versions, available workarounds, and references to external resources such as NVD entries. tags: - Advisories parameters: - name: advisory_id in: path required: true description: >- Palo Alto Networks advisory identifier (e.g., PAN-SA-2024-0001). schema: type: string example: '759733' responses: '200': description: Advisory details returned. content: application/json: schema: $ref: '#/components/schemas/Advisory' examples: GetAdvisory200Example: summary: Default getAdvisory 200 response x-microcks-default: true value: advisory_id: '234493' cve_id: '128548' title: Corporate Agent 18 description: Rule suspicious endpoint investigation firewall suspicious blocked configured. severity: CRITICAL cvss_score: 7.06 cvss_vector: example-cvss_vector cwe: example-cwe affected_products: *id001 fixed_versions: *id002 workarounds: example-workarounds exploit_status: None published_date: '2025-03-02T01:26:35Z' last_modified_date: '2025-08-23T12:10:49Z' references: *id003 '400': description: Invalid advisory ID format. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAdvisory400Example: summary: Default getAdvisory 400 response x-microcks-default: true value: error: example-error message: Malware on activity detected policy configured investigation rule Security alert network alert. '404': description: Advisory not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAdvisory404Example: summary: Default getAdvisory 404 response x-microcks-default: true value: error: example-error message: Malware on activity detected policy configured investigation rule Security alert network alert. '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAdvisory500Example: summary: Default getAdvisory 500 response x-microcks-default: true value: error: example-error message: Malware on activity detected policy configured investigation rule Security alert network alert. x-microcks-operation: delay: 0 dispatcher: FALLBACK /advisories/cve/{cve_id}: get: operationId: getAdvisoryByCVE summary: Palo Alto Networks Get Advisories by CVE ID description: >- Returns all security advisories associated with a specific CVE identifier. A single CVE may be referenced in multiple advisories when the vulnerability affects several Palo Alto Networks products. Returns an array of matching advisory objects. tags: - Advisories parameters: - name: cve_id in: path required: true description: CVE identifier (e.g., CVE-2024-3400). schema: type: string pattern: '^CVE-\d{4}-\d{4,}$' example: '764107' responses: '200': description: Advisories for the CVE returned. content: application/json: schema: type: object properties: total: type: integer description: Number of advisories found for the CVE. data: type: array items: $ref: '#/components/schemas/Advisory' examples: GetAdvisoryByCve200Example: summary: Default getAdvisoryByCVE 200 response x-microcks-default: true value: total: 539 data: - advisory_id: '234493' cve_id: '128548' title: Corporate Agent 18 description: Rule suspicious endpoint investigation firewall suspicious blocked configured. severity: CRITICAL cvss_score: 7.06 cvss_vector: example-cvss_vector cwe: example-cwe affected_products: *id001 fixed_versions: *id002 workarounds: example-workarounds exploit_status: None published_date: '2025-03-02T01:26:35Z' last_modified_date: '2025-08-23T12:10:49Z' references: *id003 '400': description: Invalid CVE ID format. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAdvisoryByCve400Example: summary: Default getAdvisoryByCVE 400 response x-microcks-default: true value: error: example-error message: Malware on activity detected policy configured investigation rule Security alert network alert. '404': description: No advisories found for the specified CVE. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAdvisoryByCve404Example: summary: Default getAdvisoryByCVE 404 response x-microcks-default: true value: error: example-error message: Malware on activity detected policy configured investigation rule Security alert network alert. '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetAdvisoryByCve500Example: summary: Default getAdvisoryByCVE 500 response x-microcks-default: true value: error: example-error message: Malware on activity detected policy configured investigation rule Security alert network alert. x-microcks-operation: delay: 0 dispatcher: FALLBACK /products: get: operationId: listAffectedProducts summary: Palo Alto Networks List Affected Products description: >- Returns the list of Palo Alto Networks products that are referenced in at least one published security advisory. Use the product names returned by this endpoint as values for the affected_product filter on the /advisories endpoint. tags: - Products responses: '200': description: Product list returned. content: application/json: schema: type: object properties: total: type: integer description: Total number of distinct products. data: type: array items: $ref: '#/components/schemas/Product' examples: ListAffectedProducts200Example: summary: Default listAffectedProducts 200 response x-microcks-default: true value: total: 720 data: - name: Branch Sensor 28 advisory_count: 776 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListAffectedProducts500Example: summary: Default listAffectedProducts 500 response x-microcks-default: true value: error: example-error message: Malware on activity detected policy configured investigation rule Security alert network alert. x-microcks-operation: delay: 0 dispatcher: FALLBACK components: schemas: Advisory: type: object description: A PSIRT security advisory for a Palo Alto Networks product. properties: advisory_id: type: string description: Palo Alto Networks advisory identifier (e.g., PAN-SA-2024-0001). example: '234493' cve_id: type: string description: CVE identifier (e.g., CVE-2024-3400). example: '128548' title: type: string description: Advisory title summarizing the vulnerability. example: Corporate Agent 18 description: type: string description: >- Detailed description of the vulnerability including impact and attack vector. example: Rule suspicious endpoint investigation firewall suspicious blocked configured. severity: type: string enum: - NONE - LOW - MEDIUM - HIGH - CRITICAL description: Severity rating based on CVSS v3.1 base score. example: CRITICAL cvss_score: type: number description: CVSS v3.1 base score (0.0 to 10.0). minimum: 0.0 maximum: 10.0 example: 7.06 cvss_vector: type: string description: >- CVSS v3.1 vector string (e.g., CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). example: example-cvss_vector cwe: type: string description: CWE identifier for the vulnerability class. example: example-cwe affected_products: type: array description: Products and version ranges affected by this vulnerability. items: $ref: '#/components/schemas/AffectedProduct' example: *id001 fixed_versions: type: array items: type: string description: Product versions in which the vulnerability is fixed. example: *id002 workarounds: type: string description: Available workarounds or mitigations if a fix is not yet deployed. example: example-workarounds exploit_status: type: string enum: - None - Proof-of-Concept - Active description: Known exploit activity status. example: None published_date: type: string format: date-time description: Date and time when the advisory was first published. example: '2025-03-02T01:26:35Z' last_modified_date: type: string format: date-time description: Date and time of the most recent advisory update. example: '2025-08-23T12:10:49Z' references: type: array items: type: object properties: url: type: string format: uri description: Reference URL. example: https://vpn.example.com/5d2cff description: type: string description: Description of the referenced resource. example: Alert applied malware detected violation endpoint alert malware detected. description: External references and related advisories. example: *id003 AffectedProduct: type: object properties: product: type: string description: Product name (e.g., PAN-OS, Cortex XDR Agent). example: example-product versions: type: array items: type: object properties: version: type: string description: Affected version or version range. example: 10.8.8 status: type: string enum: - Affected - Unaffected - Fixed description: Vulnerability status for this version. example: Affected example: - version: 1.3.1 status: Unaffected - version: 4.2.5 status: Fixed Product: type: object properties: name: type: string description: Product name as referenced in advisories. example: Branch Sensor 28 advisory_count: type: integer description: Number of published advisories referencing this product. example: 776 ErrorResponse: type: object properties: error: type: string description: Error code identifying the error type. example: example-error message: type: string description: Human-readable description of the error. example: Malware on activity detected policy configured investigation rule Security alert network alert.