openapi: 3.1.0 info: title: Palo Alto Networks Strata Logging Service API description: >- Strata Logging Service API (formerly Cortex Data Lake) for log forwarding configuration management. Provides programmatic control over log forwarding profiles and their destinations including syslog servers, HTTPS endpoints, and email recipients. Enables centralized management of where SASE and NGFW log data is forwarded for SIEM integration, compliance archival, and security operations workflows. version: '1.0' contact: name: Palo Alto Networks Developer Support url: https://pan.dev/ license: name: Proprietary url: https://www.paloaltonetworks.com/legal servers: - url: https://api.sase.paloaltonetworks.com/logging-service/v1 description: Strata Logging Service API production server. security: - oauth2Bearer: [] tags: - name: Email Destinations description: Email forwarding destination management. - name: HTTPS Destinations description: HTTPS forwarding destination management. - name: Log Forwarding Profiles description: Log forwarding profile management. - name: Syslog Destinations description: Syslog forwarding destination management. paths: /log-forwarding-profiles: get: operationId: listLogForwardingProfiles summary: Palo Alto Networks List Log Forwarding Profiles description: >- Returns the list of log forwarding profiles configured for the tenant. Each profile can have multiple destinations of different types and defines which log types are forwarded. tags: - Log Forwarding Profiles parameters: - name: offset in: query description: Number of results to skip for pagination. schema: type: integer default: 0 example: 0 - name: limit in: query description: Maximum number of profiles to return. schema: type: integer default: 50 maximum: 200 example: 50 responses: '200': description: Log forwarding profiles returned. content: application/json: schema: type: object properties: total: type: integer offset: type: integer limit: type: integer items: type: array items: $ref: '#/components/schemas/LogForwardingProfile' examples: ListLogForwardingProfiles200Example: summary: Default listLogForwardingProfiles 200 response x-microcks-default: true value: total: 43 offset: 34 limit: 885 items: - profile_id: '960762' name: Branch Sensor 06 description: Threat monitoring investigation activity configured rule firewall traffic blocked investigation suspicious monitoring. log_types: &id001 - config enabled: false destination_count: 931 created_at: '2026-06-18T01:07:29Z' updated_at: '2026-10-01T15:28:36Z' '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListLogForwardingProfiles401Example: summary: Default listLogForwardingProfiles 401 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListLogForwardingProfiles403Example: summary: Default listLogForwardingProfiles 403 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListLogForwardingProfiles500Example: summary: Default listLogForwardingProfiles 500 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createLogForwardingProfile summary: Palo Alto Networks Create Log Forwarding Profile description: >- Creates a new log forwarding profile. After creating a profile, add destinations using the destination-specific endpoints. tags: - Log Forwarding Profiles requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/LogForwardingProfileRequest' examples: CreateLogForwardingProfileRequestExample: summary: Default createLogForwardingProfile request x-microcks-default: true value: name: Staging Gateway 28 description: Applied detected endpoint blocked malware detected suspicious Security on investigation configured endpoint. log_types: &id002 - auth enabled: true responses: '201': description: Log forwarding profile created successfully. content: application/json: schema: $ref: '#/components/schemas/LogForwardingProfile' examples: CreateLogForwardingProfile201Example: summary: Default createLogForwardingProfile 201 response x-microcks-default: true value: profile_id: '960762' name: Branch Sensor 06 description: Threat monitoring investigation activity configured rule firewall traffic blocked investigation suspicious monitoring. log_types: *id001 enabled: false destination_count: 931 created_at: '2026-06-18T01:07:29Z' updated_at: '2026-10-01T15:28:36Z' '400': description: Invalid request body. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateLogForwardingProfile400Example: summary: Default createLogForwardingProfile 400 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateLogForwardingProfile401Example: summary: Default createLogForwardingProfile 401 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateLogForwardingProfile403Example: summary: Default createLogForwardingProfile 403 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateLogForwardingProfile500Example: summary: Default createLogForwardingProfile 500 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 x-microcks-operation: delay: 0 dispatcher: FALLBACK /log-forwarding-profiles/{profile_id}: get: operationId: getLogForwardingProfile summary: Palo Alto Networks Get Log Forwarding Profile description: Returns full details for a specific log forwarding profile. tags: - Log Forwarding Profiles parameters: - name: profile_id in: path required: true description: Unique identifier of the log forwarding profile. schema: type: string example: '275381' responses: '200': description: Log forwarding profile details returned. content: application/json: schema: $ref: '#/components/schemas/LogForwardingProfile' examples: GetLogForwardingProfile200Example: summary: Default getLogForwardingProfile 200 response x-microcks-default: true value: profile_id: '960762' name: Branch Sensor 06 description: Threat monitoring investigation activity configured rule firewall traffic blocked investigation suspicious monitoring. log_types: *id001 enabled: false destination_count: 931 created_at: '2026-06-18T01:07:29Z' updated_at: '2026-10-01T15:28:36Z' '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetLogForwardingProfile401Example: summary: Default getLogForwardingProfile 401 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetLogForwardingProfile403Example: summary: Default getLogForwardingProfile 403 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '404': description: Log forwarding profile not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetLogForwardingProfile404Example: summary: Default getLogForwardingProfile 404 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetLogForwardingProfile500Example: summary: Default getLogForwardingProfile 500 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 x-microcks-operation: delay: 0 dispatcher: FALLBACK put: operationId: updateLogForwardingProfile summary: Palo Alto Networks Update Log Forwarding Profile description: Updates an existing log forwarding profile configuration. tags: - Log Forwarding Profiles parameters: - name: profile_id in: path required: true description: Unique identifier of the log forwarding profile to update. schema: type: string example: '711652' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/LogForwardingProfileRequest' examples: UpdateLogForwardingProfileRequestExample: summary: Default updateLogForwardingProfile request x-microcks-default: true value: name: Staging Gateway 28 description: Applied detected endpoint blocked malware detected suspicious Security on investigation configured endpoint. log_types: *id002 enabled: true responses: '200': description: Log forwarding profile updated successfully. content: application/json: schema: $ref: '#/components/schemas/LogForwardingProfile' examples: UpdateLogForwardingProfile200Example: summary: Default updateLogForwardingProfile 200 response x-microcks-default: true value: profile_id: '960762' name: Branch Sensor 06 description: Threat monitoring investigation activity configured rule firewall traffic blocked investigation suspicious monitoring. log_types: *id001 enabled: false destination_count: 931 created_at: '2026-06-18T01:07:29Z' updated_at: '2026-10-01T15:28:36Z' '400': description: Invalid request body. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateLogForwardingProfile400Example: summary: Default updateLogForwardingProfile 400 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateLogForwardingProfile401Example: summary: Default updateLogForwardingProfile 401 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateLogForwardingProfile403Example: summary: Default updateLogForwardingProfile 403 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '404': description: Log forwarding profile not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateLogForwardingProfile404Example: summary: Default updateLogForwardingProfile 404 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateLogForwardingProfile500Example: summary: Default updateLogForwardingProfile 500 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: operationId: deleteLogForwardingProfile summary: Palo Alto Networks Delete Log Forwarding Profile description: Deletes a log forwarding profile and all associated destinations. tags: - Log Forwarding Profiles parameters: - name: profile_id in: path required: true description: Unique identifier of the log forwarding profile to delete. schema: type: string example: '254293' responses: '204': description: Log forwarding profile deleted successfully. '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteLogForwardingProfile401Example: summary: Default deleteLogForwardingProfile 401 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteLogForwardingProfile403Example: summary: Default deleteLogForwardingProfile 403 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '404': description: Log forwarding profile not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteLogForwardingProfile404Example: summary: Default deleteLogForwardingProfile 404 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteLogForwardingProfile500Example: summary: Default deleteLogForwardingProfile 500 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 x-microcks-operation: delay: 0 dispatcher: FALLBACK /log-forwarding-profiles/{profile_id}/destinations/syslog: get: operationId: listSyslogDestinations summary: Palo Alto Networks List Syslog Destinations description: Returns the syslog destinations configured for a log forwarding profile. tags: - Syslog Destinations parameters: - name: profile_id in: path required: true description: Unique identifier of the log forwarding profile. schema: type: string example: '415149' responses: '200': description: Syslog destinations returned. content: application/json: schema: type: object properties: total: type: integer items: type: array items: $ref: '#/components/schemas/SyslogDestination' examples: ListSyslogDestinations200Example: summary: Default listSyslogDestinations 200 response x-microcks-default: true value: total: 773 items: - destination_id: '414925' name: Staging Firewall 26 server: example-server port: 226 protocol: TCP format: IETF facility: example-facility enabled: false created_at: '2025-03-07T13:34:55Z' '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListSyslogDestinations401Example: summary: Default listSyslogDestinations 401 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListSyslogDestinations403Example: summary: Default listSyslogDestinations 403 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '404': description: Log forwarding profile not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListSyslogDestinations404Example: summary: Default listSyslogDestinations 404 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListSyslogDestinations500Example: summary: Default listSyslogDestinations 500 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createSyslogDestination summary: Palo Alto Networks Create Syslog Destination description: Adds a syslog destination to a log forwarding profile. tags: - Syslog Destinations parameters: - name: profile_id in: path required: true description: Unique identifier of the log forwarding profile. schema: type: string example: '907964' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SyslogDestinationRequest' examples: CreateSyslogDestinationRequestExample: summary: Default createSyslogDestination request x-microcks-default: true value: name: Branch Sensor 93 server: example-server port: 20582 protocol: SSL format: IETF facility: LOG_USER enabled: true responses: '201': description: Syslog destination created successfully. content: application/json: schema: $ref: '#/components/schemas/SyslogDestination' examples: CreateSyslogDestination201Example: summary: Default createSyslogDestination 201 response x-microcks-default: true value: destination_id: '414925' name: Staging Firewall 26 server: example-server port: 226 protocol: TCP format: IETF facility: example-facility enabled: false created_at: '2025-03-07T13:34:55Z' '400': description: Invalid request body. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateSyslogDestination400Example: summary: Default createSyslogDestination 400 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateSyslogDestination401Example: summary: Default createSyslogDestination 401 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateSyslogDestination403Example: summary: Default createSyslogDestination 403 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '404': description: Log forwarding profile not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateSyslogDestination404Example: summary: Default createSyslogDestination 404 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateSyslogDestination500Example: summary: Default createSyslogDestination 500 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 x-microcks-operation: delay: 0 dispatcher: FALLBACK /log-forwarding-profiles/{profile_id}/destinations/https: get: operationId: listHTTPSDestinations summary: Palo Alto Networks List HTTPS Destinations description: Returns the HTTPS destinations configured for a log forwarding profile. tags: - HTTPS Destinations parameters: - name: profile_id in: path required: true description: Unique identifier of the log forwarding profile. schema: type: string example: '514363' responses: '200': description: HTTPS destinations returned. content: application/json: schema: type: object properties: total: type: integer items: type: array items: $ref: '#/components/schemas/HTTPSDestination' examples: ListHttpsdestinations200Example: summary: Default listHTTPSDestinations 200 response x-microcks-default: true value: total: 749 items: - destination_id: '447836' name: Primary Agent 22 uri: https://portal.acme-systems.org/76c1c6 http_method: POST tls_verify: true enabled: false created_at: '2025-12-06T21:23:39Z' - destination_id: '447836' name: Primary Agent 22 uri: https://portal.acme-systems.org/76c1c6 http_method: POST tls_verify: true enabled: false created_at: '2025-12-06T21:23:39Z' '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListHttpsdestinations401Example: summary: Default listHTTPSDestinations 401 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListHttpsdestinations403Example: summary: Default listHTTPSDestinations 403 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '404': description: Log forwarding profile not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListHttpsdestinations404Example: summary: Default listHTTPSDestinations 404 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListHttpsdestinations500Example: summary: Default listHTTPSDestinations 500 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createHTTPSDestination summary: Palo Alto Networks Create HTTPS Destination description: Adds an HTTPS webhook destination to a log forwarding profile. tags: - HTTPS Destinations parameters: - name: profile_id in: path required: true description: Unique identifier of the log forwarding profile. schema: type: string example: '359073' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/HTTPSDestinationRequest' examples: CreateHttpsdestinationRequestExample: summary: Default createHTTPSDestination request x-microcks-default: true value: name: Primary Gateway 87 uri: https://portal.test-corp.net/ab0d1d http_method: POST headers: &id003 {} tls_verify: true enabled: true responses: '201': description: HTTPS destination created successfully. content: application/json: schema: $ref: '#/components/schemas/HTTPSDestination' examples: CreateHttpsdestination201Example: summary: Default createHTTPSDestination 201 response x-microcks-default: true value: destination_id: '447836' name: Primary Agent 22 uri: https://portal.acme-systems.org/76c1c6 http_method: POST tls_verify: true enabled: false created_at: '2025-12-06T21:23:39Z' '400': description: Invalid request body. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateHttpsdestination400Example: summary: Default createHTTPSDestination 400 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateHttpsdestination401Example: summary: Default createHTTPSDestination 401 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateHttpsdestination403Example: summary: Default createHTTPSDestination 403 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '404': description: Log forwarding profile not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateHttpsdestination404Example: summary: Default createHTTPSDestination 404 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateHttpsdestination500Example: summary: Default createHTTPSDestination 500 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 x-microcks-operation: delay: 0 dispatcher: FALLBACK /log-forwarding-profiles/{profile_id}/destinations/email: get: operationId: listEmailDestinations summary: Palo Alto Networks List Email Destinations description: Returns the email destinations configured for a log forwarding profile. tags: - Email Destinations parameters: - name: profile_id in: path required: true description: Unique identifier of the log forwarding profile. schema: type: string example: '684382' responses: '200': description: Email destinations returned. content: application/json: schema: type: object properties: total: type: integer items: type: array items: $ref: '#/components/schemas/EmailDestination' examples: ListEmailDestinations200Example: summary: Default listEmailDestinations 200 response x-microcks-default: true value: total: 692 items: - destination_id: '123266' name: Production Sensor 97 gateway: example-gateway from: security-ops@example.com to: security-ops@example.com and_also_to: soc-admin@example.com enabled: true created_at: '2026-02-21T20:59:59Z' - destination_id: '123266' name: Production Sensor 97 gateway: example-gateway from: security-ops@example.com to: security-ops@example.com and_also_to: soc-admin@example.com enabled: true created_at: '2026-02-21T20:59:59Z' '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListEmailDestinations401Example: summary: Default listEmailDestinations 401 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListEmailDestinations403Example: summary: Default listEmailDestinations 403 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '404': description: Log forwarding profile not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListEmailDestinations404Example: summary: Default listEmailDestinations 404 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListEmailDestinations500Example: summary: Default listEmailDestinations 500 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createEmailDestination summary: Palo Alto Networks Create Email Destination description: Adds an email destination to a log forwarding profile. tags: - Email Destinations parameters: - name: profile_id in: path required: true description: Unique identifier of the log forwarding profile. schema: type: string example: '708543' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/EmailDestinationRequest' examples: CreateEmailDestinationRequestExample: summary: Default createEmailDestination request x-microcks-default: true value: name: Production Firewall 78 gateway: example-gateway from: jsmith@example.com to: jane.doe@example.com and_also_to: soc-admin@example.com enabled: true responses: '201': description: Email destination created successfully. content: application/json: schema: $ref: '#/components/schemas/EmailDestination' examples: CreateEmailDestination201Example: summary: Default createEmailDestination 201 response x-microcks-default: true value: destination_id: '123266' name: Production Sensor 97 gateway: example-gateway from: security-ops@example.com to: security-ops@example.com and_also_to: soc-admin@example.com enabled: true created_at: '2026-02-21T20:59:59Z' '400': description: Invalid request body. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateEmailDestination400Example: summary: Default createEmailDestination 400 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateEmailDestination401Example: summary: Default createEmailDestination 401 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateEmailDestination403Example: summary: Default createEmailDestination 403 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '404': description: Log forwarding profile not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateEmailDestination404Example: summary: Default createEmailDestination 404 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateEmailDestination500Example: summary: Default createEmailDestination 500 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 x-microcks-operation: delay: 0 dispatcher: FALLBACK /log-forwarding-profiles/{profile_id}/status: get: operationId: getLogForwardingStatus summary: Palo Alto Networks Get Log Forwarding Profile Status description: >- Returns the current operational status of a log forwarding profile including per-destination connectivity health, last successful delivery timestamps, and error counts. tags: - Log Forwarding Profiles parameters: - name: profile_id in: path required: true description: Unique identifier of the log forwarding profile. schema: type: string example: '829608' responses: '200': description: Log forwarding profile status returned. content: application/json: schema: $ref: '#/components/schemas/ForwardingStatus' examples: GetLogForwardingStatus200Example: summary: Default getLogForwardingStatus 200 response x-microcks-default: true value: profile_id: '626174' overall_status: degraded destinations: &id004 - destination_id: '791939' destination_type: https status: disabled last_successful_delivery: '2024-07-16T07:19:33Z' error_count_24h: 108 last_error: example-last_error - destination_id: '298167' destination_type: email status: error last_successful_delivery: '2024-09-15T04:55:46Z' error_count_24h: 788 last_error: example-last_error '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetLogForwardingStatus401Example: summary: Default getLogForwardingStatus 401 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetLogForwardingStatus403Example: summary: Default getLogForwardingStatus 403 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '404': description: Log forwarding profile not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetLogForwardingStatus404Example: summary: Default getLogForwardingStatus 404 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetLogForwardingStatus500Example: summary: Default getLogForwardingStatus 500 response x-microcks-default: true value: error: example-error message: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: 59fcc104-7100-494b-b0c4-09f9dcc477d9 x-microcks-operation: delay: 0 dispatcher: FALLBACK components: securitySchemes: oauth2Bearer: type: http scheme: bearer bearerFormat: JWT description: >- OAuth 2.0 Bearer token for SASE platform authentication. Obtain using the client_credentials grant with your SASE service account client ID and client secret. schemas: LogForwardingProfile: type: object properties: profile_id: type: string description: Unique identifier of the profile. example: '960762' name: type: string description: Display name of the profile. example: Branch Sensor 06 description: type: string description: Description of the profile's purpose. example: Threat monitoring investigation activity configured rule firewall traffic blocked investigation suspicious monitoring. log_types: type: array items: type: string enum: - traffic - threat - url - wildfire - auth - decryption - globalprotect - system - config description: Log types included in this forwarding profile. example: *id001 enabled: type: boolean description: Whether this profile is actively forwarding logs. example: false destination_count: type: integer description: Total number of configured destinations. example: 931 created_at: type: string format: date-time example: '2026-06-18T01:07:29Z' updated_at: type: string format: date-time example: '2026-10-01T15:28:36Z' LogForwardingProfileRequest: type: object required: - name - log_types properties: name: type: string description: Display name for the profile. example: Staging Gateway 28 description: type: string description: Optional description. example: Applied detected endpoint blocked malware detected suspicious Security on investigation configured endpoint. log_types: type: array items: type: string enum: - traffic - threat - url - wildfire - auth - decryption - globalprotect - system - config description: Log types to include in forwarding. example: *id002 enabled: type: boolean default: true example: true SyslogDestination: type: object properties: destination_id: type: string description: Unique identifier of the syslog destination. example: '414925' name: type: string description: Display name of the destination. example: Staging Firewall 26 server: type: string description: Syslog server hostname or IP address. example: example-server port: type: integer description: Syslog server port. example: 226 protocol: type: string enum: - UDP - TCP - SSL description: Transport protocol for syslog delivery. example: TCP format: type: string enum: - IETF - BSD - CSV description: Syslog message format. example: IETF facility: type: string description: Syslog facility value. example: example-facility enabled: type: boolean example: false created_at: type: string format: date-time example: '2025-03-07T13:34:55Z' SyslogDestinationRequest: type: object required: - name - server - port - protocol properties: name: type: string description: Display name for this syslog destination. example: Branch Sensor 93 server: type: string description: Syslog server hostname or IP address. example: example-server port: type: integer minimum: 1 maximum: 65535 description: Syslog server port number. example: 20582 protocol: type: string enum: - UDP - TCP - SSL description: Transport protocol. example: SSL format: type: string enum: - IETF - BSD - CSV default: IETF example: IETF facility: type: string default: LOG_USER example: LOG_USER enabled: type: boolean default: true example: true HTTPSDestination: type: object properties: destination_id: type: string description: Unique identifier of the HTTPS destination. example: '447836' name: type: string description: Display name of the destination. example: Primary Agent 22 uri: type: string format: uri description: HTTPS endpoint URL where logs are posted. example: https://portal.acme-systems.org/76c1c6 http_method: type: string enum: - POST - PUT description: HTTP method used to deliver logs. example: POST tls_verify: type: boolean description: Whether TLS certificate verification is enabled. example: true enabled: type: boolean example: false created_at: type: string format: date-time example: '2025-12-06T21:23:39Z' HTTPSDestinationRequest: type: object required: - name - uri properties: name: type: string description: Display name for this HTTPS destination. example: Primary Gateway 87 uri: type: string format: uri description: HTTPS endpoint URL. example: https://portal.test-corp.net/ab0d1d http_method: type: string enum: - POST - PUT default: POST example: POST headers: type: object description: Additional HTTP headers to include in log delivery requests. additionalProperties: type: string example: *id003 tls_verify: type: boolean default: true example: true enabled: type: boolean default: true example: true EmailDestination: type: object properties: destination_id: type: string description: Unique identifier of the email destination. example: '123266' name: type: string description: Display name of the destination. example: Production Sensor 97 gateway: type: string description: SMTP server hostname. example: example-gateway from: type: string format: email description: Sender email address. example: security-ops@example.com to: type: string format: email description: Recipient email address. example: security-ops@example.com and_also_to: type: string format: email description: Additional recipient email address. example: soc-admin@example.com enabled: type: boolean example: true created_at: type: string format: date-time example: '2026-02-21T20:59:59Z' EmailDestinationRequest: type: object required: - name - gateway - from - to properties: name: type: string description: Display name for this email destination. example: Production Firewall 78 gateway: type: string description: SMTP server hostname or IP address. example: example-gateway from: type: string format: email description: Sender email address. example: jsmith@example.com to: type: string format: email description: Primary recipient email address. example: jane.doe@example.com and_also_to: type: string format: email description: Additional recipient email address. example: soc-admin@example.com enabled: type: boolean default: true example: true ForwardingStatus: type: object properties: profile_id: type: string description: Log forwarding profile identifier. example: '626174' overall_status: type: string enum: - healthy - degraded - error description: Overall health status of the forwarding profile. example: degraded destinations: type: array description: Per-destination status details. items: type: object properties: destination_id: type: string example: '745564' destination_type: type: string enum: - syslog - https - email example: https status: type: string enum: - healthy - error - disabled example: healthy last_successful_delivery: type: string format: date-time example: '2026-08-09T23:11:14Z' error_count_24h: type: integer example: 677 last_error: type: string example: example-last_error example: *id004 ErrorResponse: type: object properties: error: type: string description: Error code identifying the error type. example: example-error message: type: string description: Human-readable description of the error. example: Monitoring investigation network on activity investigation blocked malware alert activity rule activity. request_id: type: string description: Request identifier for support correlation. example: 59fcc104-7100-494b-b0c4-09f9dcc477d9