openapi: 3.1.0 info: title: Palo Alto Networks Strata Cloud Manager API description: >- Unified cloud-based management API for Palo Alto Networks Strata Cloud Manager (SCM). Provides centralized configuration management for next-generation firewalls, Prisma Access, and SASE deployments through a single REST API. Supports managing security rules, address objects, address groups, service objects, NAT rules, and configuration deployment across all managed devices and tenants. Authentication uses OAuth 2.0 bearer tokens obtained from the Palo Alto Networks identity provider using a client credentials grant. All configuration changes are staged and must be pushed to devices via the config-versions push endpoint. version: '1.0' contact: name: Palo Alto Networks Developer Support url: https://pan.dev/scm/ license: name: Proprietary url: https://www.paloaltonetworks.com/legal servers: - url: https://api.strata.paloaltonetworks.com description: Strata Cloud Manager API production endpoint. security: - bearerAuth: [] tags: - name: Addresses description: Address object management. - name: AddressGroups description: Address group management. - name: Configuration description: Configuration versioning and deployment operations. - name: Jobs description: Asynchronous job status tracking. - name: NATRules description: NAT policy rule management. - name: SecurityRules description: Security policy rule management. paths: /sse/config/v1/addresses: get: operationId: listAddresses summary: Palo Alto Networks List Address Objects description: >- Returns a paginated list of address objects in the specified folder, snippet, or device scope. Address objects represent IP addresses, subnets, IP ranges, or FQDNs used in security policy rules. tags: - Addresses parameters: - $ref: '#/components/parameters/folder' - $ref: '#/components/parameters/snippet' - $ref: '#/components/parameters/device' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - name: name in: query description: Filter by address object name (exact match). schema: type: string example: Primary Policy 56 responses: '200': description: Address objects returned successfully. content: application/json: schema: $ref: '#/components/schemas/AddressList' examples: ListAddresses200Example: summary: Default listAddresses 200 response x-microcks-default: true value: data: &id041 - id: 9385c1f9-7f72-49a5-a1d6-896aaa11ae6a name: Branch Sensor 50 folder: example-folder snippet: example-snippet ip_netmask: example-ip_netmask ip_range: example-ip_range ip_wildcard: example-ip_wildcard fqdn: login.test-corp.net description: Alert investigation incident violation rule Security investigation endpoint Security activity on on. tag: &id001 - pci-scope - production offset: 347 total: 788 limit: 478 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createAddress summary: Palo Alto Networks Create Address Object description: >- Creates a new address object in the specified folder or snippet. Exactly one address type field (ip_netmask, ip_range, ip_wildcard, or fqdn) must be provided. The name must be unique within the scope. tags: - Addresses parameters: - $ref: '#/components/parameters/folder' - $ref: '#/components/parameters/snippet' - $ref: '#/components/parameters/device' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AddressRequest' examples: CreateAddressRequestExample: summary: Default createAddress request x-microcks-default: true value: name: Corporate Policy 65 ip_netmask: example-ip_netmask ip_range: example-ip_range ip_wildcard: example-ip_wildcard fqdn: mail.test-corp.net description: Traffic suspicious alert policy Security malware. tag: &id002 - production responses: '201': description: Address object created successfully. content: application/json: schema: $ref: '#/components/schemas/Address' examples: CreateAddress201Example: summary: Default createAddress 201 response x-microcks-default: true value: id: 9385c1f9-7f72-49a5-a1d6-896aaa11ae6a name: Branch Sensor 50 folder: example-folder snippet: example-snippet ip_netmask: example-ip_netmask ip_range: example-ip_range ip_wildcard: example-ip_wildcard fqdn: login.test-corp.net description: Alert investigation incident violation rule Security investigation endpoint Security activity on on. tag: *id001 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '409': $ref: '#/components/responses/Conflict' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sse/config/v1/addresses/{id}: get: operationId: getAddress summary: Palo Alto Networks Get Address Object description: Returns a single address object by its unique identifier. tags: - Addresses parameters: - $ref: '#/components/parameters/id' responses: '200': description: Address object returned successfully. content: application/json: schema: $ref: '#/components/schemas/Address' examples: GetAddress200Example: summary: Default getAddress 200 response x-microcks-default: true value: id: 9385c1f9-7f72-49a5-a1d6-896aaa11ae6a name: Branch Sensor 50 folder: example-folder snippet: example-snippet ip_netmask: example-ip_netmask ip_range: example-ip_range ip_wildcard: example-ip_wildcard fqdn: login.test-corp.net description: Alert investigation incident violation rule Security investigation endpoint Security activity on on. tag: *id001 '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK put: operationId: updateAddress summary: Palo Alto Networks Update Address Object description: >- Updates an existing address object by its unique identifier. The entire object must be provided as this performs a full replacement. tags: - Addresses parameters: - $ref: '#/components/parameters/id' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AddressRequest' examples: UpdateAddressRequestExample: summary: Default updateAddress request x-microcks-default: true value: name: Corporate Policy 65 ip_netmask: example-ip_netmask ip_range: example-ip_range ip_wildcard: example-ip_wildcard fqdn: mail.test-corp.net description: Traffic suspicious alert policy Security malware. tag: *id002 responses: '200': description: Address object updated successfully. content: application/json: schema: $ref: '#/components/schemas/Address' examples: UpdateAddress200Example: summary: Default updateAddress 200 response x-microcks-default: true value: id: 9385c1f9-7f72-49a5-a1d6-896aaa11ae6a name: Branch Sensor 50 folder: example-folder snippet: example-snippet ip_netmask: example-ip_netmask ip_range: example-ip_range ip_wildcard: example-ip_wildcard fqdn: login.test-corp.net description: Alert investigation incident violation rule Security investigation endpoint Security activity on on. tag: *id001 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: operationId: deleteAddress summary: Palo Alto Networks Delete Address Object description: >- Deletes an address object by its unique identifier. The object must not be referenced by any security rules or address groups. tags: - Addresses parameters: - $ref: '#/components/parameters/id' responses: '200': description: Address object deleted successfully. content: application/json: schema: $ref: '#/components/schemas/DeleteResponse' examples: DeleteAddress200Example: summary: Default deleteAddress 200 response x-microcks-default: true value: id: example-id '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '409': $ref: '#/components/responses/Conflict' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sse/config/v1/address-groups: get: operationId: listAddressGroups summary: Palo Alto Networks List Address Groups description: >- Returns a paginated list of address groups in the specified scope. Groups can be static with explicit member lists or dynamic with tag-based filter expressions. tags: - AddressGroups parameters: - $ref: '#/components/parameters/folder' - $ref: '#/components/parameters/snippet' - $ref: '#/components/parameters/device' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - name: name in: query description: Filter by address group name. schema: type: string example: Staging Policy 94 responses: '200': description: Address groups returned successfully. content: application/json: schema: $ref: '#/components/schemas/AddressGroupList' examples: ListAddressGroups200Example: summary: Default listAddressGroups 200 response x-microcks-default: true value: data: &id042 - id: 33746651-164a-49e5-aab4-9062bb91355a name: Staging Firewall 43 folder: example-folder static: &id003 - example-static_item - example-static_item dynamic: &id004 filter: example-filter description: Detected activity rule alert activity violation blocked threat monitoring traffic alert. tag: &id005 - critical-asset - id: 33746651-164a-49e5-aab4-9062bb91355a name: Staging Firewall 43 folder: example-folder static: *id003 dynamic: *id004 description: Detected activity rule alert activity violation blocked threat monitoring traffic alert. tag: *id005 offset: 350 total: 934 limit: 51 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createAddressGroup summary: Palo Alto Networks Create Address Group description: >- Creates a new address group. Provide either a static member list or a dynamic filter expression, not both. tags: - AddressGroups parameters: - $ref: '#/components/parameters/folder' - $ref: '#/components/parameters/snippet' - $ref: '#/components/parameters/device' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AddressGroupRequest' examples: CreateAddressGroupRequestExample: summary: Default createAddressGroup request x-microcks-default: true value: name: Staging Gateway 56 static: &id006 - example-static_item dynamic: &id007 filter: example-filter description: Rule violation policy traffic activity traffic applied firewall traffic traffic. tag: &id008 - production - critical-asset responses: '201': description: Address group created successfully. content: application/json: schema: $ref: '#/components/schemas/AddressGroup' examples: CreateAddressGroup201Example: summary: Default createAddressGroup 201 response x-microcks-default: true value: id: 33746651-164a-49e5-aab4-9062bb91355a name: Staging Firewall 43 folder: example-folder static: *id003 dynamic: *id004 description: Detected activity rule alert activity violation blocked threat monitoring traffic alert. tag: *id005 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '409': $ref: '#/components/responses/Conflict' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sse/config/v1/address-groups/{id}: get: operationId: getAddressGroup summary: Palo Alto Networks Get Address Group description: Returns a single address group by its unique identifier. tags: - AddressGroups parameters: - $ref: '#/components/parameters/id' responses: '200': description: Address group returned successfully. content: application/json: schema: $ref: '#/components/schemas/AddressGroup' examples: GetAddressGroup200Example: summary: Default getAddressGroup 200 response x-microcks-default: true value: id: 33746651-164a-49e5-aab4-9062bb91355a name: Staging Firewall 43 folder: example-folder static: *id003 dynamic: *id004 description: Detected activity rule alert activity violation blocked threat monitoring traffic alert. tag: *id005 '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK put: operationId: updateAddressGroup summary: Palo Alto Networks Update Address Group description: Updates an existing address group by its unique identifier. tags: - AddressGroups parameters: - $ref: '#/components/parameters/id' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AddressGroupRequest' examples: UpdateAddressGroupRequestExample: summary: Default updateAddressGroup request x-microcks-default: true value: name: Staging Gateway 56 static: *id006 dynamic: *id007 description: Rule violation policy traffic activity traffic applied firewall traffic traffic. tag: *id008 responses: '200': description: Address group updated successfully. content: application/json: schema: $ref: '#/components/schemas/AddressGroup' examples: UpdateAddressGroup200Example: summary: Default updateAddressGroup 200 response x-microcks-default: true value: id: 33746651-164a-49e5-aab4-9062bb91355a name: Staging Firewall 43 folder: example-folder static: *id003 dynamic: *id004 description: Detected activity rule alert activity violation blocked threat monitoring traffic alert. tag: *id005 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: operationId: deleteAddressGroup summary: Palo Alto Networks Delete Address Group description: Deletes an address group by its unique identifier. tags: - AddressGroups parameters: - $ref: '#/components/parameters/id' responses: '200': description: Address group deleted successfully. content: application/json: schema: $ref: '#/components/schemas/DeleteResponse' examples: DeleteAddressGroup200Example: summary: Default deleteAddressGroup 200 response x-microcks-default: true value: id: example-id '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sse/config/v1/services: get: operationId: listServices summary: Palo Alto Networks List Service Objects description: >- Returns a paginated list of service objects in the specified scope. Service objects define TCP or UDP protocol and port combinations used in security policy rules. tags: [] parameters: - $ref: '#/components/parameters/folder' - $ref: '#/components/parameters/snippet' - $ref: '#/components/parameters/device' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - name: name in: query description: Filter by service object name. schema: type: string example: Branch Sensor 70 responses: '200': description: Service objects returned successfully. content: application/json: schema: $ref: '#/components/schemas/ServiceList' examples: ListServices200Example: summary: Default listServices 200 response x-microcks-default: true value: data: &id043 - id: f1e1fe13-6c3a-4dea-b1dc-e44892e05494 name: Branch Sensor 76 folder: example-folder protocol: &id009 tcp: port: example-port source_port: example-source_port udp: port: example-port source_port: example-source_port description: Endpoint threat threat activity malware suspicious Security. tag: &id010 - pci-scope - critical-asset - id: f1e1fe13-6c3a-4dea-b1dc-e44892e05494 name: Branch Sensor 76 folder: example-folder protocol: *id009 description: Endpoint threat threat activity malware suspicious Security. tag: *id010 offset: 54 total: 212 limit: 593 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createService summary: Palo Alto Networks Create Service Object description: >- Creates a new service object defining a TCP or UDP protocol with destination port or port range. tags: [] parameters: - $ref: '#/components/parameters/folder' - $ref: '#/components/parameters/snippet' - $ref: '#/components/parameters/device' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ServiceRequest' examples: CreateServiceRequestExample: summary: Default createService request x-microcks-default: true value: name: Primary Firewall 91 protocol: &id011 tcp: port: example-port source_port: example-source_port udp: port: example-port source_port: example-source_port description: Configured blocked malware violation on malware on threat. tag: &id012 - critical-asset responses: '201': description: Service object created successfully. content: application/json: schema: $ref: '#/components/schemas/Service' examples: CreateService201Example: summary: Default createService 201 response x-microcks-default: true value: id: f1e1fe13-6c3a-4dea-b1dc-e44892e05494 name: Branch Sensor 76 folder: example-folder protocol: *id009 description: Endpoint threat threat activity malware suspicious Security. tag: *id010 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '409': $ref: '#/components/responses/Conflict' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sse/config/v1/services/{id}: get: operationId: getService summary: Palo Alto Networks Get Service Object description: Returns a single service object by its unique identifier. tags: [] parameters: - $ref: '#/components/parameters/id' responses: '200': description: Service object returned successfully. content: application/json: schema: $ref: '#/components/schemas/Service' examples: GetService200Example: summary: Default getService 200 response x-microcks-default: true value: id: f1e1fe13-6c3a-4dea-b1dc-e44892e05494 name: Branch Sensor 76 folder: example-folder protocol: *id009 description: Endpoint threat threat activity malware suspicious Security. tag: *id010 '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK put: operationId: updateService summary: Palo Alto Networks Update Service Object description: Updates an existing service object by its unique identifier. tags: [] parameters: - $ref: '#/components/parameters/id' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ServiceRequest' examples: UpdateServiceRequestExample: summary: Default updateService request x-microcks-default: true value: name: Primary Firewall 91 protocol: *id011 description: Configured blocked malware violation on malware on threat. tag: *id012 responses: '200': description: Service object updated successfully. content: application/json: schema: $ref: '#/components/schemas/Service' examples: UpdateService200Example: summary: Default updateService 200 response x-microcks-default: true value: id: f1e1fe13-6c3a-4dea-b1dc-e44892e05494 name: Branch Sensor 76 folder: example-folder protocol: *id009 description: Endpoint threat threat activity malware suspicious Security. tag: *id010 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: operationId: deleteService summary: Palo Alto Networks Delete Service Object description: Deletes a service object by its unique identifier. tags: [] parameters: - $ref: '#/components/parameters/id' responses: '200': description: Service object deleted successfully. content: application/json: schema: $ref: '#/components/schemas/DeleteResponse' examples: DeleteService200Example: summary: Default deleteService 200 response x-microcks-default: true value: id: example-id '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sse/config/v1/security-rules: get: operationId: listSecurityRules summary: Palo Alto Networks List Security Rules description: >- Returns a paginated list of security rules in the specified scope and rulebase position. Security rules define traffic forwarding and inspection policy applied to network traffic through managed firewalls. tags: - SecurityRules parameters: - $ref: '#/components/parameters/folder' - $ref: '#/components/parameters/snippet' - $ref: '#/components/parameters/device' - $ref: '#/components/parameters/position' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - name: name in: query description: Filter by rule name. schema: type: string example: Corporate Sensor 54 responses: '200': description: Security rules returned successfully. content: application/json: schema: $ref: '#/components/schemas/SecurityRuleList' examples: ListSecurityRules200Example: summary: Default listSecurityRules 200 response x-microcks-default: true value: data: &id044 - id: 6c72fa83-24c0-4558-897f-a344aa4b1076 name: Branch Firewall 85 folder: example-folder position: post from: &id013 - example-from_item to: &id014 - example-to_item - example-to_item source: &id015 - example-source_item - example-source_item destination: &id016 - example-destination_item - example-destination_item source_user: &id017 - example-source_user_item application: &id018 - ssl service: &id019 - example-service_item - example-service_item category: &id020 - advanced action: reset-both log_setting: example-log_setting profile_setting: &id021 group: - example-group_item - example-group_item disabled: false description: Alert activity firewall malware traffic incident Security configured rule. tag: &id022 - critical-asset - id: 6c72fa83-24c0-4558-897f-a344aa4b1076 name: Branch Firewall 85 folder: example-folder position: post from: *id013 to: *id014 source: *id015 destination: *id016 source_user: *id017 application: *id018 service: *id019 category: *id020 action: reset-both log_setting: example-log_setting profile_setting: *id021 disabled: false description: Alert activity firewall malware traffic incident Security configured rule. tag: *id022 offset: 977 total: 964 limit: 574 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createSecurityRule summary: Palo Alto Networks Create Security Rule description: >- Creates a new security rule in the specified folder or snippet at the given rulebase position. The rule defines matching criteria including source and destination zones, addresses, applications, and services. tags: - SecurityRules parameters: - $ref: '#/components/parameters/folder' - $ref: '#/components/parameters/snippet' - $ref: '#/components/parameters/device' - $ref: '#/components/parameters/position' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SecurityRuleRequest' examples: CreateSecurityRuleRequestExample: summary: Default createSecurityRule request x-microcks-default: true value: name: Staging Policy 74 from: &id023 - any to: &id024 - any source: &id025 - any destination: &id026 - any source_user: &id027 - example-source_user_item application: &id028 - any service: &id029 - application-default category: &id030 - standard action: allow log_setting: example-log_setting profile_setting: &id031 group: - example-group_item - example-group_item disabled: false description: Threat applied on alert monitoring incident rule on monitoring. tag: &id032 - critical-asset - production responses: '201': description: Security rule created successfully. content: application/json: schema: $ref: '#/components/schemas/SecurityRule' examples: CreateSecurityRule201Example: summary: Default createSecurityRule 201 response x-microcks-default: true value: id: 6c72fa83-24c0-4558-897f-a344aa4b1076 name: Branch Firewall 85 folder: example-folder position: post from: *id013 to: *id014 source: *id015 destination: *id016 source_user: *id017 application: *id018 service: *id019 category: *id020 action: reset-both log_setting: example-log_setting profile_setting: *id021 disabled: false description: Alert activity firewall malware traffic incident Security configured rule. tag: *id022 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '409': $ref: '#/components/responses/Conflict' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sse/config/v1/security-rules/{id}: get: operationId: getSecurityRule summary: Palo Alto Networks Get Security Rule description: Returns a single security rule by its unique identifier. tags: - SecurityRules parameters: - $ref: '#/components/parameters/id' - $ref: '#/components/parameters/position' responses: '200': description: Security rule returned successfully. content: application/json: schema: $ref: '#/components/schemas/SecurityRule' examples: GetSecurityRule200Example: summary: Default getSecurityRule 200 response x-microcks-default: true value: id: 6c72fa83-24c0-4558-897f-a344aa4b1076 name: Branch Firewall 85 folder: example-folder position: post from: *id013 to: *id014 source: *id015 destination: *id016 source_user: *id017 application: *id018 service: *id019 category: *id020 action: reset-both log_setting: example-log_setting profile_setting: *id021 disabled: false description: Alert activity firewall malware traffic incident Security configured rule. tag: *id022 '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK put: operationId: updateSecurityRule summary: Palo Alto Networks Update Security Rule description: >- Updates an existing security rule by its unique identifier. The entire rule object must be provided as this performs a full replacement. tags: - SecurityRules parameters: - $ref: '#/components/parameters/id' - $ref: '#/components/parameters/position' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SecurityRuleRequest' examples: UpdateSecurityRuleRequestExample: summary: Default updateSecurityRule request x-microcks-default: true value: name: Staging Policy 74 from: *id023 to: *id024 source: *id025 destination: *id026 source_user: *id027 application: *id028 service: *id029 category: *id030 action: allow log_setting: example-log_setting profile_setting: *id031 disabled: false description: Threat applied on alert monitoring incident rule on monitoring. tag: *id032 responses: '200': description: Security rule updated successfully. content: application/json: schema: $ref: '#/components/schemas/SecurityRule' examples: UpdateSecurityRule200Example: summary: Default updateSecurityRule 200 response x-microcks-default: true value: id: 6c72fa83-24c0-4558-897f-a344aa4b1076 name: Branch Firewall 85 folder: example-folder position: post from: *id013 to: *id014 source: *id015 destination: *id016 source_user: *id017 application: *id018 service: *id019 category: *id020 action: reset-both log_setting: example-log_setting profile_setting: *id021 disabled: false description: Alert activity firewall malware traffic incident Security configured rule. tag: *id022 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: operationId: deleteSecurityRule summary: Palo Alto Networks Delete Security Rule description: Deletes a security rule by its unique identifier. tags: - SecurityRules parameters: - $ref: '#/components/parameters/id' responses: '200': description: Security rule deleted successfully. content: application/json: schema: $ref: '#/components/schemas/DeleteResponse' examples: DeleteSecurityRule200Example: summary: Default deleteSecurityRule 200 response x-microcks-default: true value: id: example-id '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sse/config/v1/nat-rules: get: operationId: listNatRules summary: Palo Alto Networks List NAT Rules description: >- Returns a paginated list of NAT rules in the specified scope. NAT rules define source and destination address translation policies. tags: - NATRules parameters: - $ref: '#/components/parameters/folder' - $ref: '#/components/parameters/snippet' - $ref: '#/components/parameters/device' - $ref: '#/components/parameters/position' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - name: name in: query description: Filter by NAT rule name. schema: type: string example: Primary Sensor 79 responses: '200': description: NAT rules returned successfully. content: application/json: schema: $ref: '#/components/schemas/NatRuleList' examples: ListNatRules200Example: summary: Default listNatRules 200 response x-microcks-default: true value: data: &id052 - id: c0e38509-af62-4dd8-98d7-f4b3d68d793e name: Primary Sensor 71 folder: example-folder position: post from: &id033 - example-from_item to: &id034 - example-to_item source: &id035 - example-source_item destination: &id036 - example-destination_item service: example-service source_translation: &id037 dynamic_ip_and_port: translated_address: - example-translated_address_item static_ip: translated_address: example-translated_address bi_directional: false destination_translation: &id038 translated_address: example-translated_address translated_port: 475 nat_type: nptv6 disabled: false description: Detected firewall applied network alert violation suspicious investigation. tag: &id039 - critical-asset offset: 459 total: 479 limit: 624 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createNatRule summary: Palo Alto Networks Create NAT Rule description: Creates a new NAT rule in the specified folder or snippet. tags: - NATRules parameters: - $ref: '#/components/parameters/folder' - $ref: '#/components/parameters/snippet' - $ref: '#/components/parameters/device' - $ref: '#/components/parameters/position' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/NatRuleRequest' examples: CreateNatRuleRequestExample: summary: Default createNatRule request x-microcks-default: true value: name: Production Agent 98 from: &id045 - example-from_item to: &id046 - example-to_item - example-to_item source: &id047 - example-source_item - example-source_item destination: &id048 - example-destination_item - example-destination_item service: example-service source_translation: &id049 dynamic_ip_and_port: translated_address: - example-translated_address_item - example-translated_address_item static_ip: translated_address: example-translated_address bi_directional: true destination_translation: &id050 translated_address: example-translated_address translated_port: 210 disabled: false description: Activity violation Security firewall applied violation investigation suspicious blocked activity. tag: &id051 - pci-scope responses: '201': description: NAT rule created successfully. content: application/json: schema: $ref: '#/components/schemas/NatRule' examples: CreateNatRule201Example: summary: Default createNatRule 201 response x-microcks-default: true value: id: c0e38509-af62-4dd8-98d7-f4b3d68d793e name: Primary Sensor 71 folder: example-folder position: post from: *id033 to: *id034 source: *id035 destination: *id036 service: example-service source_translation: *id037 destination_translation: *id038 nat_type: nptv6 disabled: false description: Detected firewall applied network alert violation suspicious investigation. tag: *id039 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '409': $ref: '#/components/responses/Conflict' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sse/config/v1/config-versions/candidate:push: post: operationId: pushCandidateConfig summary: Palo Alto Networks Push Candidate Configuration description: >- Pushes the candidate configuration to managed devices in the specified folders. This operation deploys all staged configuration changes to target firewalls and Prisma Access nodes. Returns a job ID that can be polled to track push operation status. tags: - Configuration requestBody: required: true content: application/json: schema: type: object required: - folders properties: folders: type: array items: type: string description: >- Folder names to push configuration for (e.g., Shared, Mobile Users, Remote Networks, Service Connections). example: &id040 - Shared - Mobile Users description: type: string description: Optional description for this push operation. examples: PushCandidateConfigRequestExample: summary: Default pushCandidateConfig request x-microcks-default: true value: folders: *id040 description: Endpoint investigation endpoint configured suspicious network blocked traffic incident blocked. responses: '200': description: Configuration push job initiated successfully. content: application/json: schema: type: object properties: success: type: boolean job_id: type: string description: Job ID for tracking push status via GET /sse/config/v1/jobs/{id}. message: type: string examples: PushCandidateConfig200Example: summary: Default pushCandidateConfig 200 response x-microcks-default: true value: success: true job_id: '603390' message: Endpoint traffic endpoint alert activity blocked. '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' x-microcks-operation: delay: 0 dispatcher: FALLBACK /sse/config/v1/jobs/{id}: get: operationId: getJob summary: Palo Alto Networks Get Job Status description: >- Returns the current status and result of an asynchronous job such as a configuration push or commit operation. tags: - Jobs parameters: - name: id in: path required: true description: Job ID returned by an asynchronous operation. schema: type: string example: example-id responses: '200': description: Job status returned successfully. content: application/json: schema: $ref: '#/components/schemas/Job' examples: GetJob200Example: summary: Default getJob 200 response x-microcks-default: true value: id: example-id type: custom status: FAIL result: WARN start_ts: '2024-10-18T13:34:32Z' end_ts: '2024-01-18T09:40:35Z' percent: 437 details: &id053 {} '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK components: securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: >- OAuth 2.0 access token obtained from https://auth.apps.paloaltonetworks.com/oauth2/access_token using a client credentials grant. Generate a service account and client credentials from the Strata Cloud Manager identity settings. Tokens expire and must be refreshed periodically. parameters: id: name: id in: path required: true description: Unique identifier of the resource. schema: type: string format: uuid folder: name: folder in: query description: >- Configuration folder scope (e.g., Shared, Mobile Users, Remote Networks, Service Connections). schema: type: string snippet: name: snippet in: query description: Configuration snippet name. schema: type: string device: name: device in: query description: Device name for device-scoped configuration. schema: type: string position: name: position in: query description: Rulebase position filter. schema: type: string enum: - pre - post limit: name: limit in: query description: Maximum number of results per page. schema: type: integer default: 200 maximum: 5000 offset: name: offset in: query description: Pagination offset (number of records to skip). schema: type: integer default: 0 responses: BadRequest: description: Malformed request or invalid parameters. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' Unauthorized: description: Missing or invalid authentication token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' Forbidden: description: Insufficient permissions for the requested operation. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' NotFound: description: The requested resource was not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' Conflict: description: >- A resource with the specified name already exists or the resource cannot be modified due to existing references. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' InternalServerError: description: An internal server error occurred. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' schemas: Address: type: object description: >- An address object representing an IP address, subnet, range, or FQDN used in security policy rules. properties: id: type: string format: uuid description: Unique identifier assigned by the system. readOnly: true example: 9385c1f9-7f72-49a5-a1d6-896aaa11ae6a name: type: string description: Unique name of the address object within the folder scope. example: Branch Sensor 50 folder: type: string description: Configuration folder containing this object. readOnly: true example: example-folder snippet: type: string readOnly: true example: example-snippet ip_netmask: type: string description: IP address with CIDR netmask (e.g., 10.0.0.0/24). example: example-ip_netmask ip_range: type: string description: IP address range (e.g., 10.0.0.1-10.0.0.254). example: example-ip_range ip_wildcard: type: string description: IP wildcard mask notation. example: example-ip_wildcard fqdn: type: string description: Fully qualified domain name (e.g., www.example.com). example: login.test-corp.net description: type: string example: Alert investigation incident violation rule Security investigation endpoint Security activity on on. tag: type: array items: type: string description: Tags assigned to this address object. example: *id001 AddressRequest: type: object required: - name description: Request body for creating or updating an address object. properties: name: type: string example: Corporate Policy 65 ip_netmask: type: string description: IP address with CIDR netmask (e.g., 10.0.0.0/24). example: example-ip_netmask ip_range: type: string description: IP address range (e.g., 10.0.0.1-10.0.0.254). example: example-ip_range ip_wildcard: type: string description: IP wildcard mask notation. example: example-ip_wildcard fqdn: type: string description: Fully qualified domain name. example: mail.test-corp.net description: type: string example: Traffic suspicious alert policy Security malware. tag: type: array items: type: string example: *id002 AddressList: type: object properties: data: type: array items: $ref: '#/components/schemas/Address' example: *id041 offset: type: integer example: 347 total: type: integer example: 788 limit: type: integer example: 478 AddressGroup: type: object description: >- A group of address objects. Can be static with an explicit member list or dynamic with a tag-based filter expression. properties: id: type: string format: uuid readOnly: true example: 33746651-164a-49e5-aab4-9062bb91355a name: type: string example: Staging Firewall 43 folder: type: string readOnly: true example: example-folder static: type: array items: type: string description: List of address object names for static groups. example: *id003 dynamic: type: object properties: filter: type: string description: >- Tag-based filter expression (e.g., "'web-servers' and 'production'"). example: example-filter example: *id004 description: type: string example: Detected activity rule alert activity violation blocked threat monitoring traffic alert. tag: type: array items: type: string example: *id005 AddressGroupRequest: type: object required: - name properties: name: type: string example: Staging Gateway 56 static: type: array items: type: string example: *id006 dynamic: type: object properties: filter: type: string example: example-filter example: *id007 description: type: string example: Rule violation policy traffic activity traffic applied firewall traffic traffic. tag: type: array items: type: string example: *id008 AddressGroupList: type: object properties: data: type: array items: $ref: '#/components/schemas/AddressGroup' example: *id042 offset: type: integer example: 350 total: type: integer example: 934 limit: type: integer example: 51 Service: type: object description: >- A service object defining a protocol and port combination for use in security policy rules. properties: id: type: string format: uuid readOnly: true example: f1e1fe13-6c3a-4dea-b1dc-e44892e05494 name: type: string example: Branch Sensor 76 folder: type: string readOnly: true example: example-folder protocol: type: object properties: tcp: type: object properties: port: type: string description: TCP destination port or range (e.g., 80, 8080-8090). example: example-port source_port: type: string example: example-source_port example: port: example-port source_port: example-source_port udp: type: object properties: port: type: string description: UDP destination port or range (e.g., 53). example: example-port source_port: type: string example: example-source_port example: port: example-port source_port: example-source_port example: *id009 description: type: string example: Endpoint threat threat activity malware suspicious Security. tag: type: array items: type: string example: *id010 ServiceRequest: type: object required: - name - protocol properties: name: type: string example: Primary Firewall 91 protocol: type: object properties: tcp: type: object properties: port: type: string example: example-port source_port: type: string example: example-source_port example: port: example-port source_port: example-source_port udp: type: object properties: port: type: string example: example-port source_port: type: string example: example-source_port example: port: example-port source_port: example-source_port example: *id011 description: type: string example: Configured blocked malware violation on malware on threat. tag: type: array items: type: string example: *id012 ServiceList: type: object properties: data: type: array items: $ref: '#/components/schemas/Service' example: *id043 offset: type: integer example: 54 total: type: integer example: 212 limit: type: integer example: 593 SecurityRule: type: object description: >- A security policy rule defining traffic matching criteria and enforcement action applied by managed firewalls. properties: id: type: string format: uuid readOnly: true example: 6c72fa83-24c0-4558-897f-a344aa4b1076 name: type: string example: Branch Firewall 85 folder: type: string readOnly: true example: example-folder position: type: string enum: - pre - post example: post from: type: array items: type: string description: Source security zones. example: *id013 to: type: array items: type: string description: Destination security zones. example: *id014 source: type: array items: type: string description: Source addresses or address groups (use "any" for all). example: *id015 destination: type: array items: type: string description: Destination addresses or address groups. example: *id016 source_user: type: array items: type: string description: Source users or user groups. example: *id017 application: type: array items: type: string description: Applications to match (e.g., ssl, web-browsing). example: *id018 service: type: array items: type: string description: Service objects or application-default. example: *id019 category: type: array items: type: string description: URL categories to match. example: *id020 action: type: string enum: - allow - deny - drop - reset-client - reset-server - reset-both example: reset-both log_setting: type: string description: Log forwarding profile name. example: example-log_setting profile_setting: type: object properties: group: type: array items: type: string example: - example-group_item example: *id021 disabled: type: boolean default: false example: false description: type: string example: Alert activity firewall malware traffic incident Security configured rule. tag: type: array items: type: string example: *id022 SecurityRuleRequest: type: object required: - name - action properties: name: type: string example: Staging Policy 74 from: type: array items: type: string default: *id023 example: *id023 to: type: array items: type: string default: *id024 example: *id024 source: type: array items: type: string default: *id025 example: *id025 destination: type: array items: type: string default: *id026 example: *id026 source_user: type: array items: type: string example: *id027 application: type: array items: type: string default: *id028 example: *id028 service: type: array items: type: string default: *id029 example: *id029 category: type: array items: type: string example: *id030 action: type: string enum: - allow - deny - drop - reset-client - reset-server - reset-both example: allow log_setting: type: string example: example-log_setting profile_setting: type: object properties: group: type: array items: type: string example: - example-group_item example: *id031 disabled: type: boolean default: false example: false description: type: string example: Threat applied on alert monitoring incident rule on monitoring. tag: type: array items: type: string example: *id032 SecurityRuleList: type: object properties: data: type: array items: $ref: '#/components/schemas/SecurityRule' example: *id044 offset: type: integer example: 977 total: type: integer example: 964 limit: type: integer example: 574 NatRule: type: object description: >- A NAT policy rule defining source or destination address translation for matching traffic flows. properties: id: type: string format: uuid readOnly: true example: c0e38509-af62-4dd8-98d7-f4b3d68d793e name: type: string example: Primary Sensor 71 folder: type: string readOnly: true example: example-folder position: type: string enum: - pre - post example: post from: type: array items: type: string description: Source zones. example: *id033 to: type: array items: type: string description: Destination zones. example: *id034 source: type: array items: type: string example: *id035 destination: type: array items: type: string example: *id036 service: type: string description: Service object name or any. example: example-service source_translation: type: object properties: dynamic_ip_and_port: type: object properties: translated_address: type: array items: type: string example: - example-translated_address_item example: translated_address: - example-translated_address_item - example-translated_address_item static_ip: type: object properties: translated_address: type: string example: example-translated_address bi_directional: type: boolean example: true example: translated_address: example-translated_address bi_directional: false example: *id037 destination_translation: type: object properties: translated_address: type: string example: example-translated_address translated_port: type: integer example: 447 example: *id038 nat_type: type: string enum: - ipv4 - nat64 - nptv6 example: nptv6 disabled: type: boolean default: false example: false description: type: string example: Detected firewall applied network alert violation suspicious investigation. tag: type: array items: type: string example: *id039 NatRuleRequest: type: object required: - name properties: name: type: string example: Production Agent 98 from: type: array items: type: string example: *id045 to: type: array items: type: string example: *id046 source: type: array items: type: string example: *id047 destination: type: array items: type: string example: *id048 service: type: string example: example-service source_translation: type: object properties: dynamic_ip_and_port: type: object properties: translated_address: type: array items: type: string example: - example-translated_address_item - example-translated_address_item example: translated_address: - example-translated_address_item - example-translated_address_item static_ip: type: object properties: translated_address: type: string example: example-translated_address bi_directional: type: boolean example: false example: translated_address: example-translated_address bi_directional: false example: *id049 destination_translation: type: object properties: translated_address: type: string example: example-translated_address translated_port: type: integer example: 897 example: *id050 disabled: type: boolean example: false description: type: string example: Activity violation Security firewall applied violation investigation suspicious blocked activity. tag: type: array items: type: string example: *id051 NatRuleList: type: object properties: data: type: array items: $ref: '#/components/schemas/NatRule' example: *id052 offset: type: integer example: 459 total: type: integer example: 479 limit: type: integer example: 624 Job: type: object description: An asynchronous job tracking configuration push or commit operations. properties: id: type: string description: Unique job identifier. example: example-id type: type: string description: Job type (e.g., push, commit). example: custom status: type: string enum: - PEND - ACT - FIN - FAIL description: Current job status. example: FAIL result: type: string enum: - OK - FAIL - WARN example: WARN start_ts: type: string format: date-time description: Job start timestamp. example: '2024-10-18T13:34:32Z' end_ts: type: string format: date-time description: Job completion timestamp. example: '2024-01-18T09:40:35Z' percent: type: integer description: Job completion percentage (0-100). example: 437 details: type: object description: Additional job details and error messages. example: *id053 DeleteResponse: type: object properties: id: type: string description: Identifier of the deleted resource. example: example-id ErrorResponse: type: object properties: _errors: type: array items: type: object properties: code: type: string example: example-code message: type: string example: Investigation incident suspicious network policy network endpoint endpoint policy investigation activity. details: type: object example: {} example: - code: example-code message: Security monitoring rule configured endpoint on network blocked. details: {} - code: example-code message: Security on on threat monitoring activity policy. details: {} _request_id: type: string description: Unique request identifier for troubleshooting. example: '574499'