diff --git a/openapi-specs/access/insights/3.0/paloaltonetworks-insights_30.yaml b/openapi-specs/access/insights/3.0/paloaltonetworks-insights_30.yaml index b7bf5563b..916360997 100644 --- a/openapi-specs/access/insights/3.0/paloaltonetworks-insights_30.yaml +++ b/openapi-specs/access/insights/3.0/paloaltonetworks-insights_30.yaml @@ -13,7 +13,7 @@ info: \ where the tenants have been onboarded by Palo Alto Networks using a Tenant Service\ \ Group\n(TSG) identifier.\n\nThese APIs use the common SASE authentication mechanism\ \ and base URL. See the\n[Prisma SASE API Get Started](https://pan.dev/sase/docs/getstarted)\ - \ guide for more information.\n\nThis Open API spec file was created on May 13,\ + \ guide for more information.\n\nThis Open API spec file was created on May 30,\ \ 2025. To check for a more recent version of this file, see\n[Prisma Insights\ \ APIs on pan.dev](https://pan.dev//access/api/insights/).\n\n\xA9 2025 Palo Alto\ \ Networks, Inc. Palo Alto Networks is a registered trademark of Palo\nAlto Networks.\ @@ -2277,27 +2277,22 @@ paths: summary: Application Bandwidth Histogram tags: - Application API - /insights/v3.0/resource/query/applications/app_info: + /insights/v3.0/resource/query/applications/accelerated_applications/response_time_before_and_after_improvement: post: - description: 'Retrieve detailed application information, including threats and - traffic details. - - ' - operationId: post-insights-v3.0-resource-query-applications-app_info + description: Retrieves response time data for accelerated applications presenting + response time before and after improvement. + operationId: post-insights-v3.0-resource-query-applications-accelerated_applications-response_time_before_and_after_improvement parameters: - - description: 'Map the region for the tenant. - - ' + - description: Region mapping for the tenant. in: header name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. in: header name: Prisma-Tenant required: false @@ -2312,10 +2307,15 @@ paths: value: filter: rules: - - operator: in - property: app + - operator: last_n_hours + property: event_time values: - - outlook + - 5 + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 With possible filters: value: filter: @@ -2324,50 +2324,23 @@ paths: property: event_time values: - 5 - - operator: in - property: app - values: - - outlook - - operator: in - property: platform_type - values: - - prisma_access - - operator: in - property: security_service_type - values: - - url_filtering - - operator: in - property: severity - values: - - critical - - operator: in - property: app_category - values: - - business - - operator: in - property: risk_of_app - values: - - fair - operator: in property: edge_location_display_name values: - US West - - operator: in - property: threat_category_group - values: - - malware - - operator: eq - property: threats_active + - operator: equals + property: app_accelerated values: - true - operator: in - property: application_type - values: - - web-app - - operator: in - property: source_type + property: app values: - - user + - salesforce + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 schema: properties: filter: @@ -2377,16 +2350,12 @@ paths: properties: app: description: Application name. - example: outlook - type: string - app_category: - description: Category of the application. - example: business - type: string - application_type: - description: Type of application. - example: web-app + example: salesforce type: string + app_accelerated: + description: Whether the application is accelerated. + example: true + type: boolean edge_location_display_name: description: Prisma Access Location. example: US West @@ -2395,43 +2364,30 @@ paths: description: Time of the event. example: 5 type: number - platform_type: - description: Type of platform. - example: prisma_access - type: string - risk_of_app: - description: Risk of the application. - example: fair - type: string - security_service_type: - description: Type of security service. - example: url_filtering - type: string - severity: - description: Severity of the event. - example: critical - type: string - source_type: - description: Source type. - enum: - - user - - iot - - other - example: user - type: string - threat_category_group: - description: Threat category group. - example: malware - type: string - threats_active: - description: Are threats active? - example: true - type: boolean type: object required: - - app + - event_time type: array type: object + histogram: + properties: + enableEmptyInterval: + description: Enable empty intervals. + example: true + type: boolean + property: + description: Property for histogram. + example: event_time + type: string + range: + description: Range for histogram. + example: minute + type: string + value: + description: Value for histogram. + example: 30 + type: integer + type: object type: object required: true responses: @@ -2440,62 +2396,20 @@ paths: application/json: schema: properties: - application_sub_type: - description: Sub type of application. - example: web - type: string - category: - description: Category of the application. - example: business - type: string - data_used_in_models: - description: Is data used in models? - example: true - type: boolean - description: - description: Description of the application. - example: Microsoft Outlook is an email application. - type: string - icon: - description: URL to the application icon. - example: https://example.com/outlook.png - type: string - popularity: - description: Popularity of the application. - example: high - type: string - ports: - description: Ports used by the application. - example: - - 80 - - 443 - items: - type: integer - type: array - risk_of_app: - description: Risk of the application. - example: 3 - type: integer - rule_count: - description: Number of rules associated with the application. - example: 10 - type: integer - status: - description: Status of the application. - example: active - type: string - sub_category: - description: Sub-category of the application. - example: email - type: string - use_cases: - description: Use cases of the application. - example: - - communication - - productivity - items: - type: string - type: array + event_time: + description: Event time. + example: 1709226000000 + type: number + response_time_after_improvement: + description: Response time after improvement. + example: 50.0 + format: float + type: number + response_time_before_improvement: + description: Response time before improvement. + example: 100.0 + format: float + type: number type: object description: OK '400': @@ -2508,29 +2422,25 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Retrieve Application Information + summary: Response time before and after improvement tags: - Application API - /insights/v3.0/resource/query/branch/risky_user_count: + /insights/v3.0/resource/query/applications/accelerated_applications/response_time_before_and_after_improvement_per_app: post: - description: 'Retrieve the number of risky users based on the applied filters. - - ' - operationId: post-insights-v3.0-resource-query-branch-risky_user_count + description: Retrieves response time data for accelerated applications presenting + response time before and after improvement for an particular application. + operationId: post-insights-v3.0-resource-query-applications-accelerated_applications-response_time_before_and_after_improvement_per_app parameters: - - description: 'Map the region for the tenant. - - ' + - description: Region mapping for the tenant. in: header name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. in: header name: Prisma-Tenant required: false @@ -2549,6 +2459,11 @@ paths: property: event_time values: - 5 + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 With possible filters: value: filter: @@ -2558,14 +2473,23 @@ paths: values: - 5 - operator: in - property: platform_type + property: edge_location_display_name values: - - prisma_access - - ngfw + - US West - operator: in - property: username + property: app_accelerated values: - - john.doe + - true + - false + - operator: in + property: app + values: + - salesforce + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 schema: properties: filter: @@ -2573,23 +2497,46 @@ paths: rules: items: properties: - event_time: - description: Time of the event. - example: 5 - type: number - platform_type: - description: Type of platform. - example: prisma_access + app: + description: Application name. + example: salesforce type: string - username: - description: Name of the source user. - example: john.doe + app_accelerated: + description: Whether the application is accelerated. + example: true + type: boolean + edge_location_display_name: + description: Prisma Access Location. + example: US West type: string + event_time: + description: Time of the event. + example: 5 + type: number type: object required: - event_time type: array type: object + histogram: + properties: + enableEmptyInterval: + description: Enable empty intervals. + example: true + type: boolean + property: + description: Property for histogram. + example: event_time + type: string + range: + description: Range for histogram. + example: minute + type: string + value: + description: Value for histogram. + example: 30 + type: integer + type: object type: object required: true responses: @@ -2598,10 +2545,24 @@ paths: application/json: schema: properties: - user_count: - description: Count of risky users. - example: 10034 - type: integer + app: + description: Application name. + example: salesforce + type: string + event_time: + description: Event time. + example: 1678886400000 + type: number + response_time_after_improvement: + description: Response time after improvement. + example: 0.89 + format: float + type: number + response_time_before_improvement: + description: Response time before improvement. + example: 1.23 + format: float + type: number type: object description: OK '400': @@ -2614,15 +2575,16 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Risky User Data + summary: Response time improvement per application tags: - - Branch User API - /insights/v3.0/resource/query/other/risky_user_count: + - Application API + /insights/v3.0/resource/query/applications/app_info: post: - description: 'Retrieve the number of risky users based on the applied filters. + description: 'Retrieve detailed application information, including threats and + traffic details. ' - operationId: post-insights-v3.0-resource-query-other-risky_user_count + operationId: post-insights-v3.0-resource-query-applications-app_info parameters: - description: 'Map the region for the tenant. @@ -2651,10 +2613,10 @@ paths: value: filter: rules: - - operator: last_n_hours - property: event_time + - operator: in + property: app values: - - 5 + - outlook With possible filters: value: filter: @@ -2663,35 +2625,50 @@ paths: property: event_time values: - 5 + - operator: in + property: app + values: + - outlook - operator: in property: platform_type values: - prisma_access - - ngfw - operator: in - property: username + property: security_service_type values: - - john.doe + - url_filtering - operator: in - property: application_name + property: severity values: - - salesforce + - critical - operator: in - property: source_country + property: app_category values: - - US + - business - operator: in - property: source_city + property: risk_of_app values: - - San Jose + - fair - operator: in property: edge_location_display_name values: - US West - operator: in - property: instance_name + property: threat_category_group values: - - fw00 + - malware + - operator: eq + property: threats_active + values: + - true + - operator: in + property: application_type + values: + - web-app + - operator: in + property: source_type + values: + - user schema: properties: filter: @@ -2699,9 +2676,17 @@ paths: rules: items: properties: - application_name: + app: description: Application name. - example: salesforce + example: outlook + type: string + app_category: + description: Category of the application. + example: business + type: string + application_type: + description: Type of application. + example: web-app type: string edge_location_display_name: description: Prisma Access Location. @@ -2711,29 +2696,41 @@ paths: description: Time of the event. example: 5 type: number - instance_name: - description: Name of the instance. - example: fw00 - type: string platform_type: description: Type of platform. example: prisma_access type: string - source__city: - description: City from GeoIP. - example: San Jose + risk_of_app: + description: Risk of the application. + example: fair type: string - source_country: - description: Country from GeoIP. - example: US + security_service_type: + description: Type of security service. + example: url_filtering type: string - username: - description: Name of the source user. - example: john.doe + severity: + description: Severity of the event. + example: critical + type: string + source_type: + description: Source type. + enum: + - user + - iot + - other + example: user + type: string + threat_category_group: + description: Threat category group. + example: malware type: string + threats_active: + description: Are threats active? + example: true + type: boolean type: object required: - - event_time + - app type: array type: object type: object @@ -2744,10 +2741,62 @@ paths: application/json: schema: properties: - user_count: - description: Count of risky users. - example: 100 + application_sub_type: + description: Sub type of application. + example: web + type: string + category: + description: Category of the application. + example: business + type: string + data_used_in_models: + description: Is data used in models? + example: true + type: boolean + description: + description: Description of the application. + example: Microsoft Outlook is an email application. + type: string + icon: + description: URL to the application icon. + example: https://example.com/outlook.png + type: string + popularity: + description: Popularity of the application. + example: high + type: string + ports: + description: Ports used by the application. + example: + - 80 + - 443 + items: + type: integer + type: array + risk_of_app: + description: Risk of the application. + example: 3 + type: integer + rule_count: + description: Number of rules associated with the application. + example: 10 type: integer + status: + description: Status of the application. + example: active + type: string + sub_category: + description: Sub-category of the application. + example: email + type: string + use_cases: + description: Use cases of the application. + example: + - communication + - productivity + items: + type: string + type: array type: object description: OK '400': @@ -2760,30 +2809,25 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Risky User Data + summary: Retrieve Application Information tags: - - Other Users API - /insights/v3.0/resource/query/pab/access_events_blocked: + - Application API + /insights/v3.0/resource/query/applications/internal/app_by_risk_score: post: - description: 'Retrieve the number of blocked Prisma Access Browser events for - access classification categories. - - ' - operationId: post-insights-v3.0-resource-query-pab-access_events_blocked + description: Retrieves application risk score data including risk of apps and + count of apps. + operationId: post-insights-v3.0-resource-query-applications-internal-app_by_risk_score parameters: - - description: 'Map the region for the tenant. - - ' + - description: Region mapping for the tenant. in: header name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. in: header name: Prisma-Tenant required: false @@ -2802,10 +2846,6 @@ paths: property: event_time values: - 5 - - operator: in - property: platform_type - values: - - prisma_access With possible filters: value: filter: @@ -2815,17 +2855,61 @@ paths: values: - 5 - operator: in - property: transformed_user_name + property: app values: - - john.doe + - Zoom - operator: in - property: platform_type + property: app_category values: - - prisma_access + - Collaboration - operator: in - property: app + property: risk_of_app values: - - outlook + - 0 + - operator: in + property: edge_location_display_name + values: + - US West + - operator: in + property: platform_type + values: + - prisma_access + - operator: in + property: application_type + values: + - Business + - operator: in + property: security_service_type + values: + - url_filtering + - operator: in + property: source_type + values: + - user + - operator: eq + property: threats_active + values: + - true + - operator: eq + property: severity + values: + - true + - operator: in + property: threat_category_group + values: + - Malware + - operator: in + property: normalized_tag + values: + - cloud-storage + - operator: in + property: use_cases + values: + - data-loss-prevention + - operator: eq + property: is_genai + values: + - true schema: properties: filter: @@ -2835,24 +2919,82 @@ paths: properties: app: description: Application name. - example: outlook + example: Zoom + type: string + app_category: + description: Application category. + example: Collaboration + type: string + application_type: + description: Application Type. + example: Business + type: string + edge_location_display_name: + description: Prisma Access Location. + example: US West type: string event_time: description: Time of the event. example: 5 type: number + is_genai: + description: Is it a GenAI application? + example: true + type: boolean + normalized_tag: + description: Normalized tag. + example: cloud-storage + type: string platform_type: - description: Type of platform. + description: Platform type. example: prisma_access type: string - transformed_user_name: - description: Username. - example: john.doe + risk_of_app: + description: Risk score of the application. + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + example: 0 + type: integer + security_service_type: + description: Security service type. + enum: + - url_filtering + - threat_protection + - wildfire + example: url_filtering + type: string + severity: + description: Severity of threats. + example: true + type: boolean + source_type: + description: Source type. + enum: + - user + - iot + - other + example: user + type: string + threat_category_group: + description: Threat category group. + example: Malware + type: string + threats_active: + description: Are threats active? + example: true + type: boolean + use_cases: + description: Use cases. + example: data-loss-prevention type: string type: object required: - event_time - - platform_type type: array type: object type: object @@ -2863,10 +3005,14 @@ paths: application/json: schema: properties: - pab_event_count: - description: PAB event count + count_apps: + description: Number of applications. example: 10 type: integer + risk_of_app: + description: Risk score of the application. + example: 3 + type: integer type: object description: OK '400': @@ -2879,30 +3025,25 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Blocked Access Events Data + summary: Get Application Risk Score tags: - Application API - /insights/v3.0/resource/query/pab/access_events_blocked_histogram: + /insights/v3.0/resource/query/applications/internal/app_by_tag: post: - description: 'Retrieve a histogram of blocked Prisma Access Browser events for - access classification categories. - - ' - operationId: post-insights-v3.0-resource-query-pab-access_events_blocked_histogram + description: Retrieves applications by tag including application sub type and + count of applications with associated metadata. + operationId: post-insights-v3.0-resource-query-applications-internal-app_by_tag parameters: - - description: 'Map the region for the tenant. - - ' + - description: Region mapping for the tenant. in: header name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. in: header name: Prisma-Tenant required: false @@ -2921,15 +3062,6 @@ paths: property: event_time values: - 5 - - operator: in - property: platform_type - values: - - prisma_access - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 With possible filters: value: filter: @@ -2939,22 +3071,61 @@ paths: values: - 5 - operator: in - property: transformed_user_name + property: app values: - - john.doe + - Zoom + - operator: in + property: app_category + values: + - Collaboration + - operator: in + property: risk_of_app + values: + - '0' + - operator: in + property: edge_location_display_name + values: + - US West - operator: in property: platform_type values: - prisma_access - operator: in - property: app + property: application_type values: - - box - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 + - Web + - operator: in + property: security_service_type + values: + - url_filtering + - operator: in + property: source_type + values: + - user + - operator: eq + property: threats_active + values: + - true + - operator: eq + property: severity + values: + - true + - operator: in + property: threat_category_group + values: + - Malware + - operator: in + property: normalized_tag + values: + - finance + - operator: in + property: use_cases + values: + - data-loss-prevention + - operator: eq + property: is_genai + values: + - true schema: properties: filter: @@ -2964,40 +3135,91 @@ paths: properties: app: description: Application name. - example: box + example: Zoom + type: string + app_category: + description: Application category. + example: Collaboration + type: string + application_type: + description: Type of application. + example: Web + type: string + edge_location_display_name: + description: Prisma Access Location. + example: US West type: string event_time: description: Time of the event. example: 5 type: number + is_genai: + description: Indicates if the application is GenAI. + example: true + type: boolean + normalized_tag: + description: Normalized tag. + example: finance + type: string platform_type: - description: Type of platform. + description: Platform type. example: prisma_access type: string - transformed_user_name: - description: User name. - example: john.doe + risk_of_app: + description: Risk level of the application. + example: 0 + type: integer + security_service_type: + description: Type of security service. + enum: + - url_filtering + - threat_protection + - wildfire + example: url_filtering type: string - type: object - required: - - event_time - - platform_type - type: array - type: object - type: object - required: true + severity: + description: Indicates the severity of the threat. + example: true + type: boolean + source_type: + description: Source type. + enum: + - user + - iot + - other + example: user + type: string + threat_category_group: + description: Threat category group. + example: Malware + type: string + threats_active: + description: Indicates if threats are active. + example: true + type: boolean + use_cases: + description: Use cases. + example: data-loss-prevention + type: string + type: object + required: + - event_time + type: array + type: object + type: object + required: true responses: '200': content: application/json: schema: properties: - event_time: - description: Event time - example: 1709226000000 - type: number - pab_event_count: - description: PAB event count + application_sub_type: + description: Application subtype. + example: Web App + type: string + count_apps: + description: Count of applications. example: 10 type: integer type: object @@ -3012,30 +3234,25 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Blocked Access Events Histogram Data + summary: Get Applications by Tag tags: - Application API - /insights/v3.0/resource/query/pab/access_events_breakdown_blocked: + /insights/v3.0/resource/query/applications/internal/application_list: post: - description: 'Retrieve a breakdown of blocked Prisma Access Browser events by - type and access classification categories. - - ' - operationId: post-insights-v3.0-resource-query-pab-access_events_breakdown_blocked + description: Retrieves a list of applications with detailed metrics and threat + information. + operationId: post-insights-v3.0-resource-query-applications-internal-application_list parameters: - - description: 'Map the region for the tenant. - - ' + - description: Region mapping for the tenant. in: header name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. in: header name: Prisma-Tenant required: false @@ -3054,10 +3271,6 @@ paths: property: event_time values: - 5 - - operator: in - property: platform_type - values: - - prisma_access With possible filters: value: filter: @@ -3067,17 +3280,97 @@ paths: values: - 5 - operator: in - property: transformed_user_name + property: app + values: + - Zoom + - operator: in + property: app_category + values: + - collaboration + - operator: in + property: risk_of_app + values: + - 3 + - operator: in + property: edge_location_display_name + values: + - US West + - operator: in + property: user_exp_score + values: + - 4 + - operator: in + property: site_exp_score + values: + - 5 + - operator: in + property: user_exp_score_verdict + values: + - good + - operator: in + property: site_exp_score_verdict + values: + - good + - operator: in + property: usergroups + values: + - Employees + - operator: in + property: normalized_username values: - john.doe + - operator: in + property: experience_score + values: + - good + - operator: in + property: application_name + values: + - Zoom - operator: in property: platform_type values: - prisma_access - operator: in - property: app + property: application_type values: - - gmail + - web-based + - operator: in + property: security_service_type + values: + - url_filtering + - operator: in + property: source_type + values: + - user + - operator: in + property: threats_active + values: + - true + - operator: in + property: severity + values: + - true + - operator: in + property: threat_category_group + values: + - malware + - operator: in + property: normalized_tag + values: + - critical + - operator: in + property: use_cases + values: + - business + - operator: in + property: is_genai + values: + - true + - operator: in + property: quantum_status_tag + values: + - enabled schema: properties: filter: @@ -3087,24 +3380,103 @@ paths: properties: app: description: Application name. - example: gmail + example: Zoom + type: string + app_category: + description: Application category. + example: collaboration + type: string + application_name: + description: Application name. + example: Zoom + type: string + application_type: + description: Application type. + example: web-based + type: string + edge_location_display_name: + description: Prisma Access Location. + example: US West type: string event_time: description: Time of the event. - example: 5 + example: 1678886400000 type: number + experience_score: + description: Experience score. + example: good + type: string + is_genai: + description: Indicates if it is GenAI. + example: true + type: boolean + normalized_tag: + description: Normalized tag. + example: critical + type: string + normalized_username: + description: Normalized username. + example: john.doe + type: string platform_type: - description: Type of platform. + description: Platform type. example: prisma_access type: string - transformed_user_name: - description: Username. - example: john.doe + quantum_status_tag: + description: Quantum status tag. + example: enabled + type: string + risk_of_app: + description: Risk level of the application. + example: 3 + type: integer + security_service_type: + description: Security service type. + example: url_filtering + type: string + severity: + description: Indicates the severity of threats. + example: true + type: boolean + site_exp_score: + description: Site experience score. + example: 5 + type: integer + site_exp_score_verdict: + description: Site experience score verdict. + example: good + type: string + source_type: + description: Source type. + example: user + type: string + threat_category_group: + description: Threat category group. + example: malware + type: string + threats_active: + description: Indicates if threats are active. + example: true + type: boolean + use_cases: + description: Use cases. + example: business + type: string + user_exp_score: + description: User experience score. + example: 4 + type: integer + user_exp_score_verdict: + description: User experience score verdict. + example: good + type: string + usergroups: + description: User groups. + example: Employees type: string type: object required: - event_time - - platform_type type: array type: object type: object @@ -3115,17 +3487,103 @@ paths: application/json: schema: properties: - pab_event_count: - description: PAB event count - example: 10 - type: integer - type: - description: Type of event - example: File Open - type: string - type: object - description: OK - '400': + accelerated: + description: Indicates if the application is accelerated. + example: true + type: boolean + app: + description: Application name. + example: Zoom + type: string + app_category: + description: Application category. + example: collaboration + type: string + app_sub_category: + description: Application sub-category. + example: video-conferencing + type: string + application_sub_type: + description: Application sub type. + example: web + type: string + application_test_name: + description: Application test name. + example: Zoom Test + type: string + application_test_target_name: + description: Application test target name. + example: Zoom Target + type: string + avg_throughput: + description: Average throughput. + example: 1000000.0 + format: float + type: number + pab_event_count: + description: PAB event count. + example: 20 + type: integer + port: + description: Port number. + example: 443 + type: integer + quantum_status_tag: + description: Quantum status tag. + example: enabled + type: string + risk_of_app: + description: Risk level of the application. + example: 3 + type: integer + rule_name: + description: Rule name. + example: Zoom Rule + type: string + site_exp_score: + description: Site experience score. + example: 5 + type: integer + site_exp_score_verdict: + description: Site experience score verdict. + example: good + type: string + site_exp_test_uuid: + description: Site experience test UUID. + example: 550e8400-e29b-41d4-a716-446655440001 + type: string + total_threats: + description: Total number of threats detected. + example: 10 + type: integer + url_count: + description: Number of URLs. + example: 50 + type: integer + usage_bytes: + description: Total usage in bytes. + example: 1000000000.0 + format: float + type: number + user_count: + description: Number of users. + example: 100 + type: integer + user_exp_score: + description: User experience score. + example: 4 + type: integer + user_exp_score_verdict: + description: User experience score verdict. + example: good + type: string + user_exp_test_uuid: + description: User experience test UUID. + example: 550e8400-e29b-41d4-a716-446655440000 + type: string + type: object + description: OK + '400': description: Resource property is not valid '403': description: Permission Denied @@ -3135,30 +3593,25 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Blocked Access Events Breakdown Data + summary: Get Application List tags: - Application API - /insights/v3.0/resource/query/pab/access_events_breakdown_histogram: + /insights/v3.0/resource/query/applications/internal/total_data_transfer_application: post: - description: 'Retrieve a histogram of Prisma Access Browser events breakdown - by type and access classification categories. - - ' - operationId: post-insights-v3.0-resource-query-pab-access_events_breakdown_histogram + description: Retrieves the total data transfer for each application. This includes + information such as category of an application and total data usage. + operationId: post-insights-v3.0-resource-query-applications-internal-total_data_transfer_application parameters: - - description: 'Map the region for the tenant. - - ' + - description: Region mapping for the tenant. in: header name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. in: header name: Prisma-Tenant required: false @@ -3177,15 +3630,6 @@ paths: property: event_time values: - 5 - - operator: in - property: platform_type - values: - - prisma_access - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 With possible filters: value: filter: @@ -3195,22 +3639,61 @@ paths: values: - 5 - operator: in - property: transformed_user_name + property: app values: - - john.doe + - Zoom + - operator: in + property: app_category + values: + - collaboration + - operator: in + property: risk_of_app + values: + - 0 + - operator: in + property: edge_location_display_name + values: + - US West - operator: in property: platform_type values: - prisma_access - operator: in - property: app + property: application_type values: - - salesforce - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 + - web-based + - operator: in + property: security_service_type + values: + - url_filtering + - operator: in + property: source_type + values: + - user + - operator: in + property: threats_active + values: + - true + - operator: in + property: severity + values: + - true + - operator: in + property: threat_category_group + values: + - malware + - operator: in + property: normalized_tag + values: + - finance + - operator: in + property: use_cases + values: + - data-transfer + - operator: in + property: is_genai + values: + - 'false' schema: properties: filter: @@ -3220,24 +3703,75 @@ paths: properties: app: description: Application name. - example: salesforce + example: Zoom + type: string + app_category: + description: Application category. + example: collaboration + type: string + application_type: + description: Type of application. + example: web-based + type: string + edge_location_display_name: + description: Prisma Access Location. + example: US West type: string event_time: description: Time of the event. - example: 5 + example: 1678886400000 type: number + is_genai: + description: Is it a GenAI application. + example: false + type: boolean + normalized_tag: + description: Normalized tag. + example: finance + type: string platform_type: description: Platform type. example: prisma_access type: string - transformed_user_name: - description: User name. - example: john.doe + risk_of_app: + description: Risk level of the application. + example: 0 + type: integer + security_service_type: + description: Type of security service. + enum: + - url_filtering + - threat_protection + - wildfire + example: url_filtering + type: string + severity: + description: Severity of the threat. + example: true + type: boolean + source_type: + description: Source type. + enum: + - user + - iot + - other + example: user + type: string + threat_category_group: + description: Threat category group. + example: malware + type: string + threats_active: + description: Indicates if threats are active. + example: true + type: boolean + use_cases: + description: Use cases. + example: data-transfer type: string type: object required: - event_time - - platform_type type: array type: object type: object @@ -3248,14 +3782,15 @@ paths: application/json: schema: properties: - event_time: - description: Event time - example: 1709226000000 + app_category: + description: Application category. + example: collaboration + type: string + total_data_usage: + description: Total data usage in bytes. + example: 1000000000.0 + format: float type: number - pab_event_count: - description: PAB event count - example: 10 - type: integer type: object description: OK '400': @@ -3268,30 +3803,25 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Access Events Breakdown Histogram Data + summary: Get total data transfer per application tags: - Application API - /insights/v3.0/resource/query/pab/access_events_histogram: + /insights/v3.0/resource/query/applications/internal/total_data_transfer_by_destination: post: - description: 'Retrieve a histogram of Prisma Access Browser events by type and - access classification categories. - - ' - operationId: post-insights-v3.0-resource-query-pab-access_events_histogram + description: Retrieves total data transfer by destination. This includes information + such as destination and total bytes metrics. + operationId: post-insights-v3.0-resource-query-applications-internal-total_data_transfer_by_destination parameters: - - description: 'Map the region for the tenant. - - ' + - description: Region mapping for the tenant. in: header name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. in: header name: Prisma-Tenant required: false @@ -3310,15 +3840,6 @@ paths: property: event_time values: - 5 - - operator: in - property: platform_type - values: - - prisma_access - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 With possible filters: value: filter: @@ -3328,23 +3849,61 @@ paths: values: - 5 - operator: in - property: transformed_user_name + property: app values: - - john.doe + - Box + - operator: in + property: app_category + values: + - general-internet + - operator: in + property: risk_of_app + values: + - 3 + - operator: in + property: edge_location_display_name + values: + - US West - operator: in property: platform_type values: - prisma_access - operator: in - property: app + property: application_type values: - - zoom - - salesforce - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 + - saas + - operator: in + property: security_service_type + values: + - url_filtering + - operator: in + property: source_type + values: + - user + - operator: in + property: threats_active + values: + - true + - operator: in + property: severity + values: + - critical + - operator: in + property: threat_category_group + values: + - malware + - operator: in + property: normalized_tag + values: + - finance + - operator: in + property: use_cases + values: + - data-loss-prevention + - operator: in + property: is_genai + values: + - true schema: properties: filter: @@ -3354,24 +3913,68 @@ paths: properties: app: description: Application name. - example: zoom + example: Box + type: string + app_category: + description: Application category. + example: general-internet + type: string + application_type: + description: Application type. + example: saas + type: string + edge_location_display_name: + description: Prisma Access Location. + example: US West type: string event_time: description: Time of the event. example: 5 type: number + is_genai: + description: Is it a GenAI application? true or false + example: true + type: boolean + normalized_tag: + description: Normalized tag. + example: finance + type: string platform_type: description: Platform type. example: prisma_access type: string - transformed_user_name: - description: Username. - example: john.doe + risk_of_app: + description: Risk of the application. + example: 3 + type: integer + security_service_type: + description: Security service type. It can be url_filtering, + threat_protection, wildfire + example: url_filtering + type: string + severity: + description: Severity of the threat. + example: critical + type: string + source_type: + description: Source type. It can be user, iot, other + example: user + type: string + threat_category_group: + description: Threat category group. + example: malware + type: string + threats_active: + description: Are threats active? It can be true or false + example: true + type: boolean + use_cases: + description: Use cases. + example: data-loss-prevention type: string type: object required: - event_time - - platform_type type: array type: object type: object @@ -3382,14 +3985,15 @@ paths: application/json: schema: properties: - event_time: - description: Event time - example: 1709226000000 + destination: + description: Destination of the data transfer. + example: 192.168.1.1 + type: string + total_bytes: + description: Total bytes transferred to the destination. + example: 1000000.0 + format: float type: number - pab_event_count: - description: PAB event count - example: 10 - type: integer type: object description: OK '400': @@ -3402,14 +4006,14 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Access Events Histogram Data + summary: Get total data transfer by destination tags: - Application API - /insights/v3.0/resource/query/pab/data_events_blocked: + /insights/v3.0/resource/query/applications/pab/access_events: post: - description: Retrieves the count of prisma access browser events for data classification - category and if the event is blocked. - operationId: post-insights-v3.0-resource-query-pab-data_events_blocked + description: Retrieves the count of prisma access browser events for access + classification category. + operationId: post-insights-v3.0-resource-query-applications-pab-access_events parameters: - description: Region mapping for the tenant. in: header @@ -3462,8 +4066,7 @@ paths: - operator: in property: app values: - - Zoom - - Slack + - salesforce schema: properties: filter: @@ -3473,7 +4076,7 @@ paths: properties: app: description: Application name. - example: Zoom + example: salesforce type: string event_time: description: Time of the event. @@ -3517,30 +4120,25 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Get Data Events Blocked + summary: Get Access Events tags: - Application API - /insights/v3.0/resource/query/pab/data_events_blocked_histogram: + /insights/v3.0/resource/query/applications/pab/access_events_breakdown: post: - description: 'Retrieve a histogram of blocked Prisma Access Browser events for - data classification categories. - - ' - operationId: post-insights-v3.0-resource-query-pab-data_events_blocked_histogram + description: Retrieves the breakdown of type and the count of prisma access + browser events for access classification category. + operationId: post-insights-v3.0-resource-query-applications-pab-access_events_breakdown parameters: - - description: 'Map the region for the tenant. - - ' + - description: Region mapping for the tenant. in: header name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. in: header name: Prisma-Tenant required: false @@ -3563,11 +4161,6 @@ paths: property: platform_type values: - prisma_access - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 With possible filters: value: filter: @@ -3587,12 +4180,8 @@ paths: - operator: in property: app values: - - Zoom - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 + - zoom + - salesforce schema: properties: filter: @@ -3602,7 +4191,7 @@ paths: properties: app: description: Application name. - example: Zoom + example: zoom type: string event_time: description: Time of the event. @@ -3630,14 +4219,14 @@ paths: application/json: schema: properties: - event_time: - description: Event time - example: 1709226000000 - type: number pab_event_count: description: PAB event count example: 10 type: integer + type: + description: Type of event + example: File Open + type: string type: object description: OK '400': @@ -3650,30 +4239,24 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Blocked Data Events Histogram Data + summary: Get Access Events Breakdown tags: - Application API - /insights/v3.0/resource/query/pab/data_events_breakdown: + /insights/v3.0/resource/query/applications/pab/access_events_breakdown_blocked_histogram: post: - description: 'Retrieve a breakdown of Prisma Access Browser events by type and - data classification categories. - - ' - operationId: post-insights-v3.0-resource-query-pab-data_events_breakdown + description: Access Events Breakdown Blocked Histogram + operationId: post-insights-v3.0-resource-query-applications-pab-access_events_breakdown_blocked_histogram parameters: - - description: 'Map the region for the tenant. - - ' + - description: Region mapping for the tenant. in: header name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. in: header name: Prisma-Tenant required: false @@ -3696,6 +4279,11 @@ paths: property: platform_type values: - prisma_access + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 With possible filters: value: filter: @@ -3715,8 +4303,12 @@ paths: - operator: in property: app values: - - Zoom - - Slack + - zoom + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 schema: properties: filter: @@ -3726,7 +4318,7 @@ paths: properties: app: description: Application name. - example: Zoom + example: zoom type: string event_time: description: Time of the event. @@ -3746,22 +4338,41 @@ paths: - platform_type type: array type: object - type: object - required: true - responses: - '200': - content: - application/json: - schema: - properties: - pab_event_count: - description: PAB event count - example: 10 - type: integer - type: - description: Type of event - example: File Open - type: string + histogram: + properties: + enableEmptyInterval: + description: Whether to include empty intervals in the histogram. + example: true + type: boolean + property: + description: The property to create a histogram for. + example: event_time + type: string + range: + description: The range for the histogram. + example: minute + type: string + value: + description: The value for the histogram range. + example: 30 + type: integer + type: object + type: object + required: true + responses: + '200': + content: + application/json: + schema: + properties: + event_time: + description: Event time + example: 1709226000000 + type: number + pab_event_count: + description: PAB event count + example: 10 + type: integer type: object description: OK '400': @@ -3774,30 +4385,25 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Data Events Breakdown + summary: Get access events breakdown blocked histogram tags: - Application API - /insights/v3.0/resource/query/pab/data_events_breakdown_blocked: + /insights/v3.0/resource/query/applications/pab/data_events: post: - description: 'Retrieve a breakdown of blocked Prisma Access Browser events by - type and data classification categories. - - ' - operationId: post-insights-v3.0-resource-query-pab-data_events_breakdown_blocked + description: Retrieves the count of prisma access browser events for data classification + category. + operationId: post-insights-v3.0-resource-query-applications-pab-data_events parameters: - - description: 'Map the region for the tenant. - - ' + - description: Region mapping for the tenant. in: header name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. in: header name: Prisma-Tenant required: false @@ -3836,11 +4442,11 @@ paths: property: platform_type values: - prisma_access - - ngfw - operator: in property: app values: - - gmail + - zoom + - salesforce schema: properties: filter: @@ -3850,7 +4456,7 @@ paths: properties: app: description: Application name. - example: gmail + example: zoom type: string event_time: description: Time of the event. @@ -3862,7 +4468,7 @@ paths: type: string transformed_user_name: description: Username. - example: test_user + example: john.doe type: string type: object required: @@ -3882,10 +4488,6 @@ paths: description: PAB event count example: 10 type: integer - type: - description: Type of event - example: File Open - type: string type: object description: OK '400': @@ -3898,15 +4500,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Blocked Data Events Breakdown + summary: Get Data Events tags: - Application API - /insights/v3.0/resource/query/pab/data_events_breakdown_blocked_histogram: + /insights/v3.0/resource/query/branch/risky_user_count: post: - description: 'Retrieve a histogram of blocked data events breakdown. + description: 'Retrieve the number of risky users based on the applied filters. ' - operationId: post-insights-v3.0-resource-query-pab-data_events_breakdown_blocked_histogram + operationId: post-insights-v3.0-resource-query-branch-risky_user_count parameters: - description: 'Map the region for the tenant. @@ -3939,15 +4541,6 @@ paths: property: event_time values: - 5 - - operator: in - property: platform_type - values: - - prisma_access - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 With possible filters: value: filter: @@ -3956,23 +4549,15 @@ paths: property: event_time values: - 5 - - operator: in - property: transformed_user_name - values: - - john.doe - operator: in property: platform_type values: - prisma_access + - ngfw - operator: in - property: app + property: username values: - - Zoom - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 + - john.doe schema: properties: filter: @@ -3980,26 +4565,21 @@ paths: rules: items: properties: - app: - description: Application name. - example: Zoom - type: string event_time: description: Time of the event. example: 5 type: number platform_type: - description: Platform type. + description: Type of platform. example: prisma_access type: string - transformed_user_name: - description: User name. + username: + description: Name of the source user. example: john.doe type: string type: object required: - event_time - - platform_type type: array type: object type: object @@ -4010,13 +4590,9 @@ paths: application/json: schema: properties: - event_time: - description: Event time - example: 1709226000000 - type: number - pab_event_count: - description: PAB event count - example: 10 + user_count: + description: Count of risky users. + example: 10034 type: integer type: object description: OK @@ -4030,16 +4606,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Blocked Data Events Histogram + summary: Risky User Data tags: - - Application API - /insights/v3.0/resource/query/pab/data_events_breakdown_histogram: + - Branch User API + /insights/v3.0/resource/query/other/risky_user_count: post: - description: 'Retrieve a histogram of data events breakdown by type and data - classification categories. + description: 'Retrieve the number of risky users based on the applied filters. ' - operationId: post-insights-v3.0-resource-query-pab-data_events_breakdown_histogram + operationId: post-insights-v3.0-resource-query-other-risky_user_count parameters: - description: 'Map the region for the tenant. @@ -4072,15 +4647,6 @@ paths: property: event_time values: - 5 - - operator: in - property: platform_type - values: - - prisma_access - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 With possible filters: value: filter: @@ -4090,22 +4656,34 @@ paths: values: - 5 - operator: in - property: transformed_user_name + property: platform_type + values: + - prisma_access + - ngfw + - operator: in + property: username values: - john.doe - operator: in - property: platform_type + property: application_name values: - - prisma_access + - salesforce - operator: in - property: app + property: source_country values: - - Zoom - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 + - US + - operator: in + property: source_city + values: + - San Jose + - operator: in + property: edge_location_display_name + values: + - US West + - operator: in + property: instance_name + values: + - fw00 schema: properties: filter: @@ -4113,26 +4691,41 @@ paths: rules: items: properties: - app: + application_name: description: Application name. - example: Zoom + example: salesforce + type: string + edge_location_display_name: + description: Prisma Access Location. + example: US West type: string event_time: description: Time of the event. example: 5 type: number + instance_name: + description: Name of the instance. + example: fw00 + type: string platform_type: description: Type of platform. example: prisma_access type: string - transformed_user_name: - description: User name. + source__city: + description: City from GeoIP. + example: San Jose + type: string + source_country: + description: Country from GeoIP. + example: US + type: string + username: + description: Name of the source user. example: john.doe type: string type: object required: - event_time - - platform_type type: array type: object type: object @@ -4143,13 +4736,9 @@ paths: application/json: schema: properties: - event_time: - description: Event time - example: 1709226000000 - type: number - pab_event_count: - description: PAB event count - example: 10 + user_count: + description: Count of risky users. + example: 100 type: integer type: object description: OK @@ -4163,16 +4752,16 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Data Events Breakdown Histogram + summary: Risky User Data tags: - - Application API - /insights/v3.0/resource/query/pab/data_events_histogram: + - Other Users API + /insights/v3.0/resource/query/pab/access_events_blocked: post: - description: 'Retrieve a histogram of data events by type and data classification - categories. + description: 'Retrieve the number of blocked Prisma Access Browser events for + access classification categories. ' - operationId: post-insights-v3.0-resource-query-pab-data_events_histogram + operationId: post-insights-v3.0-resource-query-pab-access_events_blocked parameters: - description: 'Map the region for the tenant. @@ -4209,11 +4798,6 @@ paths: property: platform_type values: - prisma_access - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 With possible filters: value: filter: @@ -4233,12 +4817,7 @@ paths: - operator: in property: app values: - - box - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 + - outlook schema: properties: filter: @@ -4248,7 +4827,7 @@ paths: properties: app: description: Application name. - example: box + example: outlook type: string event_time: description: Time of the event. @@ -4276,10 +4855,6 @@ paths: application/json: schema: properties: - event_time: - description: Event time - example: 1709226000000 - type: number pab_event_count: description: PAB event count example: 10 @@ -4296,19 +4871,22 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Data Events Histogram + summary: Blocked Access Events Data tags: - Application API - /insights/v3.0/resource/query/sites/bandwidth_consumption_histogram: + /insights/v3.0/resource/query/pab/access_events_blocked_histogram: post: - description: 'Retrieve histogram data on bandwidth consumption. + description: 'Retrieve a histogram of blocked Prisma Access Browser events for + access classification categories. ' - operationId: post-insights-v3.0-resource-query-sites-bandwidth_consumption_histogram + operationId: post-insights-v3.0-resource-query-pab-access_events_blocked_histogram parameters: - - description: CDL Region + - description: 'Map the region for the tenant. + + ' in: header - name: PANW-Region + name: X-PANW-Region required: true schema: example: americas @@ -4335,6 +4913,10 @@ paths: property: event_time values: - 5 + - operator: in + property: platform_type + values: + - prisma_access histogram: enableEmptyInterval: true property: event_time @@ -4349,40 +4931,17 @@ paths: values: - 5 - operator: in - property: site_state + property: transformed_user_name values: - - 1 - - 2 - - 3 - - 4 - - operator: in - property: edge_location_display_name - values: - - US West - - operator: in - property: site_name - values: - - Remote-Conn1 - - operator: in - property: node_type - values: - - 48 - - 157 - - operator: in - property: instance_state - values: - - 0 - - 1 - - 2 + - john.doe - operator: in - property: aggregate_region_display_name + property: platform_type values: - - US West + - prisma_access - operator: in - property: transport_type + property: app values: - - IPSEC - - GRE + - box histogram: enableEmptyInterval: true property: event_time @@ -4395,37 +4954,26 @@ paths: rules: items: properties: - aggregate_region_display_name: - description: Compute Location - example: US West - type: string - edge_location_display_name: - description: Prisma Access Locations - example: US West + app: + description: Application name. + example: box type: string event_time: description: Time of the event. example: 5 type: number - instance_state: - description: State of Instance - example: 0 - type: number - node_type: - description: Type of node to which site is connected - example: 48 - type: number - site_state: - description: State of the site - example: 1 - type: number - transport_type: - description: Type of tunnel - example: IPSEC + platform_type: + description: Type of platform. + example: prisma_access + type: string + transformed_user_name: + description: User name. + example: john.doe type: string type: object required: - event_time + - platform_type type: array type: object type: object @@ -4436,40 +4984,14 @@ paths: application/json: schema: properties: - avg_egress: - description: Average egress bandwidth consumed - example: 1000000.0 - format: float - type: number - avg_ingress: - description: Average ingress bandwidth consumed - example: 1000000.0 - format: float - type: number event_time: description: Event time example: 1709226000000 type: number - median_egress: - description: Median egress bandwidth consumed - example: 1000000.0 - format: float - type: number - median_ingress: - description: Median ingress bandwidth consumed - example: 1000000.0 - format: float - type: number - peak_egress: - description: Peak egress bandwidth consumed - example: 1000000.0 - format: float - type: number - peak_ingress: - description: Peak ingress bandwidth consumed - example: 1000000.0 - format: float - type: number + pab_event_count: + description: PAB event count + example: 10 + type: integer type: object description: OK '400': @@ -4482,19 +5004,22 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Bandwidth Consumption Histogram + summary: Blocked Access Events Histogram Data tags: - - Sites API - /insights/v3.0/resource/query/sites/session_count: + - Application API + /insights/v3.0/resource/query/pab/access_events_breakdown_blocked: post: - description: 'Retrieve the number of sessions. + description: 'Retrieve a breakdown of blocked Prisma Access Browser events by + type and access classification categories. ' - operationId: post-insights-v3.0-resource-query-sites-session_count + operationId: post-insights-v3.0-resource-query-pab-access_events_breakdown_blocked parameters: - - description: CDL Region + - description: 'Map the region for the tenant. + + ' in: header - name: PANW-Region + name: X-PANW-Region required: true schema: example: americas @@ -4513,18 +5038,38 @@ paths: content: application/json: examples: + With mandatory filters: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + - operator: in + property: platform_type + values: + - prisma_access With possible filters: value: filter: rules: + - operator: last_n_hours + property: event_time + values: + - 5 - operator: in - property: node_type + property: transformed_user_name values: - - 51 + - john.doe - operator: in - property: site_name + property: platform_type values: - - Remote-Conn1 + - prisma_access + - operator: in + property: app + values: + - gmail schema: properties: filter: @@ -4532,15 +5077,26 @@ paths: rules: items: properties: - node_type: - description: Type of the node - example: 51 + app: + description: Application name. + example: gmail + type: string + event_time: + description: Time of the event. + example: 5 type: number - site_name: - description: Site name - example: Remote-Conn1 + platform_type: + description: Type of platform. + example: prisma_access + type: string + transformed_user_name: + description: Username. + example: john.doe type: string type: object + required: + - event_time + - platform_type type: array type: object type: object @@ -4551,14 +5107,14 @@ paths: application/json: schema: properties: - active_max_sessions: - description: Maximum number of active sessions + pab_event_count: + description: PAB event count example: 10 - type: number - active_sessions: - description: Number of active sessions - example: 5 - type: number + type: integer + type: + description: Type of event + example: File Open + type: string type: object description: OK '400': @@ -4571,19 +5127,22 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Retrieve Session Data + summary: Blocked Access Events Breakdown Data tags: - - Sites API - /insights/v3.0/resource/query/sites/site_count: + - Application API + /insights/v3.0/resource/query/pab/access_events_breakdown_histogram: post: - description: 'Retrieve the number of sites. + description: 'Retrieve a histogram of Prisma Access Browser events breakdown + by type and access classification categories. ' - operationId: post-insights-v3.0-resource-query-sites-site_count + operationId: post-insights-v3.0-resource-query-pab-access_events_breakdown_histogram parameters: - - description: CDL Region + - description: 'Map the region for the tenant. + + ' in: header - name: PANW-Region + name: X-PANW-Region required: true schema: example: americas @@ -4602,14 +5161,48 @@ paths: content: application/json: examples: + With mandatory filters: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + - operator: in + property: platform_type + values: + - prisma_access + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 With possible filters: value: filter: rules: + - operator: last_n_hours + property: event_time + values: + - 5 - operator: in - property: node_type + property: transformed_user_name values: - - 48 + - john.doe + - operator: in + property: platform_type + values: + - prisma_access + - operator: in + property: app + values: + - salesforce + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 schema: properties: filter: @@ -4617,12 +5210,27 @@ paths: rules: items: properties: - node_type: - description: Type of the node - example: 48 + app: + description: Application name. + example: salesforce + type: string + event_time: + description: Time of the event. + example: 5 type: number + platform_type: + description: Platform type. + example: prisma_access + type: string + transformed_user_name: + description: User name. + example: john.doe + type: string type: object - type: array + required: + - event_time + - platform_type + type: array type: object type: object required: true @@ -4632,14 +5240,14 @@ paths: application/json: schema: properties: - node_type: - description: node type - example: 48 + event_time: + description: Event time + example: 1709226000000 type: number - site_count: - description: Site Count + pab_event_count: + description: PAB event count example: 10 - type: number + type: integer type: object description: OK '400': @@ -4652,19 +5260,22 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Retrieve Site Data + summary: Access Events Breakdown Histogram Data tags: - - Sites API - /insights/v3.0/resource/query/sites/site_location_search_contains: + - Application API + /insights/v3.0/resource/query/pab/access_events_histogram: post: - description: 'Retrieve location search data for sites. + description: 'Retrieve a histogram of Prisma Access Browser events by type and + access classification categories. ' - operationId: post-insights-v3.0-resource-query-sites-site_location_search_contains + operationId: post-insights-v3.0-resource-query-pab-access_events_histogram parameters: - - description: CDL Region + - description: 'Map the region for the tenant. + + ' in: header - name: PANW-Region + name: X-PANW-Region required: true schema: example: americas @@ -4683,14 +5294,49 @@ paths: content: application/json: examples: + With mandatory filters: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + - operator: in + property: platform_type + values: + - prisma_access + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 With possible filters: value: filter: rules: - - operator: equals - property: location + - operator: last_n_hours + property: event_time values: - - United States, Ashburn + - 5 + - operator: in + property: transformed_user_name + values: + - john.doe + - operator: in + property: platform_type + values: + - prisma_access + - operator: in + property: app + values: + - zoom + - salesforce + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 schema: properties: filter: @@ -4698,11 +5344,26 @@ paths: rules: items: properties: - location: - description: Location of the site - example: United States, Ashburn + app: + description: Application name. + example: zoom + type: string + event_time: + description: Time of the event. + example: 5 + type: number + platform_type: + description: Platform type. + example: prisma_access + type: string + transformed_user_name: + description: Username. + example: john.doe type: string type: object + required: + - event_time + - platform_type type: array type: object type: object @@ -4712,14 +5373,16 @@ paths: content: application/json: schema: - items: - properties: - location: - description: Site Location - example: United States, Ashburn - type: string - type: object - type: array + properties: + event_time: + description: Event time + example: 1709226000000 + type: number + pab_event_count: + description: PAB event count + example: 10 + type: integer + type: object description: OK '400': description: Resource property is not valid @@ -4731,27 +5394,25 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Site Location Search + summary: Access Events Histogram Data tags: - - Sites API - /insights/v3.0/resource/query/sites/site_traffic: + - Application API + /insights/v3.0/resource/query/pab/data_events_blocked: post: - description: 'Retrieve detailed information on site traffic. - - ' - operationId: post-insights-v3.0-resource-query-sites-site_traffic + description: Retrieves the count of prisma access browser events for data classification + category and if the event is blocked. + operationId: post-insights-v3.0-resource-query-pab-data_events_blocked parameters: - - description: CDL Region + - description: Region mapping for the tenant. in: header - name: PANW-Region + name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. in: header name: Prisma-Tenant required: false @@ -4762,7 +5423,7 @@ paths: content: application/json: examples: - api with all possible filters: + With mandatory filters: value: filter: rules: @@ -4771,44 +5432,10 @@ paths: values: - 5 - operator: in - property: node_type - values: - - 48 - - operator: in - property: edge_location_display_name - values: - - us-west - - operator: in - property: site_name - values: - - Remote-Conn1 - - operator: in - property: site_state - values: - - 1 - - 2 - - 3 - - 4 - - operator: in - property: spn_name - values: - - SPN1 - - operator: in - property: instance_state - values: - - 0 - - 1 - - 2 - - operator: in - property: compute_location - values: - - us-east - - operator: in - property: transport_type + property: platform_type values: - - IPSEC - - GRE - api with required filters: + - prisma_access + With possible filters: value: filter: rules: @@ -4816,6 +5443,19 @@ paths: property: event_time values: - 5 + - operator: in + property: transformed_user_name + values: + - john.doe + - operator: in + property: platform_type + values: + - prisma_access + - operator: in + property: app + values: + - Zoom + - Slack schema: properties: filter: @@ -4823,45 +5463,26 @@ paths: rules: items: properties: - compute_location: - description: Location of the device - example: US East - type: string - edge_location_display_name: - description: Name of PA location - example: US West + app: + description: Application name. + example: Zoom type: string event_time: - description: Time of the event + description: Time of the event. example: 5 type: number - instance_state: - description: State of the instance - example: 0 - type: number - node_type: - description: Type of the node - example: 48 - type: number - site_name: - description: Name of the site - example: Remote-Conn1 - type: string - site_state: - description: State of the site - example: 1 - type: number - spn_name: - description: Name of the SPN - example: SPN1 + platform_type: + description: Platform type. + example: prisma_access type: string - transport_type: - description: Type of transport - example: IPSEC + transformed_user_name: + description: Username. + example: john.doe type: string type: object required: - event_time + - platform_type type: array type: object type: object @@ -4872,36 +5493,10 @@ paths: application/json: schema: properties: - egress_bytes_pa_to_gcp: - description: Total Egress Bandwidth consumed from PA to GCP - example: 1000000.0 - format: float - type: number - egress_bytes_pa_to_internet: - description: Total Egress Bandwidth consumed from PA to Internet - example: 1000000.0 - format: float - type: number - egress_bytes_transferred: - description: Total Egress Bandwidth consumed - example: 1000000.0 - format: float - type: number - ingress_bytes_transferred: - description: Total Ingress Bandwidth consumed - example: 1000000.0 - format: float - type: number - pa_to_gcp_distr: - description: Percentage of traffic from PA to GCP - example: 1000000.0 - format: float - type: number - pa_to_internet_distr: - description: Percentage of traffic from PA to Internet - example: 1000000.0 - format: float - type: number + pab_event_count: + description: PAB event count + example: 10 + type: integer type: object description: OK '400': @@ -4914,16 +5509,16 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Site Traffic Details + summary: Get Data Events Blocked tags: - - Sites API - /insights/v3.0/resource/query/user/monitored/user_count: + - Application API + /insights/v3.0/resource/query/pab/data_events_blocked_histogram: post: - description: 'Retrieve the number of monitored users, with options for applying - filters. + description: 'Retrieve a histogram of blocked Prisma Access Browser events for + data classification categories. ' - operationId: post-insights-v3.0-resource-query-user-monitored-user_count + operationId: post-insights-v3.0-resource-query-pab-data_events_blocked_histogram parameters: - description: 'Map the region for the tenant. @@ -4956,6 +5551,15 @@ paths: property: event_time values: - 5 + - operator: in + property: platform_type + values: + - prisma_access + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 With possible filters: value: filter: @@ -4965,102 +5569,22 @@ paths: values: - 5 - operator: in - property: platform_type - values: - - prisma_access - - ngfw - - operator: in - property: user_connection_method - values: - - monitored - - operator: in - property: device_connection_method - values: - - monitored - - operator: in - property: username + property: transformed_user_name values: - john.doe - operator: in - property: device_name - values: - - DHCP - - operator: in - property: client_agent_version - values: - - 10.2.3 - - operator: in - property: client_os_version - values: - - Windows 10 - - operator: in - property: source_city - values: - - San Jose - - operator: in - property: source_country - values: - - USA - - operator: in - property: client_public_address - values: - - 1.1.1.1 - - operator: in - property: usergroups - values: - - admins - - operator: in - property: edge_location_display_name - values: - - US West - - operator: gt - property: experience_score - values: - - 70 - - operator: gt - property: device_score - values: - - 80 - - operator: gt - property: lan_score - values: - - 60 - - operator: gt - property: wifi_score - values: - - 70 - - operator: gt - property: pa_score - values: - - 80 - - operator: gt - property: internet_score - values: - - 50 - - operator: eq - property: device_self_serve_status - values: - - true - - operator: in - property: device_isp_name - values: - - Verizon - - operator: in - property: instance_name - values: - - PA-VM - - operator: in - property: project_name - values: - - Project Alpha - - operator: in - property: location_group_name + property: platform_type values: - - HQ + - prisma_access - operator: in - property: domain_name + property: app values: - - example.com + - Zoom + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 schema: properties: filter: @@ -5068,109 +5592,26 @@ paths: rules: items: properties: - client_agent_version: - description: Version of the client agent. - example: 10.2.3 - type: string - client_os_version: - description: Version of the client OS. - example: Windows 10 - type: string - client_public_address: - description: Public IP address of the client. - example: 1.1.1.1 - type: string - device_connection_method: - description: Device connection method. - example: monitored - type: string - device_isp_name: - description: Name of the ISP. - example: Verizon - type: string - device_name_source: - description: Source of the device name. - example: DHCP - type: string - device_score: - description: Device score. - example: 90 - type: number - device_self_serve_status: - description: Indicates if self-serve user is enabled. - example: true - type: boolean - domain_name: - description: Name of the application domain. - example: example.com - type: string - edge_location_display_name: - description: Prisma Access location name. - example: US West + app: + description: Application name. + example: Zoom type: string event_time: description: Time of the event. example: 5 type: number - experience_score: - description: Experience score. - example: 80 - type: number - instance_name: - description: Name of the firewall. - example: PA-VM - type: string - internet_score: - description: Internet score. - example: 70 - type: number - lan_score: - description: LAN score. - example: 75 - type: number - location_group_name: - description: Name of the location group. - example: HQ - type: string - pa_score: - description: Prisma Access score. - example: 95 - type: number platform_type: - description: Type of platform. + description: Platform type. example: prisma_access type: string - project_name: - description: Name of the project. - example: Project Alpha - type: string - source_city: - description: Name of the source city. - example: San Jose - type: string - source_country: - description: Name of the source country. - example: USA - type: string - user_connection_method: - description: User connection method. - example: monitored - type: string - usergroups: - description: User groups. - example: admins - type: string - username: + transformed_user_name: description: Username. example: john.doe type: string - wifi_score: - description: WiFi score. - example: 85 - type: number type: object required: - event_time + - platform_type type: array type: object type: object @@ -5181,9 +5622,13 @@ paths: application/json: schema: properties: - user_count: - description: Count of users. - example: 100 + event_time: + description: Event time + example: 1709226000000 + type: number + pab_event_count: + description: PAB event count + example: 10 type: integer type: object description: OK @@ -5197,15 +5642,16 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Monitored User Data + summary: Blocked Data Events Histogram Data tags: - - Monitored Users API - /insights/v3.0/resource/query/user/monitored/user_count_histogram: + - Application API + /insights/v3.0/resource/query/pab/data_events_breakdown: post: - description: 'Retrieve a histogram of monitored user data. + description: 'Retrieve a breakdown of Prisma Access Browser events by type and + data classification categories. ' - operationId: post-insights-v3.0-resource-query-user-monitored-user_count_histogram + operationId: post-insights-v3.0-resource-query-pab-data_events_breakdown parameters: - description: 'Map the region for the tenant. @@ -5231,19 +5677,6 @@ paths: application/json: examples: With mandatory filters: - value: - filter: - rules: - - operator: last_n_hours - property: event_time - values: - - 5 - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 - With possible filters: value: filter: rules: @@ -5255,104 +5688,27 @@ paths: property: platform_type values: - prisma_access - - ngfw - - operator: in - property: user_connection_method - values: - - monitored - - operator: in - property: device_connection_method + With possible filters: + value: + filter: + rules: + - operator: last_n_hours + property: event_time values: - - monitored + - 5 - operator: in - property: username + property: transformed_user_name values: - john.doe - operator: in - property: device_name - values: - - DHCP - - operator: in - property: client_agent_version - values: - - 1.0.0 - - operator: in - property: client_os_version - values: - - Windows 10 - - operator: in - property: source_city - values: - - San Jose - - operator: in - property: source_country - values: - - USA - - operator: in - property: user_source_ip_address - values: - - 203.0.113.45 - - operator: in - property: usergroups - values: - - admins - - operator: in - property: edge_location_display_name - values: - - US West - - operator: gt - property: experience_score - values: - - 70 - - operator: gt - property: device_score - values: - - 70 - - operator: gt - property: lan_score - values: - - 70 - - operator: gt - property: wifi_score - values: - - 70 - - operator: gt - property: pa_score - values: - - 70 - - operator: gt - property: internet_score - values: - - 70 - - operator: eq - property: device_self_serve_status - values: - - true - - operator: in - property: device_isp_name - values: - - Comcast - - operator: in - property: instance_name - values: - - PA-VM - - operator: in - property: project_name - values: - - Project Alpha - - operator: in - property: location_group_name + property: platform_type values: - - US Locations + - prisma_access - operator: in - property: domain_name + property: app values: - - example.com - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 + - Zoom + - Slack schema: properties: filter: @@ -5360,109 +5716,26 @@ paths: rules: items: properties: - client_agent_version: - description: Version of the client agent. - example: 1.0.0 - type: string - client_os_version: - description: Version of the client OS. - example: Windows 10 - type: string - device_connection_method: - description: Device connection method. - example: monitored - type: string - device_isp_name: - description: Name of the ISP. - example: Comcast - type: string - device_name: - description: Source of the device name. - example: DHCP - type: string - device_score: - description: Device score. - example: 85 - type: number - device_self_serve_status: - description: Indicates if self-serve user is enabled. - example: true - type: boolean - domain_name: - description: Name of the application domain. - example: example.com - type: string - edge_location_display_name: - description: Prisma Access location name. - example: US West + app: + description: Application name. + example: Zoom type: string event_time: description: Time of the event. example: 5 type: number - experience_score: - description: User experience score. - example: 90 - type: number - instance_name: - description: Name of the firewall. - example: PA-VM - type: string - internet_score: - description: Internet score. - example: 70 - type: number - lan_score: - description: LAN score. - example: 95 - type: number - location_group_name: - description: Name of the location group. - example: US Locations - type: string - pa_score: - description: Prisma Access score. - example: 75 - type: number platform_type: - description: Type of platform. + description: Platform type. example: prisma_access type: string - project_name: - description: Name of the project. - example: Project Alpha - type: string - source_city: - description: Name of the source city. - example: San Jose - type: string - source_country: - description: Name of the source country. - example: USA - type: string - user_connection_method: - description: User connection method. - example: monitored - type: string - user_source_ip_address: - description: Public address of the client. - example: 203.0.113.45 - type: string - usergroups: - description: User groups. - example: admins - type: string - username: + transformed_user_name: description: Username. example: john.doe type: string - wifi_score: - description: WiFi score. - example: 80 - type: number type: object required: - event_time + - platform_type type: array type: object type: object @@ -5473,14 +5746,14 @@ paths: application/json: schema: properties: - event_time: - description: Event time - example: 1709226000000 - type: number - user_count: - description: Count of users + pab_event_count: + description: PAB event count example: 10 type: integer + type: + description: Type of event + example: File Open + type: string type: object description: OK '400': @@ -5493,15 +5766,16 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Monitored User Histogram Data + summary: Data Events Breakdown tags: - - Monitored Users API - /insights/v3.0/resource/query/users/agent/client_version_distribution: + - Application API + /insights/v3.0/resource/query/pab/data_events_breakdown_blocked: post: - description: 'Retrieve the distribution of agent client versions. + description: 'Retrieve a breakdown of blocked Prisma Access Browser events by + type and data classification categories. ' - operationId: post-insights-v3.0-resource-query-users-agent-client_version_distribution + operationId: post-insights-v3.0-resource-query-pab-data_events_breakdown_blocked parameters: - description: 'Map the region for the tenant. @@ -5535,9 +5809,9 @@ paths: values: - 5 - operator: in - property: client_agent_type + property: platform_type values: - - traped + - prisma_access With possible filters: value: filter: @@ -5547,74 +5821,18 @@ paths: values: - 5 - operator: in - property: client_agent_type + property: transformed_user_name values: - - traped + - john.doe - operator: in property: platform_type values: - prisma_access - ngfw - operator: in - property: username - values: - - john.doe - - operator: in - property: device_name_source - values: - - DHCP - - operator: in - property: client_agent_version - values: - - 7.1.2 - - operator: in - property: client_os_version - values: - - 10.15.7 - - operator: in - property: source_city_name - values: - - San Jose - - operator: in - property: source_country_name + property: app values: - - US - - operator: in - property: client_public_address - values: - - 203.0.113.45 - - operator: in - property: pa_location_name - values: - - US West - - operator: in - property: usergroups - values: - - Employees - - operator: in - property: self_serve_user_enabled - values: - - true - - operator: in - property: isp_name - values: - - Verizon - - operator: in - property: fw_name - values: - - FW-1 - - operator: in - property: project_name - values: - - Project-A - - operator: in - property: location_group_name - values: - - Location-Group-1 - - operator: in - property: app_domain_name - values: - - google.com + - gmail schema: properties: filter: @@ -5622,82 +5840,26 @@ paths: rules: items: properties: - app_domain_name: - description: Name of the application domain. - example: google.com - type: string - client_agent_type: - description: Type of the client agent. - example: traped - type: string - client_agent_version: - description: Version of the client agent. - example: 7.1.2 - type: string - client_os_version: - description: Version of the client OS. - example: 10.15.7 - type: string - client_public_address: - description: Public IP address of the client. - example: 203.0.113.45 - type: string - device_name_source: - description: Source of the device name. - example: DHCP + app: + description: Application name. + example: gmail type: string event_time: description: Time of the event. example: 5 type: number - fw_name: - description: Name of the firewall. - example: FW-1 - type: string - isp_name: - description: Name of the ISP. - example: Verizon - type: string - location_group_name: - description: Name of the location group. - example: Location-Group-1 - type: string - pa_location_name: - description: Name of the Prisma Access location. - example: US West - type: string platform_type: - description: Type of platform. + description: Platform type. example: prisma_access type: string - project_name: - description: Name of the project. - example: Project-A - type: string - self_serve_user_enabled: - description: Is self serve user enabled. - example: true - type: boolean - source_city_name: - description: Name of the source city. - example: San Jose - type: string - source_country_name: - description: Name of the source country. - example: US - type: string - usergroups: - description: User groups. - example: Employees - type: string - username: + transformed_user_name: description: Username. - example: john.doe + example: test_user type: string type: object required: - event_time - - client_agent_type + - platform_type type: array type: object type: object @@ -5708,14 +5870,14 @@ paths: application/json: schema: properties: - client_agent_version: - description: Version of the client agent. - example: 7.1.2 - type: string - num_devices: - description: Number of devices using this client agent version. + pab_event_count: + description: PAB event count example: 10 type: integer + type: + description: Type of event + example: File Open + type: string type: object description: OK '400': @@ -5728,15 +5890,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Agent Client Version Distribution + summary: Blocked Data Events Breakdown tags: - - Agent Users API - /insights/v3.0/resource/query/users/agent/connected_entity_count: + - Application API + /insights/v3.0/resource/query/pab/data_events_breakdown_blocked_histogram: post: - description: 'Retrieve the number of connected entities based on specified filters. + description: 'Retrieve a histogram of blocked data events breakdown. ' - operationId: post-insights-v3.0-resource-query-users-agent-connected_entity_count + operationId: post-insights-v3.0-resource-query-pab-data_events_breakdown_blocked_histogram parameters: - description: 'Map the region for the tenant. @@ -5769,6 +5931,15 @@ paths: property: event_time values: - 5 + - operator: in + property: platform_type + values: + - prisma_access + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 With possible filters: value: filter: @@ -5778,67 +5949,22 @@ paths: values: - 5 - operator: in - property: platform_type - values: - - prisma_access - - ngfw - - operator: in - property: connect_method - values: - - AGENT - - AGENT_PROXY - - operator: in - property: application_name - values: - - zoom - - operator: in - property: experience_score - values: - - 90 - - operator: in - property: device_score - values: - - 90 - - operator: in - property: lan_score - values: - - 90 - - operator: in - property: wifi_score - values: - - 90 - - operator: in - property: pa_score - values: - - 90 - - operator: in - property: internet_score - values: - - 90 - - operator: in - property: rbi - values: - - enabled - - operator: in - property: edge_location_display_name - values: - - US West - - operator: in - property: instance_name - values: - - fw00 - - operator: in - property: source_city + property: transformed_user_name values: - - San Jose + - john.doe - operator: in - property: source_country + property: platform_type values: - - US + - prisma_access - operator: in - property: username + property: app values: - - john.doe + - Zoom + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 schema: properties: filter: @@ -5846,73 +5972,26 @@ paths: rules: items: properties: - application_name: + app: description: Application name. - example: zoom - type: string - connect_method: - description: Connection method. - example: AGENT - type: string - device_score: - description: Device score. - example: 90 - type: number - edge_location_display_name: - description: Prisma Access Location. - example: US West + example: Zoom type: string event_time: description: Time of the event. example: 5 type: number - experience_score: - description: Experience score. - example: 90 - type: number - instance_name: - description: Instance name. - example: fw00 - type: string - internet_score: - description: Internet score. - example: 90 - type: number - lan_score: - description: LAN score. - example: 90 - type: number - pa_score: - description: PA score. - example: 90 - type: number platform_type: - description: Type of platform. + description: Platform type. example: prisma_access type: string - rbi: - description: RBI status. - example: enabled - type: string - source_city: - description: City from GeoIP. - example: San Jose + transformed_user_name: + description: User name. + example: john.doe type: string - source_country: - description: Country from GeoIP. - example: US - type: string - username: - description: Source user name. - example: john.doe - type: string - wifi_score: - description: WiFi score. - example: 90 - type: number type: object required: - event_time + - platform_type type: array type: object type: object @@ -5923,9 +6002,13 @@ paths: application/json: schema: properties: - user_count: - description: Count of connected entities. - example: 1034 + event_time: + description: Event time + example: 1709226000000 + type: number + pab_event_count: + description: PAB event count + example: 10 type: integer type: object description: OK @@ -5939,15 +6022,16 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Connected Entity Data + summary: Blocked Data Events Histogram tags: - - Agent Users API - /insights/v3.0/resource/query/users/agent/connected_user_count: + - Application API + /insights/v3.0/resource/query/pab/data_events_breakdown_histogram: post: - description: 'Retrieve the number of connected agent users. + description: 'Retrieve a histogram of data events breakdown by type and data + classification categories. ' - operationId: post-insights-v3.0-resource-query-users-agent-connected_user_count + operationId: post-insights-v3.0-resource-query-pab-data_events_breakdown_histogram parameters: - description: 'Map the region for the tenant. @@ -5980,6 +6064,15 @@ paths: property: event_time values: - 5 + - operator: in + property: platform_type + values: + - prisma_access + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 With possible filters: value: filter: @@ -5989,43 +6082,22 @@ paths: values: - 5 - operator: in - property: platform_type - values: - - prisma_access - - ngfw - - operator: in - property: connect_method - values: - - AGENT - - AGENT_PROXY - - operator: in - property: application_name - values: - - salesforce - - operator: in - property: edge_location_display_name - values: - - US West - - operator: in - property: fw_name - values: - - vmseries - - operator: in - property: source_country_name - values: - - US - - operator: in - property: source_city_name + property: transformed_user_name values: - - San Jose + - john.doe - operator: in - property: username + property: platform_type values: - - john.doe + - prisma_access - operator: in - property: domain_name + property: app values: - - salesforce.com + - Zoom + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 schema: properties: filter: @@ -6033,49 +6105,26 @@ paths: rules: items: properties: - application_name: - description: Name of the application. - example: salesforce - type: string - connect_method: - description: Method of connection. - example: AGENT - type: string - domain_name: - description: Application domain name. - example: salesforce.com - type: string - edge_location_display_name: - description: Name of the PA location. - example: US West + app: + description: Application name. + example: Zoom type: string event_time: description: Time of the event. example: 5 type: number - fw_name: - description: Name of the firewall. - example: vmseries - type: string platform_type: description: Type of platform. example: prisma_access type: string - source_city_name: - description: Name of the source city. - example: San Jose - type: string - source_country_name: - description: Name of the source country. - example: US - type: string - username: - description: Username. + transformed_user_name: + description: User name. example: john.doe type: string type: object required: - event_time + - platform_type type: array type: object type: object @@ -6086,9 +6135,13 @@ paths: application/json: schema: properties: - user_count: - description: Count of connected users. - example: 18669 + event_time: + description: Event time + example: 1709226000000 + type: number + pab_event_count: + description: PAB event count + example: 10 type: integer type: object description: OK @@ -6102,15 +6155,16 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Agent Connected Users Data + summary: Data Events Breakdown Histogram tags: - - Users API - /insights/v3.0/resource/query/users/agent/connected_user_count_histogram: + - Application API + /insights/v3.0/resource/query/pab/data_events_histogram: post: - description: 'Retrieve a histogram of connected user data without filters. + description: 'Retrieve a histogram of data events by type and data classification + categories. ' - operationId: post-insights-v3.0-resource-query-users-agent-connected_user_count_histogram + operationId: post-insights-v3.0-resource-query-pab-data_events_histogram parameters: - description: 'Map the region for the tenant. @@ -6143,6 +6197,10 @@ paths: property: event_time values: - 5 + - operator: in + property: platform_type + values: + - prisma_access histogram: enableEmptyInterval: true property: event_time @@ -6157,98 +6215,17 @@ paths: values: - 5 - operator: in - property: platform_type - values: - - prisma_access - - ngfw - - operator: in - property: username + property: transformed_user_name values: - john.doe - operator: in - property: device_name - values: - - Johns-MacBook-Pro - - operator: in - property: client_agent_version - values: - - 10.0.0 - - operator: in - property: client_os_version - values: - - 10.15.7 - - operator: in - property: source_city - values: - - San Jose - - operator: in - property: source_country - values: - - US - - operator: in - property: user_source_ip_address - values: - - 203.0.113.45 - - operator: in - property: usergroups - values: - - Domain Users - - operator: in - property: application_name - values: - - Zoom - - operator: in - property: edge_location_display_name - values: - - US West - - operator: in - property: experience_score - values: - - 80 - - operator: in - property: device_score - values: - - 90 - - operator: in - property: lan_score - values: - - 75 - - operator: in - property: wifi_score - values: - - 85 - - operator: in - property: pa_score - values: - - 95 - - operator: in - property: internet_score - values: - - 70 - - operator: in - property: self_serve_user_enabled - values: - - true - - operator: in - property: device_isp_name - values: - - Verizon - - operator: in - property: fw_name - values: - - PA-VM - - operator: in - property: project_name - values: - - Project-Alpha - - operator: in - property: location_group_name + property: platform_type values: - - HQ-Location + - prisma_access - operator: in - property: domain_name + property: app values: - - zoom.us + - box histogram: enableEmptyInterval: true property: event_time @@ -6261,105 +6238,26 @@ paths: rules: items: properties: - application_name: - description: Name of the application. - example: Zoom - type: string - client_agent_version: - description: Version of the client agent. - example: 10.0.0 + app: + description: Application name. + example: box type: string - client_os_version: - description: Version of the client OS. - example: 10.15.7 + event_time: + description: Time of the event. + example: 5 + type: number + platform_type: + description: Type of platform. + example: prisma_access type: string - device_isp_name: - description: Name of the ISP. - example: Verizon - type: string - device_name: - description: Name of the device. - example: Johns-MacBook-Pro - type: string - device_score: - description: Device score. - example: 90 - type: number - domain_name: - description: Name of the application domain. - example: zoom.us - type: string - edge_location_display_name: - description: Prisma Access location name. - example: US West - type: string - event_time: - description: Time of the event. - example: 5 - type: number - experience_score: - description: Experience score. - example: 80 - type: number - fw_name: - description: Name of the firewall. - example: PA-VM - type: string - internet_score: - description: Internet score. - example: 70 - type: number - lan_score: - description: LAN score. - example: 75 - type: number - location_group_name: - description: Name of the location group. - example: HQ-Location - type: string - pa_score: - description: PA score. - example: 95 - type: number - platform_type: - description: Type of platform. - example: prisma_access - type: string - project_name: - description: Name of the project. - example: Project-Alpha - type: string - self_serve_user_enabled: - description: Indicates if self-serve user is enabled. - example: true - type: boolean - source_city: - description: Name of the source city. - example: San Jose - type: string - source_country: - description: Name of the source country. - example: US - type: string - user_source_ip_address: - description: Public IP address of the client. - example: 203.0.113.45 - type: string - usergroups: - description: User groups. - example: Domain Users - type: string - username: + transformed_user_name: description: Username. example: john.doe type: string - wifi_score: - description: WiFi score. - example: 85 - type: number type: object required: - event_time + - platform_type type: array type: object type: object @@ -6370,21 +6268,13 @@ paths: application/json: schema: properties: - count_high: - description: Number of users with high experience score - example: 4406 - type: integer - count_low: - description: Number of users with low experience score - example: 3412 - type: integer event_time: description: Event time example: 1709226000000 type: number - user_count: - description: Number of users - example: 4761 + pab_event_count: + description: PAB event count + example: 10 type: integer type: object description: OK @@ -6398,21 +6288,19 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Connected User Histogram Data + summary: Data Events Histogram tags: - - Agent Users API - /insights/v3.0/resource/query/users/agent/connected_user_device_count_histogram: + - Application API + /insights/v3.0/resource/query/sites/bandwidth_consumption_histogram: post: - description: 'Retrieve a histogram of connected user device data without filters. + description: 'Retrieve histogram data on bandwidth consumption. ' - operationId: post-insights-v3.0-resource-query-users-agent-connected_user_device_count_histogram + operationId: post-insights-v3.0-resource-query-sites-bandwidth_consumption_histogram parameters: - - description: 'Map the region for the tenant. - - ' + - description: CDL Region in: header - name: X-PANW-Region + name: PANW-Region required: true schema: example: americas @@ -6453,98 +6341,40 @@ paths: values: - 5 - operator: in - property: platform_type - values: - - prisma_access - - ngfw - - operator: in - property: username - values: - - john.doe - - operator: in - property: device_name - values: - - device1 - - operator: in - property: client_agent_version - values: - - 1.0.0 - - operator: in - property: client_os_version - values: - - Windows 10 - - operator: in - property: source_city_name - values: - - San Jose - - operator: in - property: source_country_name - values: - - US - - operator: in - property: user_source_ip_address - values: - - 1.1.1.1 - - operator: in - property: usergroups - values: - - group1 - - operator: in - property: application_name + property: site_state values: - - app1 + - 1 + - 2 + - 3 + - 4 - operator: in property: edge_location_display_name values: - US West - operator: in - property: experience_score - values: - - 5 - - operator: in - property: device_score - values: - - 5 - - operator: in - property: lan_score - values: - - 5 - - operator: in - property: wifi_score - values: - - 5 - - operator: in - property: pa_score - values: - - 5 - - operator: in - property: internet_score - values: - - 5 - - operator: in - property: self_serve_user_enabled - values: - - true - - operator: in - property: isp_name + property: site_name values: - - Verizon + - Remote-Conn1 - operator: in - property: fw_name + property: node_type values: - - fw1 + - 48 + - 157 - operator: in - property: project_name + property: instance_state values: - - project1 + - 0 + - 1 + - 2 - operator: in - property: location_group_name + property: aggregate_region_display_name values: - - location_group1 + - US West - operator: in - property: domain_name + property: transport_type values: - - zoom.us + - IPSEC + - GRE histogram: enableEmptyInterval: true property: event_time @@ -6557,102 +6387,34 @@ paths: rules: items: properties: - application_name: - description: Name of the application. - example: app1 - type: string - client_agent_version: - description: Version of the client agent. - example: 1.0.0 - type: string - client_os_version: - description: Version of the client OS. - example: Windows 10 - type: string - device_name: - description: Name of the device. - example: device1 - type: string - device_score: - description: Device score. - example: 5 - type: number - device_self_serve_status: - description: Self serve user enabled. - example: true - type: boolean - domain_name: - description: Application domain name. - example: zoom.us + aggregate_region_display_name: + description: Compute Location + example: US West type: string edge_location_display_name: - description: Name of the PA location. + description: Prisma Access Locations example: US West type: string event_time: description: Time of the event. example: 5 type: number - experience_score: - description: Experience score. - example: 5 + instance_state: + description: State of Instance + example: 0 type: number - fw_name: - description: Firewall name. - example: fw1 - type: string - internet_score: - description: Internet score. - example: 5 + node_type: + description: Type of node to which site is connected + example: 48 type: number - isp_name: - description: ISP name. - example: Verizon - type: string - lan_score: - description: LAN score. - example: 5 - type: number - location_group_name: - description: Location group name. - example: location_group1 - type: string - pa_score: - description: PA score. - example: 5 + site_state: + description: State of the site + example: 1 type: number - platform_type: - description: Type of platform. - example: prisma_access - type: string - project_name: - description: Project name. - example: project1 - type: string - source_city_name: - description: Name of the source city. - example: San Jose - type: string - source_country_name: - description: Name of the source country. - example: US - type: string - user_source_ip_address: - description: Public IP address of the client. - example: 1.1.1.1 - type: string - usergroups: - description: User groups. - example: group1 - type: string - username: - description: Username. - example: john.doe + transport_type: + description: Type of tunnel + example: IPSEC type: string - wifi_score: - description: Wifi score. - example: 5 - type: number type: object required: - event_time @@ -6666,14 +6428,40 @@ paths: application/json: schema: properties: - device_count: - description: Number of devices connected - example: 10 + avg_egress: + description: Average egress bandwidth consumed + example: 1000000.0 + format: float + type: number + avg_ingress: + description: Average ingress bandwidth consumed + example: 1000000.0 + format: float type: number event_time: description: Event time example: 1709226000000 type: number + median_egress: + description: Median egress bandwidth consumed + example: 1000000.0 + format: float + type: number + median_ingress: + description: Median ingress bandwidth consumed + example: 1000000.0 + format: float + type: number + peak_egress: + description: Peak egress bandwidth consumed + example: 1000000.0 + format: float + type: number + peak_ingress: + description: Peak ingress bandwidth consumed + example: 1000000.0 + format: float + type: number type: object description: OK '400': @@ -6686,21 +6474,19 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Connected User Device Histogram Data + summary: Bandwidth Consumption Histogram tags: - - Agent Users API - /insights/v3.0/resource/query/users/agent/current_connected_device_count: + - Sites API + /insights/v3.0/resource/query/sites/session_count: post: - description: 'Retrieve the current number of connected devices without filters. + description: 'Retrieve the number of sessions. ' - operationId: post-insights-v3.0-resource-query-users-agent-current_connected_device_count + operationId: post-insights-v3.0-resource-query-sites-session_count parameters: - - description: 'Map the region for the tenant. - - ' + - description: CDL Region in: header - name: X-PANW-Region + name: PANW-Region required: true schema: example: americas @@ -6719,115 +6505,18 @@ paths: content: application/json: examples: - With mandatory filters: - value: - filter: - rules: - - operator: last_n_hours - property: event_time - values: - - 5 With possible filters: value: filter: rules: - - operator: last_n_hours - property: event_time - values: - - 5 - - operator: in - property: platform_type - values: - - prisma_access - - ngfw - - operator: in - property: username - values: - - john.doe - - operator: in - property: device_name - values: - - device1 - - operator: in - property: client_agent_version - values: - - 1.0.0 - - operator: in - property: client_os_version - values: - - Windows 10 - - operator: in - property: source_city - values: - - San Jose - - operator: in - property: source_country - values: - - US - - operator: in - property: client_public_address - values: - - 1.1.1.1 - - operator: in - property: usergroups - values: - - group1 - - operator: in - property: application_name - values: - - app1 - - operator: in - property: edge_location_display_name - values: - - US West - - operator: in - property: experience_score - values: - - 50 - - operator: in - property: device_score - values: - - 50 - - operator: in - property: lan_score - values: - - 50 - - operator: in - property: wifi_score - values: - - 50 - - operator: in - property: pa_score - values: - - 50 - - operator: in - property: internet_score - values: - - 5 - - operator: in - property: device_self_serve_status - values: - - true - - operator: in - property: device_isp_name - values: - - Verizon - - operator: in - property: instance_name - values: - - fw1 - - operator: in - property: project_name - values: - - project1 - operator: in - property: location_group_name + property: node_type values: - - location_group1 + - 51 - operator: in - property: domain_name + property: site_name values: - - zoom.us + - Remote-Conn1 schema: properties: filter: @@ -6835,105 +6524,15 @@ paths: rules: items: properties: - application_name: - description: Name of the application. - example: app1 - type: string - client_agent_version: - description: Version of the client agent. - example: 1.0.0 - type: string - client_os_version: - description: Version of the client OS. - example: Windows 10 - type: string - client_public_address: - description: Public IP address of the client. - example: 1.1.1.1 - type: string - device_isp_name: - description: ISP name. - example: Verizon - type: string - device_name: - description: Name of the device. - example: device1 - type: string - device_score: - description: Device score. - example: 50 + node_type: + description: Type of the node + example: 51 type: number - device_self_serve_status: - description: Self serve user enabled. - example: true - type: boolean - domain_name: - description: Application domain name. - example: zoom.us - type: string - edge_location_display_name: - description: Name of the PA location. - example: US West + site_name: + description: Site name + example: Remote-Conn1 type: string - event_time: - description: Time of the event. - example: 5 - type: number - experience_score: - description: Experience score. - example: 50 - type: number - instance_name: - description: Firewall name. - example: fw1 - type: string - internet_score: - description: Internet score. - example: 50 - type: number - lan_score: - description: LAN score. - example: 50 - type: number - location_group_name: - description: Location group name. - example: location_group1 - type: string - pa_score: - description: PA score. - example: 50 - type: number - platform_type: - description: Platform type. - example: prisma_access - type: string - project_name: - description: Project name. - example: project1 - type: string - source_city: - description: Name of the source city. - example: San Jose - type: string - source_country: - description: Name of the source country. - example: US - type: string - usergroups: - description: User groups. - example: group1 - type: string - username: - description: Username. - example: john.doe - type: string - wifi_score: - description: Wifi score. - example: 50 - type: number type: object - required: - - event_time type: array type: object type: object @@ -6944,10 +6543,14 @@ paths: application/json: schema: properties: - device_count: - description: Number of connected devices. + active_max_sessions: + description: Maximum number of active sessions example: 10 - type: integer + type: number + active_sessions: + description: Number of active sessions + example: 5 + type: number type: object description: OK '400': @@ -6960,21 +6563,100 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Current Connected Device Data + summary: Retrieve Session Data tags: - - Agent Users API - /insights/v3.0/resource/query/users/agent/current_connected_user_count: + - Sites API + /insights/v3.0/resource/query/sites/site_count: post: - description: 'Retrieve the current number of connected users without filters. + description: 'Retrieve the number of sites. ' - operationId: post-insights-v3.0-resource-query-users-agent-current_connected_user_count + operationId: post-insights-v3.0-resource-query-sites-site_count parameters: - - description: 'Map the region for the tenant. + - description: CDL Region + in: header + name: PANW-Region + required: true + schema: + example: americas + type: string + - description: 'Use a unique Prisma-Tenant identifier for precise tenant management + and resource allocation within single or multi-tenant architectures. ' in: header - name: X-PANW-Region + name: Prisma-Tenant + required: false + schema: + example: 12345678:12345679 + type: string + requestBody: + content: + application/json: + examples: + With possible filters: + value: + filter: + rules: + - operator: in + property: node_type + values: + - 48 + schema: + properties: + filter: + properties: + rules: + items: + properties: + node_type: + description: Type of the node + example: 48 + type: number + type: object + type: array + type: object + type: object + required: true + responses: + '200': + content: + application/json: + schema: + properties: + node_type: + description: node type + example: 48 + type: number + site_count: + description: Site Count + example: 10 + type: number + type: object + description: OK + '400': + description: Resource property is not valid + '403': + description: Permission Denied + '404': + description: Resource not found + '500': + description: Failed to process request + security: + - Bearer: [] + summary: Retrieve Site Data + tags: + - Sites API + /insights/v3.0/resource/query/sites/site_location_search_contains: + post: + description: 'Retrieve location search data for sites. + + ' + operationId: post-insights-v3.0-resource-query-sites-site_location_search_contains + parameters: + - description: CDL Region + in: header + name: PANW-Region required: true schema: example: americas @@ -6993,15 +6675,86 @@ paths: content: application/json: examples: - With mandatory filters: + With possible filters: value: filter: rules: - - operator: last_n_hours - property: event_time + - operator: equals + property: location values: - - 5 - With possible filters: + - United States, Ashburn + schema: + properties: + filter: + properties: + rules: + items: + properties: + location: + description: Location of the site + example: United States, Ashburn + type: string + type: object + type: array + type: object + type: object + required: true + responses: + '200': + content: + application/json: + schema: + items: + properties: + location: + description: Site Location + example: United States, Ashburn + type: string + type: object + type: array + description: OK + '400': + description: Resource property is not valid + '403': + description: Permission Denied + '404': + description: Resource not found + '500': + description: Failed to process request + security: + - Bearer: [] + summary: Site Location Search + tags: + - Sites API + /insights/v3.0/resource/query/sites/site_traffic: + post: + description: 'Retrieve detailed information on site traffic. + + ' + operationId: post-insights-v3.0-resource-query-sites-site_traffic + parameters: + - description: CDL Region + in: header + name: PANW-Region + required: true + schema: + example: americas + type: string + - description: 'Use a unique Prisma-Tenant identifier for precise tenant management + and resource allocation within single or multi-tenant architectures. + + ' + in: header + name: Prisma-Tenant + required: false + schema: + example: 12345678:12345679 + type: string + requestBody: + content: + application/json: + examples: + api with all possible filters: value: filter: rules: @@ -7010,98 +6763,51 @@ paths: values: - 5 - operator: in - property: platform_type + property: node_type values: - - prisma_access - - ngfw + - 48 - operator: in - property: username + property: edge_location_display_name values: - - john.doe + - us-west - operator: in - property: device_name + property: site_name values: - - device1 + - Remote-Conn1 - operator: in - property: client_agent_version + property: site_state values: - - 1.0.0 + - 1 + - 2 + - 3 + - 4 - operator: in - property: client_os_version - values: - - Windows 10 - - operator: in - property: source_city - values: - - San Jose - - operator: in - property: source_country - values: - - US - - operator: in - property: client_public_address - values: - - 1.1.1.1 - - operator: in - property: usergroups - values: - - group1 - - operator: in - property: application_name - values: - - app1 - - operator: in - property: edge_location_display_name - values: - - US West - - operator: in - property: experience_score - values: - - 50 - - operator: in - property: device_score - values: - - 50 - - operator: in - property: lan_score - values: - - 50 - - operator: in - property: wifi_score - values: - - 50 - - operator: in - property: pa_score - values: - - 50 - - operator: in - property: internet_score - values: - - 50 - - operator: in - property: device_self_serve_status - values: - - true - - operator: in - property: device_isp_name + property: spn_name values: - - Verizon + - SPN1 - operator: in - property: instance_name + property: instance_state values: - - fw1 + - 0 + - 1 + - 2 - operator: in - property: project_name + property: compute_location values: - - project1 + - us-east - operator: in - property: location_group_name + property: transport_type values: - - location_group1 - - operator: in - property: domain_name + - IPSEC + - GRE + api with required filters: + value: + filter: + rules: + - operator: last_n_hours + property: event_time values: - - zoom.us + - 5 schema: properties: filter: @@ -7109,102 +6815,42 @@ paths: rules: items: properties: - application_name: - description: Name of the application. - example: app1 - type: string - client_agent_version: - description: Version of the client agent. - example: 1.0.0 - type: string - client_os_version: - description: Version of the client OS. - example: Windows 10 - type: string - client_public_address: - description: Public IP address of the client. - example: 1.1.1.1 - type: string - device_isp_name: - description: ISP name. - example: Verizon - type: string - device_name: - description: Name of the device. - example: device1 - type: string - device_score: - description: Device score. - example: 50 - type: number - device_self_serve_status: - description: Self serve user enabled. - example: true - type: boolean - domain_name: - description: Application domain name. - example: zoom.us + compute_location: + description: Location of the device + example: US East type: string edge_location_display_name: - description: Name of the PA location. + description: Name of PA location example: US West type: string event_time: - description: Time of the event. + description: Time of the event example: 5 type: number - experience_score: - description: Experience score. - example: 50 - type: number - instance_name: - description: Firewall name. - example: fw1 - type: string - internet_score: - description: Internet score. - example: 50 + instance_state: + description: State of the instance + example: 0 type: number - lan_score: - description: LAN score. - example: 50 + node_type: + description: Type of the node + example: 48 type: number - location_group_name: - description: Location group name. - example: location_group1 + site_name: + description: Name of the site + example: Remote-Conn1 type: string - pa_score: - description: PA score. - example: 50 + site_state: + description: State of the site + example: 1 type: number - platform_type: - description: Platform type. - example: prisma_access - type: string - project_name: - description: Project name. - example: project1 - type: string - source_city: - description: Name of the source city. - example: San Jose - type: string - source_country: - description: Name of the source country. - example: US - type: string - usergroups: - description: User groups. - example: group1 + spn_name: + description: Name of the SPN + example: SPN1 type: string - username: - description: Username. - example: john.doe + transport_type: + description: Type of transport + example: IPSEC type: string - wifi_score: - description: Wifi score. - example: 50 - type: number type: object required: - event_time @@ -7218,10 +6864,36 @@ paths: application/json: schema: properties: - user_count: - description: Current connected user count. - example: 100 - type: integer + egress_bytes_pa_to_gcp: + description: Total Egress Bandwidth consumed from PA to GCP + example: 1000000.0 + format: float + type: number + egress_bytes_pa_to_internet: + description: Total Egress Bandwidth consumed from PA to Internet + example: 1000000.0 + format: float + type: number + egress_bytes_transferred: + description: Total Egress Bandwidth consumed + example: 1000000.0 + format: float + type: number + ingress_bytes_transferred: + description: Total Ingress Bandwidth consumed + example: 1000000.0 + format: float + type: number + pa_to_gcp_distr: + description: Percentage of traffic from PA to GCP + example: 1000000.0 + format: float + type: number + pa_to_internet_distr: + description: Percentage of traffic from PA to Internet + example: 1000000.0 + format: float + type: number type: object description: OK '400': @@ -7234,15 +6906,16 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Current Connected User Data + summary: Site Traffic Details tags: - - Agent Users API - /insights/v3.0/resource/query/users/agent/device_list: + - Sites API + /insights/v3.0/resource/query/user/monitored/user_count: post: - description: 'Retrieve a list of agent devices with non-ADEM score filters. + description: 'Retrieve the number of monitored users, with options for applying + filters. ' - operationId: post-insights-v3.0-resource-query-users-agent-device_list + operationId: post-insights-v3.0-resource-query-user-monitored-user_count parameters: - description: 'Map the region for the tenant. @@ -7288,6 +6961,14 @@ paths: values: - prisma_access - ngfw + - operator: in + property: user_connection_method + values: + - monitored + - operator: in + property: device_connection_method + values: + - monitored - operator: in property: username values: @@ -7295,11 +6976,11 @@ paths: - operator: in property: device_name values: - - device1 + - DHCP - operator: in property: client_agent_version values: - - 1.0.0 + - 10.2.3 - operator: in property: client_os_version values: @@ -7311,7 +6992,7 @@ paths: - operator: in property: source_country values: - - US + - USA - operator: in property: client_public_address values: @@ -7319,40 +7000,36 @@ paths: - operator: in property: usergroups values: - - group1 - - operator: in - property: application_name - values: - - app1 + - admins - operator: in property: edge_location_display_name values: - US West - - operator: in + - operator: gt property: experience_score values: - - 50 - - operator: in + - 70 + - operator: gt property: device_score values: - - 50 - - operator: in + - 80 + - operator: gt property: lan_score values: - - 50 - - operator: in + - 60 + - operator: gt property: wifi_score values: - - 50 - - operator: in + - 70 + - operator: gt property: pa_score values: - - 50 - - operator: in + - 80 + - operator: gt property: internet_score values: - - 5 - - operator: in + - 50 + - operator: eq property: device_self_serve_status values: - true @@ -7363,19 +7040,19 @@ paths: - operator: in property: instance_name values: - - fw1 + - PA-VM - operator: in property: project_name values: - - project1 + - Project Alpha - operator: in property: location_group_name values: - - location_group1 + - HQ - operator: in property: domain_name values: - - zoom.us + - example.com schema: properties: filter: @@ -7383,13 +7060,9 @@ paths: rules: items: properties: - application_name: - description: Name of the application. - example: app1 - type: string client_agent_version: description: Version of the client agent. - example: 1.0.0 + example: 10.2.3 type: string client_os_version: description: Version of the client OS. @@ -7399,28 +7072,32 @@ paths: description: Public IP address of the client. example: 1.1.1.1 type: string + device_connection_method: + description: Device connection method. + example: monitored + type: string device_isp_name: - description: ISP name. + description: Name of the ISP. example: Verizon type: string - device_name: - description: Name of the device. - example: device1 + device_name_source: + description: Source of the device name. + example: DHCP type: string device_score: description: Device score. - example: 50 + example: 90 type: number device_self_serve_status: - description: Self serve user enabled. + description: Indicates if self-serve user is enabled. example: true type: boolean domain_name: - description: Application domain name. - example: zoom.us + description: Name of the application domain. + example: example.com type: string edge_location_display_name: - description: Name of the PA location. + description: Prisma Access location name. example: US West type: string event_time: @@ -7429,35 +7106,35 @@ paths: type: number experience_score: description: Experience score. - example: 50 + example: 80 type: number instance_name: - description: Firewall name. - example: fw1 + description: Name of the firewall. + example: PA-VM type: string internet_score: description: Internet score. - example: 50 + example: 70 type: number lan_score: description: LAN score. - example: 50 + example: 75 type: number location_group_name: - description: Location group name. - example: location_group1 + description: Name of the location group. + example: HQ type: string pa_score: - description: PA score. - example: 50 + description: Prisma Access score. + example: 95 type: number platform_type: - description: Platform type. + description: Type of platform. example: prisma_access type: string project_name: - description: Project name. - example: project1 + description: Name of the project. + example: Project Alpha type: string source_city: description: Name of the source city. @@ -7465,19 +7142,23 @@ paths: type: string source_country: description: Name of the source country. - example: US + example: USA + type: string + user_connection_method: + description: User connection method. + example: monitored type: string usergroups: description: User groups. - example: group1 + example: admins type: string username: description: Username. example: john.doe type: string wifi_score: - description: Wifi score. - example: 50 + description: WiFi score. + example: 85 type: number type: object required: @@ -7492,136 +7173,10 @@ paths: application/json: schema: properties: - adem_username: - description: ADEM username. - example: adem_john.doe - type: string - client_agent_type: - description: Client agent type. - example: GP_AGENT - type: string - client_agent_version: - description: Client agent version. - example: 1.0.0 - type: string - connect_method: - description: Connection method. - example: Agent - type: string - device_agent_uuid: - description: Device agent UUID. - example: 5ac5-6edd-4d3d-xxxx-0000 - type: string - device_auth_type: - description: Device authentication type. - example: Cookie - type: string - device_client_private_address: - description: Device client private address. - example: 10.0.0.5 - type: string - device_isp_name: - description: Device ISP name. - example: Verizon - type: string - device_last_activity_timestamp_epoc_millis: - description: Device last activity timestamp epoch milliseconds. - example: 1678886400000 - type: integer - device_last_connected_pa_fw_location: - description: Device last connected PA firewall location. - example: US West - type: string - device_last_connected_source_city: - description: Device last connected source city. - example: San Jose - type: string - device_last_connected_source_country: - description: Device last connected source country. - example: USA - type: string - device_name: - description: Device name. - example: D-02Y50E3JH - type: string - device_os_version: - description: Device OS version. - example: Windows 10 - type: string - device_score_value: - description: Device score value. - example: 80 - type: number - device_self_serve_notifications_count_internet_connectivity: - description: Device self-serve notifications count for Internet - connectivity. - example: 1 - type: integer - device_self_serve_notifications_count_system_cpu: - description: Device self-serve notifications count for system - CPU. - example: 1 - type: integer - device_self_serve_notifications_count_system_cpu_memory: - description: Device self-serve notifications count for system - CPU and memory. - example: 1 - type: integer - device_self_serve_notifications_count_system_memory: - description: Device self-serve notifications count for system - memory. - example: 1 - type: integer - device_self_serve_notifications_count_total: - description: Total device self-serve notifications count. - example: 5 - type: integer - device_self_serve_notifications_count_wifi_connectivity: - description: Device self-serve notifications count for WiFi connectivity. - example: 1 - type: integer - device_self_serve_notifications_count_wifi_link_quality: - description: Device self-serve notifications count for WiFi link - quality. - example: 1 - type: integer - device_self_serve_notifications_count_wifi_ssid_change: - description: Device self-serve notifications count for WiFi SSID - change. - example: 1 + user_count: + description: Count of users. + example: 100 type: integer - device_self_serve_status: - description: Device self-serve status. - example: 'true' - type: string - device_source_ip_address: - description: Device source IP address. - example: 192.168.1.100 - type: string - experience_score_value: - description: Experience score value. - example: 75 - type: number - internet_score_value: - description: Internet score value. - example: 70 - type: number - lan_score_value: - description: LAN score value. - example: 85 - type: number - pa_score_value: - description: PA score value. - example: 95 - type: number - username: - description: Username. - example: john.doe - type: string - wifi_score_value: - description: WiFi score value. - example: 90 - type: number type: object description: OK '400': @@ -7634,15 +7189,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Agent Device List + summary: Monitored User Data tags: - - Agent Users API - /insights/v3.0/resource/query/users/agent/risky_user_count: + - Monitored Users API + /insights/v3.0/resource/query/user/monitored/user_count_histogram: post: - description: 'Retrieve the number of risky users. + description: 'Retrieve a histogram of monitored user data. ' - operationId: post-insights-v3.0-resource-query-users-agent-risky_user_count + operationId: post-insights-v3.0-resource-query-user-monitored-user_count_histogram parameters: - description: 'Map the region for the tenant. @@ -7675,6 +7230,11 @@ paths: property: event_time values: - 5 + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 With possible filters: value: filter: @@ -7688,21 +7248,210 @@ paths: values: - prisma_access - ngfw - schema: - properties: - filter: - properties: - rules: - items: - properties: - event_time: - description: Time of the event. - example: 5 - type: number - platform_type: + - operator: in + property: user_connection_method + values: + - monitored + - operator: in + property: device_connection_method + values: + - monitored + - operator: in + property: username + values: + - john.doe + - operator: in + property: device_name + values: + - DHCP + - operator: in + property: client_agent_version + values: + - 1.0.0 + - operator: in + property: client_os_version + values: + - Windows 10 + - operator: in + property: source_city + values: + - San Jose + - operator: in + property: source_country + values: + - USA + - operator: in + property: user_source_ip_address + values: + - 203.0.113.45 + - operator: in + property: usergroups + values: + - admins + - operator: in + property: edge_location_display_name + values: + - US West + - operator: gt + property: experience_score + values: + - 70 + - operator: gt + property: device_score + values: + - 70 + - operator: gt + property: lan_score + values: + - 70 + - operator: gt + property: wifi_score + values: + - 70 + - operator: gt + property: pa_score + values: + - 70 + - operator: gt + property: internet_score + values: + - 70 + - operator: eq + property: device_self_serve_status + values: + - true + - operator: in + property: device_isp_name + values: + - Comcast + - operator: in + property: instance_name + values: + - PA-VM + - operator: in + property: project_name + values: + - Project Alpha + - operator: in + property: location_group_name + values: + - US Locations + - operator: in + property: domain_name + values: + - example.com + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 + schema: + properties: + filter: + properties: + rules: + items: + properties: + client_agent_version: + description: Version of the client agent. + example: 1.0.0 + type: string + client_os_version: + description: Version of the client OS. + example: Windows 10 + type: string + device_connection_method: + description: Device connection method. + example: monitored + type: string + device_isp_name: + description: Name of the ISP. + example: Comcast + type: string + device_name: + description: Source of the device name. + example: DHCP + type: string + device_score: + description: Device score. + example: 85 + type: number + device_self_serve_status: + description: Indicates if self-serve user is enabled. + example: true + type: boolean + domain_name: + description: Name of the application domain. + example: example.com + type: string + edge_location_display_name: + description: Prisma Access location name. + example: US West + type: string + event_time: + description: Time of the event. + example: 5 + type: number + experience_score: + description: User experience score. + example: 90 + type: number + instance_name: + description: Name of the firewall. + example: PA-VM + type: string + internet_score: + description: Internet score. + example: 70 + type: number + lan_score: + description: LAN score. + example: 95 + type: number + location_group_name: + description: Name of the location group. + example: US Locations + type: string + pa_score: + description: Prisma Access score. + example: 75 + type: number + platform_type: description: Type of platform. example: prisma_access type: string + project_name: + description: Name of the project. + example: Project Alpha + type: string + source_city: + description: Name of the source city. + example: San Jose + type: string + source_country: + description: Name of the source country. + example: USA + type: string + user_connection_method: + description: User connection method. + example: monitored + type: string + user_source_ip_address: + description: Public address of the client. + example: 203.0.113.45 + type: string + usergroups: + description: User groups. + example: admins + type: string + username: + description: Username. + example: john.doe + type: string + wifi_score: + description: WiFi score. + example: 80 + type: number type: object required: - event_time @@ -7716,9 +7465,13 @@ paths: application/json: schema: properties: + event_time: + description: Event time + example: 1709226000000 + type: number user_count: - description: Count of risky users. - example: 17688 + description: Count of users + example: 10 type: integer type: object description: OK @@ -7732,15 +7485,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Risky User Data + summary: Monitored User Histogram Data tags: - - Agent Users API - /insights/v3.0/resource/query/users/agent/session_list: + - Monitored Users API + /insights/v3.0/resource/query/users/agent/client_version_distribution: post: - description: 'Retrieve a list of agent sessions. + description: 'Retrieve the distribution of agent client versions. ' - operationId: post-insights-v3.0-resource-query-users-agent-session_list + operationId: post-insights-v3.0-resource-query-users-agent-client_version_distribution parameters: - description: 'Map the region for the tenant. @@ -7774,9 +7527,9 @@ paths: values: - 5 - operator: in - property: username + property: client_agent_type values: - - john.doe + - traped With possible filters: value: filter: @@ -7785,6 +7538,10 @@ paths: property: event_time values: - 5 + - operator: in + property: client_agent_type + values: + - traped - operator: in property: platform_type values: @@ -7795,65 +7552,61 @@ paths: values: - john.doe - operator: in - property: pa_location_name + property: device_name_source values: - - US West + - DHCP - operator: in - property: fw_name + property: client_agent_version values: - - FW1 + - 7.1.2 - operator: in - property: source_country + property: client_os_version values: - - US + - 10.15.7 - operator: in - property: source_city + property: source_city_name values: - San Jose - operator: in - property: client_os_version - values: - - Windows 10 - - operator: in - property: client_agent_version + property: source_country_name values: - - 1.0.0 + - US - operator: in property: client_public_address values: - 203.0.113.45 - operator: in - property: device_name + property: pa_location_name values: - - DHCP + - US West - operator: in - property: auth_type + property: usergroups values: - - Kerberos + - Employees - operator: in - property: project_name + property: self_serve_user_enabled values: - - ProjectA + - true - operator: in - property: location_group_name + property: isp_name values: - - LocationGroup1 + - Verizon - operator: in - property: device_isp_name + property: fw_name values: - - Verizon + - FW-1 - operator: in - property: usergroups + property: project_name values: - - group1 + - Project-A - operator: in - property: domain_name + property: location_group_name values: - - example.com + - Location-Group-1 - operator: in - property: connection_method + property: app_domain_name values: - - AGENT + - google.com schema: properties: filter: @@ -7861,73 +7614,73 @@ paths: rules: items: properties: - auth_type: - description: Authentication Type. - example: Kerberos + app_domain_name: + description: Name of the application domain. + example: google.com + type: string + client_agent_type: + description: Type of the client agent. + example: traped type: string client_agent_version: - description: Client Agent Version. - example: 1.0.0 + description: Version of the client agent. + example: 7.1.2 type: string client_os_version: - description: Client OS Version. - example: Windows 10 + description: Version of the client OS. + example: 10.15.7 type: string client_public_address: - description: Client Public Address. + description: Public IP address of the client. example: 203.0.113.45 type: string - device.connection_method: - description: Device Connect Method. - example: AGENT - type: string - device_isp_name: - description: ISP Name. - example: Verizon - type: string - device_name: - description: Device Name. + device_name_source: + description: Source of the device name. example: DHCP type: string - domain_name: - description: Application Domain Name. - example: example.com - type: string event_time: description: Time of the event. example: 5 type: number fw_name: - description: Firewall Name. - example: FW1 + description: Name of the firewall. + example: FW-1 + type: string + isp_name: + description: Name of the ISP. + example: Verizon type: string location_group_name: - description: Location Group Name. - example: LocationGroup1 + description: Name of the location group. + example: Location-Group-1 type: string pa_location_name: - description: Prisma Access Location Name. + description: Name of the Prisma Access location. example: US West type: string platform_type: - description: Platform type. + description: Type of platform. example: prisma_access type: string project_name: - description: Project Name. - example: ProjectA + description: Name of the project. + example: Project-A type: string - source_city: - description: Source City Name. + self_serve_user_enabled: + description: Is self serve user enabled. + example: true + type: boolean + source_city_name: + description: Name of the source city. example: San Jose type: string - source_country: - description: Source Country Name. + source_country_name: + description: Name of the source country. example: US type: string usergroups: - description: User Groups. - example: group1,group2 + description: User groups. + example: Employees type: string username: description: Username. @@ -7936,7 +7689,7 @@ paths: type: object required: - event_time - - username + - client_agent_type type: array type: object type: object @@ -7947,78 +7700,14 @@ paths: application/json: schema: properties: - auth_type: - description: Authentication Type. - example: Kerberos - type: string - bh_compute_region: - description: BH Compute Region. - example: US East - type: string - bh_name: - description: BH Name. - example: BH1 - type: string client_agent_version: - description: Client Agent Version. - example: 1.0.0 - type: string - client_os_version: - description: Client OS Version. - example: Windows 10 - type: string - connected_pa_fw_location: - description: Connected PA Firewall Location. - example: US West - type: string - connected_source_city: - description: Connected Source City. - example: San Jose - type: string - connected_source_country: - description: Connected Source Country. - example: US - type: string - connection_state: - description: Connection State. - example: Connected - type: string - device_name: - description: Device Name. - example: DHCP - type: string - location_group_name: - description: Location Group Name. - example: LocationGroup1 - type: string - login_timestamp_epoc_millis: - description: Login Timestamp Epoch Millis. - example: 1678886400000 - type: integer - logout_timestamp_epoc_millis: - description: Logout Timestamp Epoch Millis. - example: 1678890000000 - type: integer - project_name: - description: Project Name. - example: ProjectA + description: Version of the client agent. + example: 7.1.2 type: string - session_duration_seconds: - description: Session Duration Seconds. - example: 3600 + num_devices: + description: Number of devices using this client agent version. + example: 10 type: integer - user_client_private_address: - description: User Client Private Address. - example: 192.168.1.100 - type: string - user_source_ip_address: - description: User Source IP Address. - example: 203.0.113.45 - type: string - username: - description: Username. - example: john.doe - type: string type: object description: OK '400': @@ -8031,15 +7720,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Agent Session List + summary: Agent Client Version Distribution tags: - Agent Users API - /insights/v3.0/resource/query/users/agent/unique_device_connections_list: + /insights/v3.0/resource/query/users/agent/connected_entity_count: post: - description: 'Retrieve a list of unique device connections with user details. + description: 'Retrieve the number of connected entities based on specified filters. ' - operationId: post-insights-v3.0-resource-query-users-agent-unique_device_connections_list + operationId: post-insights-v3.0-resource-query-users-agent-connected_entity_count parameters: - description: 'Map the region for the tenant. @@ -8072,10 +7761,6 @@ paths: property: event_time values: - 5 - - operator: in - property: username - values: - - john.doe With possible filters: value: filter: @@ -8090,45 +7775,62 @@ paths: - prisma_access - ngfw - operator: in - property: username + property: connect_method values: - - john.doe + - AGENT + - AGENT_PROXY - operator: in - property: edge_location_display_name + property: application_name values: - - US West + - zoom - operator: in - property: source_country_name + property: experience_score values: - - US + - 90 - operator: in - property: source_city_name + property: device_score values: - - San Jose + - 90 - operator: in - property: client_os_version + property: lan_score values: - - Windows 10 + - 90 - operator: in - property: client_gp_version + property: wifi_score values: - - 1.0.0 + - 90 - operator: in - property: user_source_ip_address + property: pa_score values: - - 203.0.113.45 + - 90 - operator: in - property: device_name + property: internet_score values: - - DHCP + - 90 - operator: in - property: auth_type + property: rbi values: - - Kerberos + - enabled - operator: in - property: project_name + property: edge_location_display_name values: - - ProjectA + - US West + - operator: in + property: instance_name + values: + - fw00 + - operator: in + property: source_city + values: + - San Jose + - operator: in + property: source_country + values: + - US + - operator: in + property: username + values: + - john.doe schema: properties: filter: @@ -8136,58 +7838,73 @@ paths: rules: items: properties: - auth_type: - description: Authentication Type. - example: Kerberos + application_name: + description: Application name. + example: zoom type: string - client_gp_version: - description: Client Agent Version. - example: 1.0.0 - type: string - client_os_version: - description: Client OS Version. - example: Windows 10 - type: string - device_name: - description: Device Name Source. - example: DHCP + connect_method: + description: Connection method. + example: AGENT type: string + device_score: + description: Device score. + example: 90 + type: number edge_location_display_name: - description: Prisma Access Location Name. + description: Prisma Access Location. example: US West type: string event_time: description: Time of the event. example: 5 type: number + experience_score: + description: Experience score. + example: 90 + type: number + instance_name: + description: Instance name. + example: fw00 + type: string + internet_score: + description: Internet score. + example: 90 + type: number + lan_score: + description: LAN score. + example: 90 + type: number + pa_score: + description: PA score. + example: 90 + type: number platform_type: - description: Platform type. + description: Type of platform. example: prisma_access type: string - project_name: - description: Project Name. - example: ProjectA + rbi: + description: RBI status. + example: enabled type: string - source_city_name: - description: Source City Name. + source_city: + description: City from GeoIP. example: San Jose type: string - source_country_name: - description: Source Country Name. + source_country: + description: Country from GeoIP. example: US type: string - user_source_ip_address: - description: Client Public Address. - example: 203.0.113.45 - type: string username: - description: Username. + description: Source user name. example: john.doe type: string + wifi_score: + description: WiFi score. + example: 90 + type: number type: object required: - event_time - - username type: array type: object type: object @@ -8198,78 +7915,10 @@ paths: application/json: schema: properties: - auth_type: - description: Authentication Type. - example: Kerberos - type: string - client_address: - description: Client Private Address. - example: 192.468.1.100 - type: string - client_address_v6: - description: Client Private Address. - example: 192.158.1.150 - type: string - client_gp_version: - description: Client Agent Version. - example: 1.0.0 - type: string - client_os_version: - description: Client OS Version. - example: Windows 10 - type: string - client_private_address: - description: Client Private Address. - example: 192.168.1.100 - type: string - client_private_address_v6: - description: Client Private Address. - example: 192.168.1.150 - type: string - device_name: - description: Device Name. - example: Laptop1 - type: string - last_connected_source_city: - description: Device Last Connected Source City. - example: San Jose - type: string - last_connected_source_country: - description: Device Last Connected Source Country. - example: US - type: string - last_pa_location: - description: Last PA Firewall Location. - example: US West - type: string - login_timestamp_epoc_millis: - description: Login Timestamp Epoch Millis. - example: 1678886400000 - type: integer - logout_timestamp_epoc_millis: - description: Logout Timestamp Epoch Millis. - example: 1678890000000 - type: integer - pa_location_count: - description: PA Location Count. - example: 1 - type: integer - project_name: - description: Project Name. - example: ProjectA - type: string - session_duration_seconds: - description: Session Duration in Seconds. - example: 3600 + user_count: + description: Count of connected entities. + example: 1034 type: integer - user_source_ip_address: - description: User Source IP Address. - example: 203.0.113.45 - type: string - username: - description: Username. - example: john.doe - type: string type: object description: OK '400': @@ -8282,15 +7931,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Unique Device Connections List + summary: Connected Entity Data tags: - Agent Users API - /insights/v3.0/resource/query/users/agent/user_list: + /insights/v3.0/resource/query/users/agent/connected_user_count: post: - description: 'Retrieve a list of agent users. + description: 'Retrieve the number of connected agent users. ' - operationId: post-insights-v3.0-resource-query-users-agent-user_list + operationId: post-insights-v3.0-resource-query-users-agent-connected_user_count parameters: - description: 'Map the region for the tenant. @@ -8337,105 +7986,38 @@ paths: - prisma_access - ngfw - operator: in - property: username - values: - - john.doe - - operator: in - property: device_name - values: - - device1 - - operator: in - property: agent_version - values: - - 1.0.0 - - operator: in - property: client_os_version - values: - - Windows 10 - - operator: in - property: source_city - values: - - San Jose - - operator: in - property: source_country - values: - - US - - operator: in - property: client_public_address - values: - - 1.1.1.1 - - operator: in - property: source_ip - values: - - 192.168.1.1 - - operator: in - property: usergroups + property: connect_method values: - - admin + - AGENT + - AGENT_PROXY - operator: in property: application_name values: - - Zoom + - salesforce - operator: in property: edge_location_display_name values: - US West - operator: in - property: experience_score_aggregate_value - values: - - 90 - - operator: in - property: device_score_aggregate_value - values: - - 80 - - operator: in - property: lan_score_aggregate_value - values: - - 70 - - operator: in - property: wifi_score_aggregate_value - values: - - 60 - - operator: in - property: pa_score_aggregate_value - values: - - 50 - - operator: in - property: internet_score_aggregate_value - values: - - 40 - - operator: in - property: device_self_serve_status - values: - - true - - operator: in - property: device_isp_name - values: - - Verizon - - operator: in - property: instance_name + property: fw_name values: - - FW1 + - vmseries - operator: in - property: instance_name + property: source_country_name values: - - instance1 + - US - operator: in - property: project_name + property: source_city_name values: - - project1 + - San Jose - operator: in - property: location_group_name + property: username values: - - location_group1 + - john.doe - operator: in property: domain_name values: - - zoom.us - - operator: in - property: agent_type - values: - - Agent + - salesforce.com schema: properties: filter: @@ -8443,106 +8025,46 @@ paths: rules: items: properties: - agent_type: - description: Client agent type. - example: Agent - type: string - agent_version: - description: Client agent version. - example: 1.0.0 - type: string application_name: - description: Application name. - example: Zoom - type: string - client_os_version: - description: Client OS version. - example: Windows 10 + description: Name of the application. + example: salesforce type: string - device_isp_name: - description: ISP name. - example: Verizon + connect_method: + description: Method of connection. + example: AGENT type: string - device_name: - description: Device name source. - example: device1 - type: string - device_score_aggregate_value: - description: Device score. - example: 80 - type: number - device_self_serve_status: - description: Self-serve user enabled. - example: true - type: boolean domain_name: description: Application domain name. - example: zoom.us + example: salesforce.com type: string edge_location_display_name: - description: Prisma Access location. + description: Name of the PA location. example: US West type: string event_time: description: Time of the event. example: 5 type: number - experience_score_aggregate_value: - description: Experience score. - example: 90 - type: number - instance_name: - description: Instance name. - example: instance1 - type: string - internet_score_aggregate_value: - description: Internet score. - example: 40 - type: number - lan_score_aggregate_value: - description: LAN score. - example: 70 - type: number - location_group_name: - description: Location group name. - example: location_group1 + fw_name: + description: Name of the firewall. + example: vmseries type: string - pa_score_aggregate_value: - description: PA score. - example: 50 - type: number platform_type: - description: Platform type. + description: Type of platform. example: prisma_access type: string - project_name: - description: Project name. - example: project1 - type: string - source_city: - description: Source city name. + source_city_name: + description: Name of the source city. example: San Jose type: string - source_country: - description: Source country name. + source_country_name: + description: Name of the source country. example: US type: string - source_ip: - description: Source IP address. - example: 192.168.1.1 - type: string - usergroups: - description: User groups. - example: admin - type: string username: description: Username. example: john.doe type: string - wifi_score_aggregate_value: - description: WiFi score. - example: 60 - type: number type: object required: - event_time @@ -8556,46 +8078,10 @@ paths: application/json: schema: properties: - accelerated: - description: Accelerated. - example: true - type: boolean - adem_username: - description: Adem Username. - example: john.doe@company.com - type: string - application_count: - description: Application count. - example: 5 - type: integer - device_count: - description: Device count. - example: 2 - type: integer - last_activity_timestamp_epoc_millis: - description: Last activity timestamp epoch millis. - example: 1678886400000 - type: integer - location_group_name: - description: Location group name. - example: location_group1 - type: string - project_name: - description: Project name. - example: project1 - type: string - threat_count: - description: Threat count. - example: 714 - type: integer - total_bytes: - description: Total bytes. - example: 179246404 + user_count: + description: Count of connected users. + example: 18669 type: integer - username: - description: Username. - example: john.doe - type: string type: object description: OK '400': @@ -8608,15 +8094,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Agent User List + summary: Agent Connected Users Data tags: - - Agent Users API - /insights/v3.0/resource/query/users/agentless/active_user_count: + - Users API + /insights/v3.0/resource/query/users/agent/connected_user_count_histogram: post: - description: 'Retrieve the number of active users without requiring an agent. + description: 'Retrieve a histogram of connected user data without filters. ' - operationId: post-insights-v3.0-resource-query-users-agentless-active_user_count + operationId: post-insights-v3.0-resource-query-users-agent-connected_user_count_histogram parameters: - description: 'Map the region for the tenant. @@ -8649,10 +8135,11 @@ paths: property: event_time values: - 5 - - operator: in - property: node_type - values: - - 153 + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 With possible filters: value: filter: @@ -8662,13 +8149,26 @@ paths: values: - 5 - operator: in - property: source_user + property: platform_type + values: + - prisma_access + - ngfw + - operator: in + property: username values: - john.doe - operator: in - property: edge_location_display_name + property: device_name values: - - US West + - Johns-MacBook-Pro + - operator: in + property: client_agent_version + values: + - 10.0.0 + - operator: in + property: client_os_version + values: + - 10.15.7 - operator: in property: source_city values: @@ -8678,14 +8178,74 @@ paths: values: - US - operator: in - property: node_type + property: user_source_ip_address values: - - 153 + - 203.0.113.45 - operator: in - property: platform_type + property: usergroups values: - - prisma_access - - ngfw + - Domain Users + - operator: in + property: application_name + values: + - Zoom + - operator: in + property: edge_location_display_name + values: + - US West + - operator: in + property: experience_score + values: + - 80 + - operator: in + property: device_score + values: + - 90 + - operator: in + property: lan_score + values: + - 75 + - operator: in + property: wifi_score + values: + - 85 + - operator: in + property: pa_score + values: + - 95 + - operator: in + property: internet_score + values: + - 70 + - operator: in + property: self_serve_user_enabled + values: + - true + - operator: in + property: device_isp_name + values: + - Verizon + - operator: in + property: fw_name + values: + - PA-VM + - operator: in + property: project_name + values: + - Project-Alpha + - operator: in + property: location_group_name + values: + - HQ-Location + - operator: in + property: domain_name + values: + - zoom.us + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 schema: properties: filter: @@ -8693,38 +8253,105 @@ paths: rules: items: properties: + application_name: + description: Name of the application. + example: Zoom + type: string + client_agent_version: + description: Version of the client agent. + example: 10.0.0 + type: string + client_os_version: + description: Version of the client OS. + example: 10.15.7 + type: string + device_isp_name: + description: Name of the ISP. + example: Verizon + type: string + device_name: + description: Name of the device. + example: Johns-MacBook-Pro + type: string + device_score: + description: Device score. + example: 90 + type: number + domain_name: + description: Name of the application domain. + example: zoom.us + type: string edge_location_display_name: - description: Prisma Access Location. + description: Prisma Access location name. example: US West type: string event_time: description: Time of the event. example: 5 type: number - node_type: - description: Type of node. - example: 153 + experience_score: + description: Experience score. + example: 80 type: number - platform_type: - description: Platform type. + fw_name: + description: Name of the firewall. + example: PA-VM + type: string + internet_score: + description: Internet score. + example: 70 + type: number + lan_score: + description: LAN score. + example: 75 + type: number + location_group_name: + description: Name of the location group. + example: HQ-Location + type: string + pa_score: + description: PA score. + example: 95 + type: number + platform_type: + description: Type of platform. example: prisma_access type: string + project_name: + description: Name of the project. + example: Project-Alpha + type: string + self_serve_user_enabled: + description: Indicates if self-serve user is enabled. + example: true + type: boolean source_city: - description: City from GeoIP. + description: Name of the source city. example: San Jose type: string source_country: - description: Country from GeoIP. + description: Name of the source country. example: US type: string - source_user: + user_source_ip_address: + description: Public IP address of the client. + example: 203.0.113.45 + type: string + usergroups: + description: User groups. + example: Domain Users + type: string + username: description: Username. example: john.doe type: string + wifi_score: + description: WiFi score. + example: 85 + type: number type: object required: - event_time - - node_type type: array type: object type: object @@ -8735,9 +8362,21 @@ paths: application/json: schema: properties: + count_high: + description: Number of users with high experience score + example: 4406 + type: integer + count_low: + description: Number of users with low experience score + example: 3412 + type: integer + event_time: + description: Event time + example: 1709226000000 + type: number user_count: - description: Count of active users. - example: 10 + description: Number of users + example: 4761 type: integer type: object description: OK @@ -8751,15 +8390,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Agentless Active User Data + summary: Connected User Histogram Data tags: - - Agentless Users API - /insights/v3.0/resource/query/users/agentless/active_user_list: + - Agent Users API + /insights/v3.0/resource/query/users/agent/connected_user_device_count_histogram: post: - description: 'Retrieve a list of internal users without requiring an agent. + description: 'Retrieve a histogram of connected user device data without filters. ' - operationId: post-insights-v3.0-resource-query-users-agentless-active_user_list + operationId: post-insights-v3.0-resource-query-users-agent-connected_user_device_count_histogram parameters: - description: 'Map the region for the tenant. @@ -8792,10 +8431,11 @@ paths: property: event_time values: - 5 - - operator: in - property: node_type - values: - - 153 + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 With possible filters: value: filter: @@ -8804,31 +8444,104 @@ paths: property: event_time values: - 5 + - operator: in + property: platform_type + values: + - prisma_access + - ngfw - operator: in property: username values: - - achalla1kerbuser@dss-qa.com + - john.doe - operator: in - property: edge_location_display_name + property: device_name values: - - US West + - device1 - operator: in - property: source_city + property: client_agent_version + values: + - 1.0.0 + - operator: in + property: client_os_version + values: + - Windows 10 + - operator: in + property: source_city_name values: - San Jose - operator: in - property: source_country + property: source_country_name values: - US - operator: in - property: node_type + property: user_source_ip_address values: - - 153 + - 1.1.1.1 - operator: in - property: platform_type + property: usergroups values: - - prisma_access - - ngfw + - group1 + - operator: in + property: application_name + values: + - app1 + - operator: in + property: edge_location_display_name + values: + - US West + - operator: in + property: experience_score + values: + - 5 + - operator: in + property: device_score + values: + - 5 + - operator: in + property: lan_score + values: + - 5 + - operator: in + property: wifi_score + values: + - 5 + - operator: in + property: pa_score + values: + - 5 + - operator: in + property: internet_score + values: + - 5 + - operator: in + property: self_serve_user_enabled + values: + - true + - operator: in + property: isp_name + values: + - Verizon + - operator: in + property: fw_name + values: + - fw1 + - operator: in + property: project_name + values: + - project1 + - operator: in + property: location_group_name + values: + - location_group1 + - operator: in + property: domain_name + values: + - zoom.us + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 schema: properties: filter: @@ -8836,38 +8549,105 @@ paths: rules: items: properties: + application_name: + description: Name of the application. + example: app1 + type: string + client_agent_version: + description: Version of the client agent. + example: 1.0.0 + type: string + client_os_version: + description: Version of the client OS. + example: Windows 10 + type: string + device_name: + description: Name of the device. + example: device1 + type: string + device_score: + description: Device score. + example: 5 + type: number + device_self_serve_status: + description: Self serve user enabled. + example: true + type: boolean + domain_name: + description: Application domain name. + example: zoom.us + type: string edge_location_display_name: - description: Prisma Access Location. + description: Name of the PA location. example: US West type: string event_time: description: Time of the event. example: 5 type: number - node_type: - description: Type of node. - example: 153 + experience_score: + description: Experience score. + example: 5 + type: number + fw_name: + description: Firewall name. + example: fw1 + type: string + internet_score: + description: Internet score. + example: 5 + type: number + isp_name: + description: ISP name. + example: Verizon + type: string + lan_score: + description: LAN score. + example: 5 + type: number + location_group_name: + description: Location group name. + example: location_group1 + type: string + pa_score: + description: PA score. + example: 5 type: number platform_type: - description: Platform type. + description: Type of platform. example: prisma_access type: string - source_city: - description: City from GeoIP. + project_name: + description: Project name. + example: project1 + type: string + source_city_name: + description: Name of the source city. example: San Jose type: string - source_country: - description: Country from GeoIP. + source_country_name: + description: Name of the source country. example: US type: string - username: - description: Username. - example: achalla1kerbuser@dss-qa.com - type: string - type: object + user_source_ip_address: + description: Public IP address of the client. + example: 1.1.1.1 + type: string + usergroups: + description: User groups. + example: group1 + type: string + username: + description: Username. + example: john.doe + type: string + wifi_score: + description: Wifi score. + example: 5 + type: number + type: object required: - event_time - - node_type type: array type: object type: object @@ -8878,42 +8658,14 @@ paths: application/json: schema: properties: - browser_name: - description: Browser name. - example: Chrome - type: string - last_activity_epoc_time_millis: - description: Last activity epoch time in milliseconds. - example: 1678886400000 - type: integer - last_activity_time: - description: Last activity time. - example: '2023-03-15T00:00:00Z' - type: string - os_family: - description: OS family. - example: Windows - type: string - pa_fw_location: - description: PA Firewall location. - example: US West - type: string - source_city: - description: Source city. - example: San Francisco - type: string - source_country: - description: Source country. - example: USA - type: string - user_source_ip: - description: User source IP address. - example: 192.168.1.1 - type: string - username: - description: Username. - example: john.doe - type: string + device_count: + description: Number of devices connected + example: 10 + type: number + event_time: + description: Event time + example: 1709226000000 + type: number type: object description: OK '400': @@ -8926,15 +8678,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Agentless Internal User List + summary: Connected User Device Histogram Data tags: - - Agentless Users API - /insights/v3.0/resource/query/users/agentless/connected_user_count: + - Agent Users API + /insights/v3.0/resource/query/users/agent/current_connected_device_count: post: - description: 'Retrieve the number of connected agentless proxy users. + description: 'Retrieve the current number of connected devices without filters. ' - operationId: post-insights-v3.0-resource-query-users-agentless-connected_user_count + operationId: post-insights-v3.0-resource-query-users-agent-current_connected_device_count parameters: - description: 'Map the region for the tenant. @@ -8981,37 +8733,93 @@ paths: - prisma_access - ngfw - operator: in - property: connection_method + property: username values: - - AGENTLESS + - john.doe + - operator: in + property: device_name + values: + - device1 + - operator: in + property: client_agent_version + values: + - 1.0.0 + - operator: in + property: client_os_version + values: + - Windows 10 + - operator: in + property: source_city + values: + - San Jose + - operator: in + property: source_country + values: + - US + - operator: in + property: client_public_address + values: + - 1.1.1.1 + - operator: in + property: usergroups + values: + - group1 - operator: in property: application_name values: - - salesforce + - app1 - operator: in property: edge_location_display_name values: - US West - operator: in - property: fw_name + property: experience_score values: - - vmseries + - 50 - operator: in - property: source_country_name + property: device_score values: - - US + - 50 - operator: in - property: source_city_name + property: lan_score values: - - San Jose + - 50 - operator: in - property: username + property: wifi_score values: - - john.doe + - 50 + - operator: in + property: pa_score + values: + - 50 + - operator: in + property: internet_score + values: + - 5 + - operator: in + property: device_self_serve_status + values: + - true + - operator: in + property: device_isp_name + values: + - Verizon + - operator: in + property: instance_name + values: + - fw1 + - operator: in + property: project_name + values: + - project1 + - operator: in + property: location_group_name + values: + - location_group1 - operator: in property: domain_name values: - - salesforce.com + - zoom.us schema: properties: filter: @@ -9020,19 +8828,43 @@ paths: items: properties: application_name: - description: Application name. - example: zoom + description: Name of the application. + example: app1 type: string - connection_method: - description: Connection method used by the user. - example: AGENTLESS + client_agent_version: + description: Version of the client agent. + example: 1.0.0 + type: string + client_os_version: + description: Version of the client OS. + example: Windows 10 + type: string + client_public_address: + description: Public IP address of the client. + example: 1.1.1.1 + type: string + device_isp_name: + description: ISP name. + example: Verizon + type: string + device_name: + description: Name of the device. + example: device1 type: string device_score: description: Device score. - example: 3 + example: 50 type: number + device_self_serve_status: + description: Self serve user enabled. + example: true + type: boolean + domain_name: + description: Application domain name. + example: zoom.us + type: string edge_location_display_name: - description: Prisma Access Location. + description: Name of the PA location. example: US West type: string event_time: @@ -9040,44 +8872,56 @@ paths: example: 5 type: number experience_score: - description: User experience score. - example: 4 + description: Experience score. + example: 50 type: number - geoip_from_city_name: - description: City from GeoIP. - example: San Jose - type: string - geoip_from_country_name: - description: Country from GeoIP. - example: US - type: string instance_name: - description: Instance name. - example: instance1 + description: Firewall name. + example: fw1 type: string internet_score: description: Internet score. - example: 3 + example: 50 type: number lan_score: description: LAN score. - example: 5 + example: 50 type: number + location_group_name: + description: Location group name. + example: location_group1 + type: string pa_score: - description: Prisma Access score. - example: 5 + description: PA score. + example: 50 type: number platform_type: - description: Type of platform. + description: Platform type. example: prisma_access type: string - source_user_info_name: - description: Source user name. + project_name: + description: Project name. + example: project1 + type: string + source_city: + description: Name of the source city. + example: San Jose + type: string + source_country: + description: Name of the source country. + example: US + type: string + usergroups: + description: User groups. + example: group1 + type: string + username: + description: Username. example: john.doe type: string wifi_score: description: Wifi score. - example: 4 + example: 50 type: number type: object required: @@ -9092,9 +8936,9 @@ paths: application/json: schema: properties: - user_count: - description: Count of connected users. - example: 15669 + device_count: + description: Number of connected devices. + example: 10 type: integer type: object description: OK @@ -9108,16 +8952,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Agentless Connected User Data + summary: Current Connected Device Data tags: - - Users API - /insights/v3.0/resource/query/users/agentless/session_list: + - Agent Users API + /insights/v3.0/resource/query/users/agent/current_connected_user_count: post: - description: 'Retrieve a list of internal user sessions without requiring an - agent. + description: 'Retrieve the current number of connected users without filters. ' - operationId: post-insights-v3.0-resource-query-users-agentless-session_list + operationId: post-insights-v3.0-resource-query-users-agent-current_connected_user_count parameters: - description: 'Map the region for the tenant. @@ -9158,14 +9001,27 @@ paths: property: event_time values: - 5 + - operator: in + property: platform_type + values: + - prisma_access + - ngfw - operator: in property: username values: - john.doe - operator: in - property: edge_location_display_name + property: device_name values: - - US West + - device1 + - operator: in + property: client_agent_version + values: + - 1.0.0 + - operator: in + property: client_os_version + values: + - Windows 10 - operator: in property: source_city values: @@ -9175,10 +9031,69 @@ paths: values: - US - operator: in - property: platform_type + property: client_public_address values: - - prisma_access - - ngfw + - 1.1.1.1 + - operator: in + property: usergroups + values: + - group1 + - operator: in + property: application_name + values: + - app1 + - operator: in + property: edge_location_display_name + values: + - US West + - operator: in + property: experience_score + values: + - 50 + - operator: in + property: device_score + values: + - 50 + - operator: in + property: lan_score + values: + - 50 + - operator: in + property: wifi_score + values: + - 50 + - operator: in + property: pa_score + values: + - 50 + - operator: in + property: internet_score + values: + - 50 + - operator: in + property: device_self_serve_status + values: + - true + - operator: in + property: device_isp_name + values: + - Verizon + - operator: in + property: instance_name + values: + - fw1 + - operator: in + property: project_name + values: + - project1 + - operator: in + property: location_group_name + values: + - location_group1 + - operator: in + property: domain_name + values: + - zoom.us schema: properties: filter: @@ -9186,30 +9101,102 @@ paths: rules: items: properties: + application_name: + description: Name of the application. + example: app1 + type: string + client_agent_version: + description: Version of the client agent. + example: 1.0.0 + type: string + client_os_version: + description: Version of the client OS. + example: Windows 10 + type: string + client_public_address: + description: Public IP address of the client. + example: 1.1.1.1 + type: string + device_isp_name: + description: ISP name. + example: Verizon + type: string + device_name: + description: Name of the device. + example: device1 + type: string + device_score: + description: Device score. + example: 50 + type: number + device_self_serve_status: + description: Self serve user enabled. + example: true + type: boolean + domain_name: + description: Application domain name. + example: zoom.us + type: string edge_location_display_name: - description: Prisma Access Location. + description: Name of the PA location. example: US West type: string event_time: description: Time of the event. example: 5 type: number + experience_score: + description: Experience score. + example: 50 + type: number + instance_name: + description: Firewall name. + example: fw1 + type: string + internet_score: + description: Internet score. + example: 50 + type: number + lan_score: + description: LAN score. + example: 50 + type: number + location_group_name: + description: Location group name. + example: location_group1 + type: string + pa_score: + description: PA score. + example: 50 + type: number platform_type: description: Platform type. example: prisma_access type: string + project_name: + description: Project name. + example: project1 + type: string source_city: - description: City from GeoIP. + description: Name of the source city. example: San Jose type: string source_country: - description: Country from GeoIP. + description: Name of the source country. example: US type: string + usergroups: + description: User groups. + example: group1 + type: string username: description: Username. example: john.doe type: string + wifi_score: + description: Wifi score. + example: 50 + type: number type: object required: - event_time @@ -9223,36 +9210,10 @@ paths: application/json: schema: properties: - bytes_received: - description: Bytes received. - example: 2048.0 - format: float - type: number - bytes_sent: - description: Bytes sent. - example: 1024.0 - format: float - type: number - login_time: - description: Login time. - example: '2023-03-15T00:00:00Z' - type: string - pa_fw_location: - description: PA Firewall location. - example: US West - type: string - source_city: - description: Source city. - example: San Francisco - type: string - source_country: - description: Source country. - example: USA - type: string - user_source_ip: - description: User source IP address. - example: 192.168.1.1 - type: string + user_count: + description: Current connected user count. + example: 100 + type: integer type: object description: OK '400': @@ -9265,15 +9226,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Agentless Internal User Session List + summary: Current Connected User Data tags: - - Agentless Users API - /insights/v3.0/resource/query/users/agentless/user_count_histogram: + - Agent Users API + /insights/v3.0/resource/query/users/agent/device_list: post: - description: 'Retrieve a histogram of internal users without requiring an agent. + description: 'Retrieve a list of agent devices with non-ADEM score filters. ' - operationId: post-insights-v3.0-resource-query-users-agentless-user_count_histogram + operationId: post-insights-v3.0-resource-query-users-agent-device_list parameters: - description: 'Map the region for the tenant. @@ -9306,11 +9267,6 @@ paths: property: event_time values: - 5 - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 With possible filters: value: filter: @@ -9325,13 +9281,21 @@ paths: - prisma_access - ngfw - operator: in - property: source_user + property: username values: - - test@example.com + - john.doe - operator: in - property: edge_location_display_name + property: device_name values: - - US West + - device1 + - operator: in + property: client_agent_version + values: + - 1.0.0 + - operator: in + property: client_os_version + values: + - Windows 10 - operator: in property: source_city values: @@ -9340,523 +9304,70 @@ paths: property: source_country values: - US - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 - schema: - properties: - filter: - properties: - rules: - items: - properties: - edge_location_display_name: - description: Prisma Access Location. - example: US West - type: string - event_time: - description: Time of the event. - example: 5 - type: number - platform_type: - description: Type of platform. - example: prisma_access - type: string - source_city: - description: City from GeoIP. - example: San Jose - type: string - source_country: - description: Country from GeoIP. - example: US - type: string - source_user: - description: Source User. - example: test@example.com - type: string - type: object - required: - - event_time - type: array - type: object - type: object - required: true - responses: - '200': - content: - application/json: - schema: - properties: - event_time: - description: Event time. - example: 1678886400000 - type: number - user_count: - description: Count of users. - example: 1034 - type: integer - type: object - description: OK - '400': - description: Resource property is not valid - '403': - description: Permission Denied - '404': - description: Resource not found - '500': - description: Failed to process request - security: - - Bearer: [] - summary: Agentless Internal User Histogram - tags: - - Agentless Users API - /insights/v3.0/resource/query/users/branch/active_user_count: - post: - description: 'Retrieve the number of active branch users. - - ' - operationId: post-insights-v3.0-resource-query-users-branch-active_user_count - parameters: - - description: 'Map the region for the tenant. - - ' - in: header - name: X-PANW-Region - required: true - schema: - example: americas - type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' - in: header - name: Prisma-Tenant - required: false - schema: - example: 12345678:12345679 - type: string - requestBody: - content: - application/json: - examples: - With mandatory filters: - value: - filter: - rules: - - operator: last_n_hours - property: event_time - values: - - 5 - With possible filters: - value: - filter: - rules: - - operator: last_n_hours - property: event_time - values: - - 5 - - operator: in - property: platform_type - values: - - prisma_access - - ngfw - - operator: in - property: username - values: - - john.doe - schema: - properties: - filter: - properties: - rules: - items: - properties: - event_time: - description: Time of the event. - example: 5 - type: number - platform_type: - description: Type of platform. - example: prisma_access - type: string - username: - description: Username. - example: john.doe - type: string - type: object - required: - - event_time - type: array - type: object - type: object - required: true - responses: - '200': - content: - application/json: - schema: - properties: - user_count: - description: Count of active users. - example: 10045 - type: integer - type: object - description: OK - '400': - description: Resource property is not valid - '403': - description: Permission Denied - '404': - description: Resource not found - '500': - description: Failed to process request - security: - - Bearer: [] - summary: Active Branch User Data - tags: - - Branch User API - /insights/v3.0/resource/query/users/branch/active_user_list: - post: - description: 'Retrieve a list of active branch users. - - ' - operationId: post-insights-v3.0-resource-query-users-branch-active_user_list - parameters: - - description: 'Map the region for the tenant. - - ' - in: header - name: X-PANW-Region - required: true - schema: - example: americas - type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' - in: header - name: Prisma-Tenant - required: false - schema: - example: 12345678:12345679 - type: string - requestBody: - content: - application/json: - examples: - With mandatory filters: - value: - filter: - rules: - - operator: last_n_hours - property: event_time - values: - - 5 - With possible filters: - value: - filter: - rules: - - operator: last_n_hours - property: event_time - values: - - 5 - - operator: in - property: username - values: - - achalla1kerbuser - - operator: in - property: platform_type - values: - - prisma_access - - ngfw - schema: - properties: - filter: - properties: - rules: - items: - properties: - event_time: - description: Time of the event. - example: 5 - type: number - platform_type: - description: Platform type. - example: prisma_access - type: string - username: - description: Username. - example: achalla1kerbuser - type: string - type: object - required: - - event_time - type: array - type: object - type: object - required: true - responses: - '200': - content: - application/json: - schema: - properties: - last_activity_epoc_time_millis: - description: Last activity epoch time in milliseconds. - example: 1678886400000 - type: integer - pa_fw_location: - description: PA Firewall location. - example: US West - type: string - user_last_connected_source_city: - description: Source city. - example: San Francisco - type: string - user_last_connected_source_country: - description: Source country. - example: USA - type: string - user_source_ip: - description: User source IP address. - example: 192.168.1.1 - type: string - username: - description: Username. - example: john.doe - type: string - type: object - description: OK - '400': - description: Resource property is not valid - '403': - description: Permission Denied - '404': - description: Resource not found - '500': - description: Failed to process request - security: - - Bearer: [] - summary: Active Branch User List - tags: - - Branch User API - /insights/v3.0/resource/query/users/branch/connected_entity_count: - post: - description: 'Retrieve the number of connected entities for branch users. - - ' - operationId: post-insights-v3.0-resource-query-users-branch-connected_entity_count - parameters: - - description: 'Map the region for the tenant. - - ' - in: header - name: X-PANW-Region - required: true - schema: - example: americas - type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' - in: header - name: Prisma-Tenant - required: false - schema: - example: 12345678:12345679 - type: string - requestBody: - content: - application/json: - examples: - With mandatory filters: - value: - filter: - rules: - - operator: last_n_hours - property: event_time - values: - - 5 - With possible filters: - value: - filter: - rules: - - operator: last_n_hours - property: event_time - values: - - 5 - operator: in - property: platform_type + property: client_public_address values: - - prisma_access - - ngfw + - 1.1.1.1 - operator: in - property: username - values: - - john.doe - schema: - properties: - filter: - properties: - rules: - items: - properties: - event_time: - description: Time of the event. - example: 5 - type: number - platform_type: - description: Type of platform. - example: prisma_access - type: string - username: - description: Source user name. - example: john.doe - type: string - type: object - required: - - event_time - type: array - type: object - type: object - required: true - responses: - '200': - content: - application/json: - schema: - properties: - device_count: - description: Count of connected devices. - example: 104 - type: integer - user_count: - description: Count of connected users. - example: 1034 - type: integer - type: object - description: OK - '400': - description: Resource property is not valid - '403': - description: Permission Denied - '404': - description: Resource not found - '500': - description: Failed to process request - security: - - Bearer: [] - summary: Connected Entity Data for Branch Users - tags: - - Branch User API - /insights/v3.0/resource/query/users/branch/connected_user_count: - post: - description: 'Retrieve the number of branch connected users. - - ' - operationId: post-insights-v3.0-resource-query-users-branch-connected_user_count - parameters: - - description: 'Map the region for the tenant. - - ' - in: header - name: X-PANW-Region - required: true - schema: - example: americas - type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' - in: header - name: Prisma-Tenant - required: false - schema: - example: 12345678:12345679 - type: string - requestBody: - content: - application/json: - examples: - With mandatory filters: - value: - filter: - rules: - - operator: last_n_hours - property: event_time - values: - - 5 - With possible filters: - value: - filter: - rules: - - operator: last_n_hours - property: event_time + property: usergroups values: - - 5 + - group1 - operator: in - property: platform_type + property: application_name values: - - prisma_access - - ngfw + - app1 - operator: in - property: connection_method + property: edge_location_display_name values: - - BRANCH - - operator: gt + - US West + - operator: in property: experience_score values: - - 70 - - operator: gt + - 50 + - operator: in property: device_score values: - - 80 - - operator: gt + - 50 + - operator: in property: lan_score values: - - 60 - - operator: gt + - 50 + - operator: in property: wifi_score values: - - 70 - - operator: gt + - 50 + - operator: in property: pa_score values: - - 80 - - operator: gt + - 50 + - operator: in property: internet_score values: - - 50 + - 5 - operator: in - property: edge_location_display_name + property: device_self_serve_status values: - - US West + - true - operator: in - property: instance_name + property: device_isp_name values: - - fw00 + - Verizon - operator: in - property: source_country + property: instance_name values: - - US + - fw1 - operator: in - property: source_city + property: project_name values: - - San Jose + - project1 - operator: in - property: username + property: location_group_name values: - - john.doe + - location_group1 - operator: in property: domain_name values: - - salesforce.com + - zoom.us schema: properties: filter: @@ -9864,17 +9375,41 @@ paths: rules: items: properties: - connection_method: - description: Method of connection. - example: BRANCH + application_name: + description: Name of the application. + example: app1 + type: string + client_agent_version: + description: Version of the client agent. + example: 1.0.0 + type: string + client_os_version: + description: Version of the client OS. + example: Windows 10 + type: string + client_public_address: + description: Public IP address of the client. + example: 1.1.1.1 + type: string + device_isp_name: + description: ISP name. + example: Verizon + type: string + device_name: + description: Name of the device. + example: device1 type: string device_score: description: Device score. - example: 90 + example: 50 type: number + device_self_serve_status: + description: Self serve user enabled. + example: true + type: boolean domain_name: description: Application domain name. - example: salesforce.com + example: zoom.us type: string edge_location_display_name: description: Name of the PA location. @@ -9886,28 +9421,36 @@ paths: type: number experience_score: description: Experience score. - example: 80 + example: 50 type: number instance_name: - description: Name of the firewall. - example: fw00 + description: Firewall name. + example: fw1 type: string internet_score: description: Internet score. - example: 70 + example: 50 type: number lan_score: description: LAN score. - example: 75 + example: 50 type: number + location_group_name: + description: Location group name. + example: location_group1 + type: string pa_score: - description: Prisma Access score. - example: 95 + description: PA score. + example: 50 type: number platform_type: - description: Type of platform. + description: Platform type. example: prisma_access type: string + project_name: + description: Project name. + example: project1 + type: string source_city: description: Name of the source city. example: San Jose @@ -9916,13 +9459,17 @@ paths: description: Name of the source country. example: US type: string + usergroups: + description: User groups. + example: group1 + type: string username: description: Username. example: john.doe type: string wifi_score: - description: WiFi score. - example: 85 + description: Wifi score. + example: 50 type: number type: object required: @@ -9937,10 +9484,136 @@ paths: application/json: schema: properties: - user_count: - description: Count of users. - example: 19399 + adem_username: + description: ADEM username. + example: adem_john.doe + type: string + client_agent_type: + description: Client agent type. + example: GP_AGENT + type: string + client_agent_version: + description: Client agent version. + example: 1.0.0 + type: string + connect_method: + description: Connection method. + example: Agent + type: string + device_agent_uuid: + description: Device agent UUID. + example: 5ac5-6edd-4d3d-xxxx-0000 + type: string + device_auth_type: + description: Device authentication type. + example: Cookie + type: string + device_client_private_address: + description: Device client private address. + example: 10.0.0.5 + type: string + device_isp_name: + description: Device ISP name. + example: Verizon + type: string + device_last_activity_timestamp_epoc_millis: + description: Device last activity timestamp epoch milliseconds. + example: 1678886400000 + type: integer + device_last_connected_pa_fw_location: + description: Device last connected PA firewall location. + example: US West + type: string + device_last_connected_source_city: + description: Device last connected source city. + example: San Jose + type: string + device_last_connected_source_country: + description: Device last connected source country. + example: USA + type: string + device_name: + description: Device name. + example: D-02Y50E3JH + type: string + device_os_version: + description: Device OS version. + example: Windows 10 + type: string + device_score_value: + description: Device score value. + example: 80 + type: number + device_self_serve_notifications_count_internet_connectivity: + description: Device self-serve notifications count for Internet + connectivity. + example: 1 + type: integer + device_self_serve_notifications_count_system_cpu: + description: Device self-serve notifications count for system + CPU. + example: 1 + type: integer + device_self_serve_notifications_count_system_cpu_memory: + description: Device self-serve notifications count for system + CPU and memory. + example: 1 + type: integer + device_self_serve_notifications_count_system_memory: + description: Device self-serve notifications count for system + memory. + example: 1 + type: integer + device_self_serve_notifications_count_total: + description: Total device self-serve notifications count. + example: 5 type: integer + device_self_serve_notifications_count_wifi_connectivity: + description: Device self-serve notifications count for WiFi connectivity. + example: 1 + type: integer + device_self_serve_notifications_count_wifi_link_quality: + description: Device self-serve notifications count for WiFi link + quality. + example: 1 + type: integer + device_self_serve_notifications_count_wifi_ssid_change: + description: Device self-serve notifications count for WiFi SSID + change. + example: 1 + type: integer + device_self_serve_status: + description: Device self-serve status. + example: 'true' + type: string + device_source_ip_address: + description: Device source IP address. + example: 192.168.1.100 + type: string + experience_score_value: + description: Experience score value. + example: 75 + type: number + internet_score_value: + description: Internet score value. + example: 70 + type: number + lan_score_value: + description: LAN score value. + example: 85 + type: number + pa_score_value: + description: PA score value. + example: 95 + type: number + username: + description: Username. + example: john.doe + type: string + wifi_score_value: + description: WiFi score value. + example: 90 + type: number type: object description: OK '400': @@ -9953,15 +9626,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Branch Connected Users Data + summary: Agent Device List tags: - - Users API - /insights/v3.0/resource/query/users/branch/session_list: + - Agent Users API + /insights/v3.0/resource/query/users/agent/risky_user_count: post: - description: 'Retrieve a list of branch user sessions. + description: 'Retrieve the number of risky users. ' - operationId: post-insights-v3.0-resource-query-users-branch-session_list + operationId: post-insights-v3.0-resource-query-users-agent-risky_user_count parameters: - description: 'Map the region for the tenant. @@ -10002,10 +9675,6 @@ paths: property: event_time values: - 5 - - operator: in - property: username - values: - - john.doe - operator: in property: platform_type values: @@ -10023,13 +9692,9 @@ paths: example: 5 type: number platform_type: - description: Platform type. + description: Type of platform. example: prisma_access type: string - username: - description: Username. - example: john.doe - type: string type: object required: - event_time @@ -10043,40 +9708,10 @@ paths: application/json: schema: properties: - bytes_received: - description: Bytes received. - example: 2048.0 - format: float - type: number - bytes_sent: - description: Bytes sent. - example: 1024.0 - format: float - type: number - login_time: - description: Login time. - example: '2023-03-15T00:00:00Z' - type: string - pa_fw_location: - description: PA Firewall location. - example: US West - type: string - user_client_private_address: - description: User client IP address. - example: 192.165.0.1 - type: string - user_client_source_address: - description: User client IP address. - example: 192.168.1.1 - type: string - user_last_connected_source_city: - description: Source city. - example: San Francisco - type: string - user_last_connected_source_country: - description: Source country. - example: USA - type: string + user_count: + description: Count of risky users. + example: 17688 + type: integer type: object description: OK '400': @@ -10089,15 +9724,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Branch User Session List + summary: Risky User Data tags: - - Branch User API - /insights/v3.0/resource/query/users/branch/user_count_histogram: + - Agent Users API + /insights/v3.0/resource/query/users/agent/session_list: post: - description: 'Retrieve a histogram of branch user data. + description: 'Retrieve a list of agent sessions. ' - operationId: post-insights-v3.0-resource-query-users-branch-user_count_histogram + operationId: post-insights-v3.0-resource-query-users-agent-session_list parameters: - description: 'Map the region for the tenant. @@ -10130,11 +9765,10 @@ paths: property: event_time values: - 5 - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 + - operator: in + property: username + values: + - john.doe With possible filters: value: filter: @@ -10142,16 +9776,76 @@ paths: - operator: last_n_hours property: event_time values: - - 5 + - 5 + - operator: in + property: platform_type + values: + - prisma_access + - ngfw + - operator: in + property: username + values: + - john.doe + - operator: in + property: pa_location_name + values: + - US West + - operator: in + property: fw_name + values: + - FW1 + - operator: in + property: source_country + values: + - US + - operator: in + property: source_city + values: + - San Jose + - operator: in + property: client_os_version + values: + - Windows 10 + - operator: in + property: client_agent_version + values: + - 1.0.0 + - operator: in + property: client_public_address + values: + - 203.0.113.45 + - operator: in + property: device_name + values: + - DHCP + - operator: in + property: auth_type + values: + - Kerberos + - operator: in + property: project_name + values: + - ProjectA + - operator: in + property: location_group_name + values: + - LocationGroup1 - operator: in - property: platform_type + property: device_isp_name values: - - prisma_access - - ngfw + - Verizon - operator: in - property: username + property: usergroups values: - - john.doe + - group1 + - operator: in + property: domain_name + values: + - example.com + - operator: in + property: connection_method + values: + - AGENT schema: properties: filter: @@ -10159,14 +9853,74 @@ paths: rules: items: properties: + auth_type: + description: Authentication Type. + example: Kerberos + type: string + client_agent_version: + description: Client Agent Version. + example: 1.0.0 + type: string + client_os_version: + description: Client OS Version. + example: Windows 10 + type: string + client_public_address: + description: Client Public Address. + example: 203.0.113.45 + type: string + device.connection_method: + description: Device Connect Method. + example: AGENT + type: string + device_isp_name: + description: ISP Name. + example: Verizon + type: string + device_name: + description: Device Name. + example: DHCP + type: string + domain_name: + description: Application Domain Name. + example: example.com + type: string event_time: description: Time of the event. example: 5 type: number + fw_name: + description: Firewall Name. + example: FW1 + type: string + location_group_name: + description: Location Group Name. + example: LocationGroup1 + type: string + pa_location_name: + description: Prisma Access Location Name. + example: US West + type: string platform_type: description: Platform type. example: prisma_access type: string + project_name: + description: Project Name. + example: ProjectA + type: string + source_city: + description: Source City Name. + example: San Jose + type: string + source_country: + description: Source Country Name. + example: US + type: string + usergroups: + description: User Groups. + example: group1,group2 + type: string username: description: Username. example: john.doe @@ -10174,6 +9928,7 @@ paths: type: object required: - event_time + - username type: array type: object type: object @@ -10184,14 +9939,78 @@ paths: application/json: schema: properties: - event_time: - description: Event time - example: 1709226000000 - type: number - user_count: - description: Number of users - example: 1045 + auth_type: + description: Authentication Type. + example: Kerberos + type: string + bh_compute_region: + description: BH Compute Region. + example: US East + type: string + bh_name: + description: BH Name. + example: BH1 + type: string + client_agent_version: + description: Client Agent Version. + example: 1.0.0 + type: string + client_os_version: + description: Client OS Version. + example: Windows 10 + type: string + connected_pa_fw_location: + description: Connected PA Firewall Location. + example: US West + type: string + connected_source_city: + description: Connected Source City. + example: San Jose + type: string + connected_source_country: + description: Connected Source Country. + example: US + type: string + connection_state: + description: Connection State. + example: Connected + type: string + device_name: + description: Device Name. + example: DHCP + type: string + location_group_name: + description: Location Group Name. + example: LocationGroup1 + type: string + login_timestamp_epoc_millis: + description: Login Timestamp Epoch Millis. + example: 1678886400000 + type: integer + logout_timestamp_epoc_millis: + description: Logout Timestamp Epoch Millis. + example: 1678890000000 + type: integer + project_name: + description: Project Name. + example: ProjectA + type: string + session_duration_seconds: + description: Session Duration Seconds. + example: 3600 type: integer + user_client_private_address: + description: User Client Private Address. + example: 192.168.1.100 + type: string + user_source_ip_address: + description: User Source IP Address. + example: 203.0.113.45 + type: string + username: + description: Username. + example: john.doe + type: string type: object description: OK '400': @@ -10204,15 +10023,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Branch User Histogram Data + summary: Agent Session List tags: - - Branch User API - /insights/v3.0/resource/query/users/branch/user_list: + - Agent Users API + /insights/v3.0/resource/query/users/agent/unique_device_connections_list: post: - description: 'Retrieve a list of users, including details on devices and applications. + description: 'Retrieve a list of unique device connections with user details. ' - operationId: post-insights-v3.0-resource-query-users-branch-user_list + operationId: post-insights-v3.0-resource-query-users-agent-unique_device_connections_list parameters: - description: 'Map the region for the tenant. @@ -10245,6 +10064,10 @@ paths: property: event_time values: - 5 + - operator: in + property: username + values: + - john.doe With possible filters: value: filter: @@ -10263,29 +10086,41 @@ paths: values: - john.doe - operator: in - property: source_city + property: edge_location_display_name values: - - San Jose + - US West - operator: in - property: source_country + property: source_country_name values: - US - operator: in - property: app + property: source_city_name values: - - Zoom + - San Jose - operator: in - property: edge_location_display_name + property: client_os_version values: - - US West + - Windows 10 - operator: in - property: instance_name + property: client_gp_version values: - - instance1 + - 1.0.0 - operator: in property: user_source_ip_address values: - - 192.168.1.1 + - 203.0.113.45 + - operator: in + property: device_name + values: + - DHCP + - operator: in + property: auth_type + values: + - Kerberos + - operator: in + property: project_name + values: + - ProjectA schema: properties: filter: @@ -10293,37 +10128,49 @@ paths: rules: items: properties: - application_name: - description: Application name. - example: Zoom + auth_type: + description: Authentication Type. + example: Kerberos + type: string + client_gp_version: + description: Client Agent Version. + example: 1.0.0 + type: string + client_os_version: + description: Client OS Version. + example: Windows 10 + type: string + device_name: + description: Device Name Source. + example: DHCP type: string edge_location_display_name: - description: Prisma Access Location. + description: Prisma Access Location Name. example: US West type: string event_time: description: Time of the event. example: 5 type: number - instance_name: - description: Instance name. - example: instance1 - type: string platform_type: - description: Type of platform. + description: Platform type. example: prisma_access type: string - source_city: - description: City from GeoIP. + project_name: + description: Project Name. + example: ProjectA + type: string + source_city_name: + description: Source City Name. example: San Jose type: string - source_country: - description: Country from GeoIP. + source_country_name: + description: Source Country Name. example: US type: string user_source_ip_address: - description: Source IP address. - example: 192.168.1.1 + description: Client Public Address. + example: 203.0.113.45 type: string username: description: Username. @@ -10332,6 +10179,7 @@ paths: type: object required: - event_time + - username type: array type: object type: object @@ -10340,87 +10188,75 @@ paths: '200': content: application/json: - schema: - properties: - application_count: - description: Number of applications. - example: 5 - type: integer - device_auth_type: - description: Device authentication type. - example: certificate + schema: + properties: + auth_type: + description: Authentication Type. + example: Kerberos type: string - device_client_private_address: - description: Device client private address. - example: 10.0.0.200 + client_address: + description: Client Private Address. + example: 192.468.1.100 type: string - device_count: - description: Number of devices. - example: 2 - type: integer - device_last_activity_timestamp_epoc_millis: - description: Device last activity timestamp in epoch milliseconds. - example: 1678886500000 - type: integer - device_last_connected_pa_fw_location: - description: Device last connected PA FW location. - example: US East + client_address_v6: + description: Client Private Address. + example: 192.158.1.150 type: string - device_last_connected_source_city: - description: Device last connected source city. - example: New York + client_gp_version: + description: Client Agent Version. + example: 1.0.0 type: string - device_last_connected_source_country: - description: Device last connected source country. - example: USA + client_os_version: + description: Client OS Version. + example: Windows 10 type: string - device_name: - description: Device name. - example: device1 + client_private_address: + description: Client Private Address. + example: 192.168.1.100 type: string - device_os_version: - description: Device OS version. - example: iOS 15 + client_private_address_v6: + description: Client Private Address. + example: 192.168.1.150 type: string - device_source_ip_address: - description: Device source IP address. - example: 192.168.1.200 + device_name: + description: Device Name. + example: Laptop1 type: string - threat_count: - description: Number of threats. - example: 10 - type: integer - total_bytes: - description: Total bytes transferred. - example: 1000000 - type: integer - user_client_private_address: - description: User client private address. - example: 10.0.0.100 + last_connected_source_city: + description: Device Last Connected Source City. + example: San Jose type: string - user_client_source_address: - description: User client source address. - example: 192.168.1.100 + last_connected_source_country: + description: Device Last Connected Source Country. + example: US type: string - user_last_activity_timestamp_epoc_millis: - description: User last activity timestamp in epoch milliseconds. - example: 1678886400000 - type: integer - user_last_connected_pa_fw_location: - description: Last connected PA FW location. + last_pa_location: + description: Last PA Firewall Location. example: US West type: string - user_last_connected_source_city: - description: User last connected source city. - example: San Francisco - type: string - user_last_connected_source_country: - description: User last connected source country. - example: USA + login_timestamp_epoc_millis: + description: Login Timestamp Epoch Millis. + example: 1678886400000 + type: integer + logout_timestamp_epoc_millis: + description: Logout Timestamp Epoch Millis. + example: 1678890000000 + type: integer + pa_location_count: + description: PA Location Count. + example: 1 + type: integer + project_name: + description: Project Name. + example: ProjectA type: string - user_os_version: - description: User OS version. - example: Windows 10 + session_duration_seconds: + description: Session Duration in Seconds. + example: 3600 + type: integer + user_source_ip_address: + description: User Source IP Address. + example: 203.0.113.45 type: string username: description: Username. @@ -10438,15 +10274,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Branch User List + summary: Unique Device Connections List tags: - - Branch User API - /insights/v3.0/resource/query/users/eb/active_user_count: + - Agent Users API + /insights/v3.0/resource/query/users/agent/user_list: post: - description: 'Retrieve the number of active users. + description: 'Retrieve a list of agent users. ' - operationId: post-insights-v3.0-resource-query-users-eb-active_user_count + operationId: post-insights-v3.0-resource-query-users-agent-user_list parameters: - description: 'Map the region for the tenant. @@ -10492,14 +10328,106 @@ paths: values: - prisma_access - ngfw - - operator: in - property: device_connection_method - values: - - pab - operator: in property: username values: - john.doe + - operator: in + property: device_name + values: + - device1 + - operator: in + property: agent_version + values: + - 1.0.0 + - operator: in + property: client_os_version + values: + - Windows 10 + - operator: in + property: source_city + values: + - San Jose + - operator: in + property: source_country + values: + - US + - operator: in + property: client_public_address + values: + - 1.1.1.1 + - operator: in + property: source_ip + values: + - 192.168.1.1 + - operator: in + property: usergroups + values: + - admin + - operator: in + property: application_name + values: + - Zoom + - operator: in + property: edge_location_display_name + values: + - US West + - operator: in + property: experience_score_aggregate_value + values: + - 90 + - operator: in + property: device_score_aggregate_value + values: + - 80 + - operator: in + property: lan_score_aggregate_value + values: + - 70 + - operator: in + property: wifi_score_aggregate_value + values: + - 60 + - operator: in + property: pa_score_aggregate_value + values: + - 50 + - operator: in + property: internet_score_aggregate_value + values: + - 40 + - operator: in + property: device_self_serve_status + values: + - true + - operator: in + property: device_isp_name + values: + - Verizon + - operator: in + property: instance_name + values: + - FW1 + - operator: in + property: instance_name + values: + - instance1 + - operator: in + property: project_name + values: + - project1 + - operator: in + property: location_group_name + values: + - location_group1 + - operator: in + property: domain_name + values: + - zoom.us + - operator: in + property: agent_type + values: + - Agent schema: properties: filter: @@ -10507,22 +10435,106 @@ paths: rules: items: properties: - device_connection_method: - description: Method of connection. - example: pab + agent_type: + description: Client agent type. + example: Agent + type: string + agent_version: + description: Client agent version. + example: 1.0.0 + type: string + application_name: + description: Application name. + example: Zoom + type: string + client_os_version: + description: Client OS version. + example: Windows 10 + type: string + device_isp_name: + description: ISP name. + example: Verizon + type: string + device_name: + description: Device name source. + example: device1 + type: string + device_score_aggregate_value: + description: Device score. + example: 80 + type: number + device_self_serve_status: + description: Self-serve user enabled. + example: true + type: boolean + domain_name: + description: Application domain name. + example: zoom.us + type: string + edge_location_display_name: + description: Prisma Access location. + example: US West type: string event_time: description: Time of the event. example: 5 type: number + experience_score_aggregate_value: + description: Experience score. + example: 90 + type: number + instance_name: + description: Instance name. + example: instance1 + type: string + internet_score_aggregate_value: + description: Internet score. + example: 40 + type: number + lan_score_aggregate_value: + description: LAN score. + example: 70 + type: number + location_group_name: + description: Location group name. + example: location_group1 + type: string + pa_score_aggregate_value: + description: PA score. + example: 50 + type: number platform_type: - description: Type of platform. + description: Platform type. example: prisma_access type: string + project_name: + description: Project name. + example: project1 + type: string + source_city: + description: Source city name. + example: San Jose + type: string + source_country: + description: Source country name. + example: US + type: string + source_ip: + description: Source IP address. + example: 192.168.1.1 + type: string + usergroups: + description: User groups. + example: admin + type: string username: description: Username. example: john.doe type: string + wifi_score_aggregate_value: + description: WiFi score. + example: 60 + type: number type: object required: - event_time @@ -10536,10 +10548,46 @@ paths: application/json: schema: properties: - user_count: - description: Count of active users. - example: 100 + accelerated: + description: Accelerated. + example: true + type: boolean + adem_username: + description: Adem Username. + example: john.doe@company.com + type: string + application_count: + description: Application count. + example: 5 + type: integer + device_count: + description: Device count. + example: 2 + type: integer + last_activity_timestamp_epoc_millis: + description: Last activity timestamp epoch millis. + example: 1678886400000 + type: integer + location_group_name: + description: Location group name. + example: location_group1 + type: string + project_name: + description: Project name. + example: project1 + type: string + threat_count: + description: Threat count. + example: 714 + type: integer + total_bytes: + description: Total bytes. + example: 179246404 type: integer + username: + description: Username. + example: john.doe + type: string type: object description: OK '400': @@ -10552,15 +10600,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Active User Data + summary: Agent User List tags: - - Enterprise Browser Users API - /insights/v3.0/resource/query/users/eb/connected_user_count: + - Agent Users API + /insights/v3.0/resource/query/users/agentless/active_user_count: post: - description: 'Retrieve the number of users connected through Enterprise Browser. + description: 'Retrieve the number of active users without requiring an agent. ' - operationId: post-insights-v3.0-resource-query-users-eb-connected_user_count + operationId: post-insights-v3.0-resource-query-users-agentless-active_user_count parameters: - description: 'Map the region for the tenant. @@ -10593,6 +10641,10 @@ paths: property: event_time values: - 5 + - operator: in + property: node_type + values: + - 153 With possible filters: value: filter: @@ -10602,42 +10654,30 @@ paths: values: - 5 - operator: in - property: platform_type - values: - - prisma_access - - ngfw - - operator: in - property: connection_method - values: - - PAB - - operator: in - property: application_name + property: source_user values: - - salesforce + - john.doe - operator: in property: edge_location_display_name values: - US West - operator: in - property: instance_name + property: source_city values: - - fw00 + - San Jose - operator: in property: source_country values: - US - operator: in - property: source_city - values: - - San Jose - - operator: in - property: username + property: node_type values: - - john.doe + - 153 - operator: in - property: domain_name + property: platform_type values: - - salesforce.com + - prisma_access + - ngfw schema: properties: filter: @@ -10645,49 +10685,38 @@ paths: rules: items: properties: - application_name: - description: Name of the application. - example: salesforce - type: string - connection_method: - description: Method of connection. - example: PAB - type: string - domain_name: - description: Application domain name. - example: salesforce.com - type: string edge_location_display_name: - description: Name of the PA location. + description: Prisma Access Location. example: US West type: string event_time: description: Time of the event. example: 5 type: number - instance_name: - description: Name of the firewall. - example: fw00 - type: string + node_type: + description: Type of node. + example: 153 + type: number platform_type: - description: Type of platform. + description: Platform type. example: prisma_access type: string source_city: - description: Name of the source city. + description: City from GeoIP. example: San Jose type: string source_country: - description: Name of the source country. + description: Country from GeoIP. example: US type: string - username: + source_user: description: Username. example: john.doe type: string type: object required: - event_time + - node_type type: array type: object type: object @@ -10699,8 +10728,8 @@ paths: schema: properties: user_count: - description: Count of users. - example: 19399 + description: Count of active users. + example: 10 type: integer type: object description: OK @@ -10714,15 +10743,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Enterprise Browser Connected Users Data + summary: Agentless Active User Data tags: - - Users API - /insights/v3.0/resource/query/users/eb/user_count_histogram: + - Agentless Users API + /insights/v3.0/resource/query/users/agentless/active_user_list: post: - description: 'Retrieve a histogram of Enterprise Browser user data. + description: 'Retrieve a list of internal users without requiring an agent. ' - operationId: post-insights-v3.0-resource-query-users-eb-user_count_histogram + operationId: post-insights-v3.0-resource-query-users-agentless-active_user_list parameters: - description: 'Map the region for the tenant. @@ -10755,11 +10784,10 @@ paths: property: event_time values: - 5 - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 + - operator: in + property: node_type + values: + - 153 With possible filters: value: filter: @@ -10769,18 +10797,30 @@ paths: values: - 5 - operator: in - property: platform_type + property: username values: - - prisma_access - - ngfw + - achalla1kerbuser@dss-qa.com - operator: in - property: device_connection_method + property: edge_location_display_name values: - - pab + - US West - operator: in - property: username + property: source_city values: - - john.doe + - San Jose + - operator: in + property: source_country + values: + - US + - operator: in + property: node_type + values: + - 153 + - operator: in + property: platform_type + values: + - prisma_access + - ngfw schema: properties: filter: @@ -10788,25 +10828,38 @@ paths: rules: items: properties: - device_connection_method: - description: Connect method. - example: pab + edge_location_display_name: + description: Prisma Access Location. + example: US West type: string event_time: description: Time of the event. example: 5 type: number + node_type: + description: Type of node. + example: 153 + type: number platform_type: description: Platform type. example: prisma_access type: string + source_city: + description: City from GeoIP. + example: San Jose + type: string + source_country: + description: Country from GeoIP. + example: US + type: string username: description: Username. - example: john.doe + example: achalla1kerbuser@dss-qa.com type: string type: object required: - event_time + - node_type type: array type: object type: object @@ -10816,15 +10869,43 @@ paths: content: application/json: schema: - properties: - event_time: - description: Event time - example: 1709226000000 - type: number - user_count: - description: Number of users - example: 1045 + properties: + browser_name: + description: Browser name. + example: Chrome + type: string + last_activity_epoc_time_millis: + description: Last activity epoch time in milliseconds. + example: 1678886400000 type: integer + last_activity_time: + description: Last activity time. + example: '2023-03-15T00:00:00Z' + type: string + os_family: + description: OS family. + example: Windows + type: string + pa_fw_location: + description: PA Firewall location. + example: US West + type: string + source_city: + description: Source city. + example: San Francisco + type: string + source_country: + description: Source country. + example: USA + type: string + user_source_ip: + description: User source IP address. + example: 192.168.1.1 + type: string + username: + description: Username. + example: john.doe + type: string type: object description: OK '400': @@ -10837,15 +10918,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Enterprise Browser User Histogram Data + summary: Agentless Internal User List tags: - - Enterprise Browser Users API - /insights/v3.0/resource/query/users/eb/user_list: + - Agentless Users API + /insights/v3.0/resource/query/users/agentless/connected_user_count: post: - description: 'Retrieve a list of users for Enterprise Browser. + description: 'Retrieve the number of connected agentless proxy users. ' - operationId: post-insights-v3.0-resource-query-users-eb-user_list + operationId: post-insights-v3.0-resource-query-users-agentless-connected_user_count parameters: - description: 'Map the region for the tenant. @@ -10892,13 +10973,37 @@ paths: - prisma_access - ngfw - operator: in - property: device_connection_method + property: connection_method values: - - pab + - AGENTLESS + - operator: in + property: application_name + values: + - salesforce + - operator: in + property: edge_location_display_name + values: + - US West + - operator: in + property: fw_name + values: + - vmseries + - operator: in + property: source_country_name + values: + - US + - operator: in + property: source_city_name + values: + - San Jose - operator: in property: username values: - john.doe + - operator: in + property: domain_name + values: + - salesforce.com schema: properties: filter: @@ -10906,22 +11011,66 @@ paths: rules: items: properties: - device_connection_method: - description: Connect method. - example: pab + application_name: + description: Application name. + example: zoom + type: string + connection_method: + description: Connection method used by the user. + example: AGENTLESS + type: string + device_score: + description: Device score. + example: 3 + type: number + edge_location_display_name: + description: Prisma Access Location. + example: US West type: string event_time: description: Time of the event. example: 5 type: number + experience_score: + description: User experience score. + example: 4 + type: number + geoip_from_city_name: + description: City from GeoIP. + example: San Jose + type: string + geoip_from_country_name: + description: Country from GeoIP. + example: US + type: string + instance_name: + description: Instance name. + example: instance1 + type: string + internet_score: + description: Internet score. + example: 3 + type: number + lan_score: + description: LAN score. + example: 5 + type: number + pa_score: + description: Prisma Access score. + example: 5 + type: number platform_type: - description: Platform type. + description: Type of platform. example: prisma_access type: string - username: - description: Username. + source_user_info_name: + description: Source user name. example: john.doe type: string + wifi_score: + description: Wifi score. + example: 4 + type: number type: object required: - event_time @@ -10935,38 +11084,10 @@ paths: application/json: schema: properties: - browser_version: - description: Browser version. - example: 114.0.5735.198 - type: string - connect_method: - description: Connect method. - example: pab - type: string - user_last_activity_timestamp_epoc_millis: - description: User last activity timestamp epoch millis. - example: 1678886400000 + user_count: + description: Count of connected users. + example: 15669 type: integer - user_last_connected_pa_fw_location: - description: User last connected PA FW location. - example: US West - type: string - user_last_connected_source_city: - description: User last connected source city. - example: San Jose - type: string - user_last_connected_source_country: - description: User last connected source country. - example: USA - type: string - user_source_ip_address: - description: User source IP address. - example: 192.168.1.1 - type: string - username: - description: Username. - example: john.doe - type: string type: object description: OK '400': @@ -10979,16 +11100,16 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Enterprise Browser User List + summary: Agentless Connected User Data tags: - - Enterprise Browser Users API - /insights/v3.0/resource/query/users/monitored/device_count: + - Users API + /insights/v3.0/resource/query/users/agentless/session_list: post: - description: 'Retrieve the number of monitored devices, with options for applying - filters. + description: 'Retrieve a list of internal user sessions without requiring an + agent. ' - operationId: post-insights-v3.0-resource-query-users-monitored-device_count + operationId: post-insights-v3.0-resource-query-users-agentless-session_list parameters: - description: 'Map the region for the tenant. @@ -11024,108 +11145,32 @@ paths: With possible filters: value: filter: - rules: - - operator: last_n_hours - property: event_time - values: - - 5 - - operator: in - property: platform_type - values: - - prisma_access - - ngfw - - operator: in - property: user_connection_method - values: - - monitored - - operator: in - property: device_connection_method - values: - - monitored - - operator: in - property: username - values: - - john.doe - - operator: in - property: device_name - values: - - DHCP - - operator: in - property: client_agent_version - values: - - 1.0.0 - - operator: in - property: client_os_version - values: - - Windows 10 - - operator: in - property: source_city - values: - - San Jose - - operator: in - property: source_country - values: - - USA - - operator: in - property: user_source_ip_address - values: - - 192.0.2.1 - - operator: in - property: usergroups - values: - - admins - - operator: in - property: edge_location_display_name - values: - - US West - - operator: gt - property: experience_score - values: - - 70 - - operator: gt - property: device_score - values: - - 65 - - operator: gt - property: lan_score - values: - - 80 - - operator: gt - property: wifi_score - values: - - 75 - - operator: gt - property: pa_score - values: - - 90 - - operator: gt - property: internet_score - values: - - 60 - - operator: eq - property: device_self_serve_status + rules: + - operator: last_n_hours + property: event_time values: - - true + - 5 - operator: in - property: device_isp_name + property: username values: - - Comcast + - john.doe - operator: in - property: instance_name + property: edge_location_display_name values: - - fw00 + - US West - operator: in - property: project_name + property: source_city values: - - ProjectA + - San Jose - operator: in - property: location_group_name + property: source_country values: - - LocationGroup1 + - US - operator: in - property: domain_name + property: platform_type values: - - example.com + - prisma_access + - ngfw schema: properties: filter: @@ -11133,106 +11178,30 @@ paths: rules: items: properties: - client_agent_version: - description: Version of the client agent. - example: 1.0.0 - type: string - client_os_version: - description: Version of the client OS. - example: Windows 10 - type: string - device_connection_method: - description: Device connection method. - example: monitored - type: string - device_isp_name: - description: Name of the ISP. - example: Comcast - type: string - device_name: - description: Source of the device name. - example: DHCP - type: string - device_score: - description: Device score. - example: 75 - type: number - device_self_serve_status: - description: Indicates if self-serve user is enabled. - example: true - type: boolean - domain_name: - description: Application domain name. - example: example.com - type: string edge_location_display_name: - description: Prisma Access location name. + description: Prisma Access Location. example: US West type: string event_time: description: Time of the event. example: 5 type: number - experience_score: - description: Experience score. - example: 80 - type: number - instance_name: - description: Firewall name. - example: fw00 - type: string - internet_score: - description: Internet score. - example: 70 - type: number - lan_score: - description: LAN score. - example: 90 - type: number - location_group_name: - description: Location group name. - example: LocationGroup1 - type: string - pa_score: - description: PA score. - example: 95 - type: number platform_type: - description: Type of platform. + description: Platform type. example: prisma_access type: string - project_name: - description: Project name. - example: ProjectA - type: string source_city: - description: Name of the source city. + description: City from GeoIP. example: San Jose type: string source_country: - description: Name of the source country. - example: USA - type: string - user_connection_method: - description: User connection method. - example: monitored - type: string - user_source_ip_address: - description: Public IP address of the client. - example: 192.0.2.1 - type: string - usergroups: - description: User groups. - example: admins + description: Country from GeoIP. + example: US type: string username: description: Username. example: john.doe type: string - wifi_score: - description: WiFi score. - example: 85 - type: number type: object required: - event_time @@ -11246,22 +11215,36 @@ paths: application/json: schema: properties: - device_count_fair: - description: Count of devices with fair score. - example: 20 - type: integer - device_count_good: - description: Count of devices with good score. - example: 70 - type: integer - device_count_poor: - description: Count of devices with poor score. - example: 10 - type: integer - device_count_total: - description: Total device count. - example: 100 - type: integer + bytes_received: + description: Bytes received. + example: 2048.0 + format: float + type: number + bytes_sent: + description: Bytes sent. + example: 1024.0 + format: float + type: number + login_time: + description: Login time. + example: '2023-03-15T00:00:00Z' + type: string + pa_fw_location: + description: PA Firewall location. + example: US West + type: string + source_city: + description: Source city. + example: San Francisco + type: string + source_country: + description: Source country. + example: USA + type: string + user_source_ip: + description: User source IP address. + example: 192.168.1.1 + type: string type: object description: OK '400': @@ -11274,16 +11257,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Monitored Device Data + summary: Agentless Internal User Session List tags: - - Monitored Users API - /insights/v3.0/resource/query/users/monitored/device_count_histogram: + - Agentless Users API + /insights/v3.0/resource/query/users/agentless/user_count_histogram: post: - description: 'Retrieve a histogram of device data, with options for applying - filters. + description: 'Retrieve a histogram of internal users without requiring an agent. ' - operationId: post-insights-v3.0-resource-query-users-monitored-device_count_histogram + operationId: post-insights-v3.0-resource-query-users-agentless-user_count_histogram parameters: - description: 'Map the region for the tenant. @@ -11317,115 +11299,39 @@ paths: values: - 5 histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 - With possible filters: - value: - filter: - rules: - - operator: last_n_hours - property: event_time - values: - - 5 - - operator: in - property: platform_type - values: - - prisma_access - - ngfw - - operator: in - property: user_connection_method - values: - - monitored - - operator: in - property: device_connection_method - values: - - monitored - - operator: in - property: username - values: - - john.doe - - operator: in - property: device_name - values: - - DHCP - - operator: in - property: client_agent_version - values: - - 10.2.3 - - operator: in - property: client_os_version - values: - - Windows 10 - - operator: in - property: source_city - values: - - San Jose - - operator: in - property: source_country - values: - - USA - - operator: in - property: user_source_ip_address - values: - - 192.0.2.1 - - operator: in - property: usergroups - values: - - Employees - - operator: in - property: edge_location_display_name - values: - - US West - - operator: in - property: experience_score - values: - - 75 - - operator: in - property: device_score - values: - - 80 - - operator: in - property: lan_score - values: - - 90 - - operator: in - property: wifi_score - values: - - 85 - - operator: in - property: pa_score - values: - - 95 - - operator: in - property: internet_score - values: - - 70 - - operator: in - property: device_self_serve_status + enableEmptyInterval: true + property: event_time + range: minute + value: 30 + With possible filters: + value: + filter: + rules: + - operator: last_n_hours + property: event_time values: - - true + - 5 - operator: in - property: isp_name + property: platform_type values: - - Comcast + - prisma_access + - ngfw - operator: in - property: fw_name + property: source_user values: - - PA-VM + - test@example.com - operator: in - property: project_name + property: edge_location_display_name values: - - ProjectA + - US West - operator: in - property: location_group_name + property: source_city values: - - HQ + - San Jose - operator: in - property: app_domain_name + property: source_country values: - - example.com + - US histogram: enableEmptyInterval: true property: event_time @@ -11438,106 +11344,30 @@ paths: rules: items: properties: - client_agent_version: - description: Version of the client agent. - example: 10.2.3 - type: string - client_os_version: - description: Version of the client OS. - example: Windows 10 - type: string - device_connection_method: - description: Device connection method. - example: monitored - type: string - device_isp_name: - description: Name of the ISP. - example: Comcast - type: string - device_name: - description: Source of the device name. - example: DHCP - type: string - device_score: - description: Device score. - example: 80 - type: number - device_self_serve_status: - description: Indicates if self-serve user is enabled. - example: true - type: boolean - domain_name: - description: Name of the application domain. - example: example.com - type: string edge_location_display_name: - description: Prisma Access location name. + description: Prisma Access Location. example: US West type: string event_time: description: Time of the event. example: 5 type: number - experience_score: - description: Experience score. - example: 75 - type: number - instance_name: - description: Firewall name. - example: fw00 - type: string - internet_score: - description: Internet score. - example: 70 - type: number - lan_score: - description: LAN score. - example: 90 - type: number - location_group_name: - description: Name of the location group. - example: HQ - type: string - pa_score: - description: PA score. - example: 95 - type: number platform_type: description: Type of platform. example: prisma_access type: string - project_name: - description: Name of the project. - example: ProjectA - type: string source_city: - description: Name of the source city. + description: City from GeoIP. example: San Jose type: string source_country: - description: Name of the source country. - example: USA - type: string - user_connection_method: - description: User connection method. - example: monitored - type: string - user_source_ip_address: - description: Public IP address of the client. - example: 192.0.2.1 - type: string - usergroups: - description: User groups. - example: Employees + description: Country from GeoIP. + example: US type: string - username: - description: Username. - example: john.doe + source_user: + description: Source User. + example: test@example.com type: string - wifi_score: - description: WiFi score. - example: 85 - type: number type: object required: - event_time @@ -11551,15 +11381,14 @@ paths: application/json: schema: properties: - device_count: - description: Number of devices - example: 100.0 - format: float - type: number event_time: - description: Event time - example: 1709226000000 + description: Event time. + example: 1678886400000 type: number + user_count: + description: Count of users. + example: 1034 + type: integer type: object description: OK '400': @@ -11572,29 +11401,24 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Device Histogram Data + summary: Agentless Internal User Histogram tags: - - Monitored Users API - /insights/v3.0/resource/query/users/other/active_user_count: + - Agentless Users API + /insights/v3.0/resource/query/users/agentless/users: post: - description: 'Retrieve the number of active users based on the provided filters. - - ' - operationId: post-insights-v3.0-resource-query-users-other-active_user_count + description: Retrieves agentless user data. + operationId: post-insights-v3.0-resource-query-users-agentless-users parameters: - - description: 'Map the region for the tenant. - - ' + - description: Region mapping for the tenant. in: header name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. in: header name: Prisma-Tenant required: false @@ -11622,34 +11446,22 @@ paths: values: - 5 - operator: in - property: platform_type - values: - - prisma_access - - ngfw - - operator: in - property: username - values: - - john.doe - - operator: in - property: application_name - values: - - Zoom - - operator: in - property: source_country + property: edge_location_display_name values: - - US + - US West - operator: in property: source_city values: - San Jose - operator: in - property: instance_name + property: source_country values: - - PA-VM + - US - operator: in - property: edge_location_display_name + property: platform_type values: - - US West + - prisma_access + - ngfw schema: properties: filter: @@ -11657,38 +11469,26 @@ paths: rules: items: properties: - application_name: - description: Name of the application. - example: Zoom - type: string edge_location_display_name: - description: Prisma Access Location Name. + description: Prisma Access Location. example: US West type: string event_time: description: Time of the event. example: 5 type: number - instance_name: - description: Instance Name. - example: PA-VM - type: string platform_type: - description: Type of platform. + description: Platform type. example: prisma_access type: string source_city: - description: Name of the source city. + description: City from GeoIP. example: San Jose type: string source_country: - description: Name of the source country. + description: Country from GeoIP. example: US type: string - username: - description: Username. - example: john.doe - type: string type: object required: - event_time @@ -11702,10 +11502,10 @@ paths: application/json: schema: properties: - user_count: - description: Count of active users. - example: 10034 - type: integer + username: + description: Username. + example: john.doe + type: string type: object description: OK '400': @@ -11718,29 +11518,24 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Active User Data + summary: Get agentless users data tags: - - Other Users API - /insights/v3.0/resource/query/users/other/user_list: + - Agentless Users API + /insights/v3.0/resource/query/users/all/user_list_all: post: - description: 'Retrieve a list of internal users. - - ' - operationId: post-insights-v3.0-resource-query-users-other-user_list + description: Retrieves a list of users with detailed information. + operationId: post-insights-v3.0-resource-query-users-all-user_list_all parameters: - - description: 'Map the region for the tenant. - - ' + - description: Region mapping for the tenant. in: header name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. in: header name: Prisma-Tenant required: false @@ -11758,56 +11553,84 @@ paths: - operator: last_n_hours property: event_time values: - - 5 - With possible filters: - value: - filter: - rules: - - operator: last_n_hours - property: event_time + - 5 + With possible filters: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + - operator: in + property: platform_type + values: + - prisma_access + - ngfw + - operator: in + property: connection_method + values: + - Agent + - operator: gt + property: experience_score + values: + - 70 + - operator: gt + property: device_score + values: + - 80 + - operator: gt + property: lan_score + values: + - 90 + - operator: gt + property: wifi_score values: - - 5 - - operator: in - property: platform_type + - 85 + - operator: gt + property: pa_score values: - - prisma_access - - ngfw + - 75 + - operator: gt + property: internet_score + values: + - 95 - operator: in - property: node_type + property: pa_location_name values: - - 153 + - US West - operator: in - property: username + property: edge_location_display_name values: - - john.doe + - US East - operator: in - property: application_name + property: instance_name values: - - Zoom + - PA-VM - operator: in - property: edge_location_display_name + property: source_country values: - - US West + - US - operator: in - property: instance_name + property: source_city values: - - instance1 + - San Jose - operator: in - property: cdl_traffic_class_var + property: application_name values: - - premium + - Salesforce - operator: in - property: user_source_ip_address + property: rbi values: - - 192.168.1.1 + - Enabled - operator: in - property: source_country + property: username values: - - US + - john.doe - operator: in - property: source_city + property: domain_name values: - - San Jose + - salesforce.com schema: properties: filter: @@ -11816,49 +11639,73 @@ paths: items: properties: application_name: - description: Application name. - example: Zoom + description: Application. + example: Salesforce type: string - cdl_traffic_class_var: - description: CDL traffic class. - example: premium + connection_method: + description: Device connection method. + example: Agent + type: string + device_score: + description: Device score. + example: 80 + type: number + domain_name: + description: Application domain name. + example: salesforce.com type: string edge_location_display_name: - description: Prisma Access Location. - example: US West + description: Edge location display name. + example: US East type: string event_time: description: Time of the event. example: 5 type: number + experience_score: + description: Experience score. + example: 70 + type: number instance_name: - description: Instance name. - example: instance1 + description: Firewall name. + example: PA-VM type: string - node_type: - description: Type of node. - example: 153 + internet_score: + description: Internet score. + example: 95 + type: number + lan_score: + description: LAN score. + example: 90 + type: number + pa_score: + description: Prisma Access score. + example: 75 type: number platform_type: - description: Platform type. + description: Type of platform. example: prisma_access type: string - source_city: - description: City from GeoIP. + rbi: + description: RBI status. + example: Enabled + type: string + source_city_name: + description: Source city name. example: San Jose type: string - source_country: - description: Country from GeoIP. + source_country_name: + description: Source country name. example: US type: string - user_source_ip_address: - description: Source IP address. - example: 192.168.1.1 - type: string username: - description: Source user info name. + description: Username. example: john.doe type: string + wifi_score: + description: WiFi score. + example: 85 + type: number type: object required: - event_time @@ -11872,16 +11719,64 @@ paths: application/json: schema: properties: + adem_username: + description: ADEM Username. + example: john.doe@example.com + type: string + agent_uuid: + description: Agent UUID. + example: a1b2c3d4-e5f6-7890-1234-567890abcdef + type: string application_count: - description: Number of applications used. + description: Application count. example: 10 type: integer - last_activity_epoc_time_millis: - description: Last activity epoch time in milliseconds. + connection_method: + description: Connection method. + example: Agent + type: string + device_name: + description: Device name. + example: Device - 10.01.00.00 + type: string + device_score_value: + description: Device score value. + example: 80 + type: integer + experience_score_value: + description: Experience score value. + example: 70 + type: integer + internet_score_value: + description: Internet score value. + example: 95 + type: integer + lan_score_value: + description: LAN score value. + example: 90 + type: integer + last_activity_timestamp_epoc_millis: + description: Last activity timestamp in epoch milliseconds. example: 1678886400000 type: integer + pa_fw_location: + description: Prisma Access firewall location. + example: sfc-cor-cf000 + type: string + pa_score_value: + description: Prisma Access score value. + example: 75 + type: integer + source_city: + description: Source city. + example: San Jose + type: string + source_country: + description: Source country. + example: US + type: string threat_count: - description: Number of threats detected. + description: Threat count. example: 5 type: integer total_bytes: @@ -11892,6 +11787,10 @@ paths: description: Username. example: john.doe type: string + wifi_score_value: + description: WiFi score value. + example: 85 + type: integer type: object description: OK '400': @@ -11904,16 +11803,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Internal User List + summary: Get User List tags: - - Other Users API - /insights/v3.0/resource_query/applications/accelerated_applications/response_time_before_and_after_improvement: + - Users API + /insights/v3.0/resource/query/users/branch/active_user_count: post: - description: 'Retrieve response time data for accelerated applications, showing - improvements. + description: 'Retrieve the number of active branch users. ' - operationId: post-insights-v3.0-resource_query-applications-accelerated_applications-response_time_before_and_after_improvement + operationId: post-insights-v3.0-resource-query-users-branch-active_user_count parameters: - description: 'Map the region for the tenant. @@ -11946,11 +11844,6 @@ paths: property: event_time values: - 5 - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 With possible filters: value: filter: @@ -11960,22 +11853,14 @@ paths: values: - 5 - operator: in - property: edge_location_display_name - values: - - US West - - operator: equals - property: app_accelerated + property: platform_type values: - - true + - prisma_access + - ngfw - operator: in - property: app + property: username values: - - salesforce - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 + - john.doe schema: properties: filter: @@ -11983,45 +11868,22 @@ paths: rules: items: properties: - app: - description: Application name. - example: salesforce - type: string - app_accelerated: - description: Whether the application is accelerated. - example: true - type: boolean - edge_location_display_name: - description: Prisma Access Location. - example: US West - type: string event_time: description: Time of the event. example: 5 type: number - type: object - required: - - event_time - type: array - type: object - histogram: - properties: - enableEmptyInterval: - description: Enable empty intervals. - example: true - type: boolean - property: - description: Property for histogram. - example: event_time - type: string - range: - description: Range for histogram. - example: minute - type: string - value: - description: Value for histogram. - example: 30 - type: integer + platform_type: + description: Type of platform. + example: prisma_access + type: string + username: + description: Username. + example: john.doe + type: string + type: object + required: + - event_time + type: array type: object type: object required: true @@ -12031,20 +11893,10 @@ paths: application/json: schema: properties: - event_time: - description: Event time. - example: 1709226000000 - type: number - response_time_after_improvement: - description: Response time after improvement. - example: 50.0 - format: float - type: number - response_time_before_improvement: - description: Response time before improvement. - example: 100.0 - format: float - type: number + user_count: + description: Count of active users. + example: 10045 + type: integer type: object description: OK '400': @@ -12057,16 +11909,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Response Time Before and After Improvement + summary: Active Branch User Data tags: - - Application API - /insights/v3.0/resource_query/applications/accelerated_applications/response_time_before_and_after_improvement_per_app: + - Branch User API + /insights/v3.0/resource/query/users/branch/active_user_list: post: - description: 'Retrieve response time data for specific accelerated applications, - showing improvements. + description: 'Retrieve a list of active branch users. ' - operationId: post-insights-v3.0-resource_query-applications-accelerated_applications-response_time_before_and_after_improvement_per_app + operationId: post-insights-v3.0-resource-query-users-branch-active_user_list parameters: - description: 'Map the region for the tenant. @@ -12099,11 +11950,6 @@ paths: property: event_time values: - 5 - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 With possible filters: value: filter: @@ -12113,23 +11959,14 @@ paths: values: - 5 - operator: in - property: edge_location_display_name - values: - - US West - - operator: in - property: app_accelerated + property: username values: - - true - - false + - achalla1kerbuser - operator: in - property: app + property: platform_type values: - - salesforce - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 + - prisma_access + - ngfw schema: properties: filter: @@ -12137,46 +11974,23 @@ paths: rules: items: properties: - app: - description: Application name. - example: salesforce - type: string - app_accelerated: - description: Whether the application is accelerated. - example: true - type: boolean - edge_location_display_name: - description: Prisma Access Location. - example: US West - type: string event_time: description: Time of the event. example: 5 type: number + platform_type: + description: Platform type. + example: prisma_access + type: string + username: + description: Username. + example: achalla1kerbuser + type: string type: object required: - event_time type: array type: object - histogram: - properties: - enableEmptyInterval: - description: Enable empty intervals. - example: true - type: boolean - property: - description: Property for histogram. - example: event_time - type: string - range: - description: Range for histogram. - example: minute - type: string - value: - description: Value for histogram. - example: 30 - type: integer - type: object type: object required: true responses: @@ -12185,24 +11999,30 @@ paths: application/json: schema: properties: - app: - description: Application name. - example: salesforce - type: string - event_time: - description: Event time. + last_activity_epoc_time_millis: + description: Last activity epoch time in milliseconds. example: 1678886400000 - type: number - response_time_after_improvement: - description: Response time after improvement. - example: 0.89 - format: float - type: number - response_time_before_improvement: - description: Response time before improvement. - example: 1.23 - format: float - type: number + type: integer + pa_fw_location: + description: PA Firewall location. + example: US West + type: string + user_last_connected_source_city: + description: Source city. + example: San Francisco + type: string + user_last_connected_source_country: + description: Source country. + example: USA + type: string + user_source_ip: + description: User source IP address. + example: 192.168.1.1 + type: string + username: + description: Username. + example: john.doe + type: string type: object description: OK '400': @@ -12215,16 +12035,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Response Time Improvement Per Application + summary: Active Branch User List tags: - - Application API - /insights/v3.0/resource_query/applications/internal/app_by_risk_score: + - Branch User API + /insights/v3.0/resource/query/users/branch/connected_entity_count: post: - description: 'Retrieve application risk score data, including risk levels and - application counts. + description: 'Retrieve the number of connected entities for branch users. ' - operationId: post-insights-v3.0-resource_query-applications-internal-app_by_risk_score + operationId: post-insights-v3.0-resource-query-users-branch-connected_entity_count parameters: - description: 'Map the region for the tenant. @@ -12265,62 +12084,15 @@ paths: property: event_time values: - 5 - - operator: in - property: app - values: - - Zoom - - operator: in - property: app_category - values: - - Collaboration - - operator: in - property: risk_of_app - values: - - 0 - - operator: in - property: edge_location_display_name - values: - - US West - operator: in property: platform_type values: - prisma_access + - ngfw - operator: in - property: application_type - values: - - Business - - operator: in - property: security_service_type - values: - - url_filtering - - operator: in - property: source_type - values: - - user - - operator: eq - property: threats_active - values: - - true - - operator: eq - property: severity - values: - - true - - operator: in - property: threat_category_group - values: - - Malware - - operator: in - property: normalized_tag - values: - - cloud-storage - - operator: in - property: use_cases - values: - - data-loss-prevention - - operator: eq - property: is_genai + property: username values: - - true + - john.doe schema: properties: filter: @@ -12328,80 +12100,17 @@ paths: rules: items: properties: - app: - description: Application name. - example: Zoom - type: string - app_category: - description: Application category. - example: Collaboration - type: string - application_type: - description: Application Type. - example: Business - type: string - edge_location_display_name: - description: Prisma Access Location. - example: US West - type: string event_time: description: Time of the event. example: 5 type: number - is_genai: - description: Is it a GenAI application? - example: true - type: boolean - normalized_tag: - description: Normalized tag. - example: cloud-storage - type: string platform_type: - description: Platform type. - example: prisma_access - type: string - risk_of_app: - description: Risk score of the application. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - example: 0 - type: integer - security_service_type: - description: Security service type. - enum: - - url_filtering - - threat_protection - - wildfire - example: url_filtering - type: string - severity: - description: Severity of threats. - example: true - type: boolean - source_type: - description: Source type. - enum: - - user - - iot - - other - example: user - type: string - threat_category_group: - description: Threat category group. - example: Malware + description: Type of platform. + example: prisma_access type: string - threats_active: - description: Are threats active? - example: true - type: boolean - use_cases: - description: Use cases. - example: data-loss-prevention + username: + description: Source user name. + example: john.doe type: string type: object required: @@ -12416,13 +12125,13 @@ paths: application/json: schema: properties: - count_apps: - description: Number of applications. - example: 10 + device_count: + description: Count of connected devices. + example: 104 type: integer - risk_of_app: - description: Risk score of the application. - example: 3 + user_count: + description: Count of connected users. + example: 1034 type: integer type: object description: OK @@ -12436,16 +12145,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Application Risk Score + summary: Connected Entity Data for Branch Users tags: - - Application API - /insights/v3.0/resource_query/applications/internal/app_by_tag: + - Branch User API + /insights/v3.0/resource/query/users/branch/connected_user_count: post: - description: 'Retrieve applications by tag, including subtypes and associated - metadata. + description: 'Retrieve the number of branch connected users. ' - operationId: post-insights-v3.0-resource_query-applications-internal-app_by_tag + operationId: post-insights-v3.0-resource-query-users-branch-connected_user_count parameters: - description: 'Map the region for the tenant. @@ -12487,61 +12195,62 @@ paths: values: - 5 - operator: in - property: app + property: platform_type values: - - Zoom + - prisma_access + - ngfw - operator: in - property: app_category + property: connection_method values: - - Collaboration - - operator: in - property: risk_of_app + - BRANCH + - operator: gt + property: experience_score values: - - '0' - - operator: in - property: edge_location_display_name + - 70 + - operator: gt + property: device_score values: - - US West - - operator: in - property: platform_type + - 80 + - operator: gt + property: lan_score values: - - prisma_access - - operator: in - property: application_type + - 60 + - operator: gt + property: wifi_score values: - - Web - - operator: in - property: security_service_type + - 70 + - operator: gt + property: pa_score values: - - url_filtering - - operator: in - property: source_type + - 80 + - operator: gt + property: internet_score values: - - user - - operator: eq - property: threats_active + - 50 + - operator: in + property: edge_location_display_name values: - - true - - operator: eq - property: severity + - US West + - operator: in + property: instance_name values: - - true + - fw00 - operator: in - property: threat_category_group + property: source_country values: - - Malware + - US - operator: in - property: normalized_tag + property: source_city values: - - finance + - San Jose - operator: in - property: use_cases + property: username values: - - data-loss-prevention - - operator: eq - property: is_genai + - john.doe + - operator: in + property: domain_name values: - - true + - salesforce.com schema: properties: filter: @@ -12549,74 +12258,66 @@ paths: rules: items: properties: - app: - description: Application name. - example: Zoom - type: string - app_category: - description: Application category. - example: Collaboration + connection_method: + description: Method of connection. + example: BRANCH type: string - application_type: - description: Type of application. - example: Web + device_score: + description: Device score. + example: 90 + type: number + domain_name: + description: Application domain name. + example: salesforce.com type: string edge_location_display_name: - description: Prisma Access Location. + description: Name of the PA location. example: US West type: string event_time: description: Time of the event. example: 5 type: number - is_genai: - description: Indicates if the application is GenAI. - example: true - type: boolean - normalized_tag: - description: Normalized tag. - example: finance + experience_score: + description: Experience score. + example: 80 + type: number + instance_name: + description: Name of the firewall. + example: fw00 type: string + internet_score: + description: Internet score. + example: 70 + type: number + lan_score: + description: LAN score. + example: 75 + type: number + pa_score: + description: Prisma Access score. + example: 95 + type: number platform_type: - description: Platform type. + description: Type of platform. example: prisma_access type: string - risk_of_app: - description: Risk level of the application. - example: 0 - type: integer - security_service_type: - description: Type of security service. - enum: - - url_filtering - - threat_protection - - wildfire - example: url_filtering - type: string - severity: - description: Indicates the severity of the threat. - example: true - type: boolean - source_type: - description: Source type. - enum: - - user - - iot - - other - example: user + source_city: + description: Name of the source city. + example: San Jose type: string - threat_category_group: - description: Threat category group. - example: Malware + source_country: + description: Name of the source country. + example: US type: string - threats_active: - description: Indicates if threats are active. - example: true - type: boolean - use_cases: - description: Use cases. - example: data-loss-prevention + username: + description: Username. + example: john.doe type: string + wifi_score: + description: WiFi score. + example: 85 + type: number type: object required: - event_time @@ -12630,13 +12331,9 @@ paths: application/json: schema: properties: - application_sub_type: - description: Application subtype. - example: Web App - type: string - count_apps: - description: Count of applications. - example: 10 + user_count: + description: Count of users. + example: 19399 type: integer type: object description: OK @@ -12650,16 +12347,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Applications by Tag + summary: Branch Connected Users Data tags: - - Application API - /insights/v3.0/resource_query/applications/internal/application_list: + - Users API + /insights/v3.0/resource/query/users/branch/session_list: post: - description: 'Retrieve a list of applications with detailed metrics and threat - information. + description: 'Retrieve a list of branch user sessions. ' - operationId: post-insights-v3.0-resource_query-applications-internal-application_list + operationId: post-insights-v3.0-resource-query-users-branch-session_list parameters: - description: 'Map the region for the tenant. @@ -12696,102 +12392,19 @@ paths: value: filter: rules: - - operator: last_n_hours - property: event_time - values: - - 5 - - operator: in - property: app - values: - - Zoom - - operator: in - property: app_category - values: - - collaboration - - operator: in - property: risk_of_app - values: - - 3 - - operator: in - property: edge_location_display_name - values: - - US West - - operator: in - property: user_exp_score - values: - - 4 - - operator: in - property: site_exp_score - values: - - 5 - - operator: in - property: user_exp_score_verdict - values: - - good - - operator: in - property: site_exp_score_verdict - values: - - good - - operator: in - property: usergroups + - operator: last_n_hours + property: event_time values: - - Employees + - 5 - operator: in - property: normalized_username + property: username values: - john.doe - - operator: in - property: experience_score - values: - - good - - operator: in - property: application_name - values: - - Zoom - operator: in property: platform_type values: - prisma_access - - operator: in - property: application_type - values: - - web-based - - operator: in - property: security_service_type - values: - - url_filtering - - operator: in - property: source_type - values: - - user - - operator: in - property: threats_active - values: - - true - - operator: in - property: severity - values: - - true - - operator: in - property: threat_category_group - values: - - malware - - operator: in - property: normalized_tag - values: - - critical - - operator: in - property: use_cases - values: - - business - - operator: in - property: is_genai - values: - - true - - operator: in - property: quantum_status_tag - values: - - enabled + - ngfw schema: properties: filter: @@ -12799,101 +12412,17 @@ paths: rules: items: properties: - app: - description: Application name. - example: Zoom - type: string - app_category: - description: Application category. - example: collaboration - type: string - application_name: - description: Application name. - example: Zoom - type: string - application_type: - description: Application type. - example: web-based - type: string - edge_location_display_name: - description: Prisma Access Location. - example: US West - type: string event_time: description: Time of the event. - example: 1678886400000 + example: 5 type: number - experience_score: - description: Experience score. - example: good - type: string - is_genai: - description: Indicates if it is GenAI. - example: true - type: boolean - normalized_tag: - description: Normalized tag. - example: critical - type: string - normalized_username: - description: Normalized username. - example: john.doe - type: string platform_type: description: Platform type. example: prisma_access type: string - quantum_status_tag: - description: Quantum status tag. - example: enabled - type: string - risk_of_app: - description: Risk level of the application. - example: 3 - type: integer - security_service_type: - description: Security service type. - example: url_filtering - type: string - severity: - description: Indicates the severity of threats. - example: true - type: boolean - site_exp_score: - description: Site experience score. - example: 5 - type: integer - site_exp_score_verdict: - description: Site experience score verdict. - example: good - type: string - source_type: - description: Source type. - example: user - type: string - threat_category_group: - description: Threat category group. - example: malware - type: string - threats_active: - description: Indicates if threats are active. - example: true - type: boolean - use_cases: - description: Use cases. - example: business - type: string - user_exp_score: - description: User experience score. - example: 4 - type: integer - user_exp_score_verdict: - description: User experience score verdict. - example: good - type: string - usergroups: - description: User groups. - example: Employees + username: + description: Username. + example: john.doe type: string type: object required: @@ -12908,99 +12437,39 @@ paths: application/json: schema: properties: - accelerated: - description: Indicates if the application is accelerated. - example: true - type: boolean - app: - description: Application name. - example: Zoom - type: string - app_category: - description: Application category. - example: collaboration - type: string - app_sub_category: - description: Application sub-category. - example: video-conferencing - type: string - application_sub_type: - description: Application sub type. - example: web - type: string - application_test_name: - description: Application test name. - example: Zoom Test - type: string - application_test_target_name: - description: Application test target name. - example: Zoom Target - type: string - avg_throughput: - description: Average throughput. - example: 1000000.0 + bytes_received: + description: Bytes received. + example: 2048.0 format: float type: number - pab_event_count: - description: PAB event count. - example: 20 - type: integer - port: - description: Port number. - example: 443 - type: integer - quantum_status_tag: - description: Quantum status tag. - example: enabled - type: string - risk_of_app: - description: Risk level of the application. - example: 3 - type: integer - rule_name: - description: Rule name. - example: Zoom Rule + bytes_sent: + description: Bytes sent. + example: 1024.0 + format: float + type: number + login_time: + description: Login time. + example: '2023-03-15T00:00:00Z' type: string - site_exp_score: - description: Site experience score. - example: 5 - type: integer - site_exp_score_verdict: - description: Site experience score verdict. - example: good + pa_fw_location: + description: PA Firewall location. + example: US West type: string - site_exp_test_uuid: - description: Site experience test UUID. - example: 550e8400-e29b-41d4-a716-446655440001 + user_client_private_address: + description: User client IP address. + example: 192.165.0.1 type: string - total_threats: - description: Total number of threats detected. - example: 10 - type: integer - url_count: - description: Number of URLs. - example: 50 - type: integer - usage_bytes: - description: Total usage in bytes. - example: 1000000000.0 - format: float - type: number - user_count: - description: Number of users. - example: 100 - type: integer - user_exp_score: - description: User experience score. - example: 4 - type: integer - user_exp_score_verdict: - description: User experience score verdict. - example: good + user_client_source_address: + description: User client IP address. + example: 192.168.1.1 type: string - user_exp_test_uuid: - description: User experience test UUID. - example: 550e8400-e29b-41d4-a716-446655440000 + user_last_connected_source_city: + description: Source city. + example: San Francisco + type: string + user_last_connected_source_country: + description: Source country. + example: USA type: string type: object description: OK @@ -13014,16 +12483,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Retrieve Application List + summary: Branch User Session List tags: - - Application API - /insights/v3.0/resource_query/applications/internal/total_data_transfer_application: + - Branch User API + /insights/v3.0/resource/query/users/branch/user_count_histogram: post: - description: 'Retrieve total data transfer metrics for each application, including - category and total usage. + description: 'Retrieve a histogram of branch user data. ' - operationId: post-insights-v3.0-resource_query-applications-internal-total_data_transfer_application + operationId: post-insights-v3.0-resource-query-users-branch-user_count_histogram parameters: - description: 'Map the region for the tenant. @@ -13056,6 +12524,11 @@ paths: property: event_time values: - 5 + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 With possible filters: value: filter: @@ -13064,62 +12537,15 @@ paths: property: event_time values: - 5 - - operator: in - property: app - values: - - Zoom - - operator: in - property: app_category - values: - - collaboration - - operator: in - property: risk_of_app - values: - - 0 - - operator: in - property: edge_location_display_name - values: - - US West - operator: in property: platform_type values: - prisma_access + - ngfw - operator: in - property: application_type - values: - - web-based - - operator: in - property: security_service_type - values: - - url_filtering - - operator: in - property: source_type - values: - - user - - operator: in - property: threats_active - values: - - true - - operator: in - property: severity - values: - - true - - operator: in - property: threat_category_group - values: - - malware - - operator: in - property: normalized_tag - values: - - finance - - operator: in - property: use_cases - values: - - data-transfer - - operator: in - property: is_genai + property: username values: - - 'false' + - john.doe schema: properties: filter: @@ -13127,73 +12553,17 @@ paths: rules: items: properties: - app: - description: Application name. - example: Zoom - type: string - app_category: - description: Application category. - example: collaboration - type: string - application_type: - description: Type of application. - example: web-based - type: string - edge_location_display_name: - description: Prisma Access Location. - example: US West - type: string event_time: description: Time of the event. - example: 1678886400000 + example: 5 type: number - is_genai: - description: Is it a GenAI application. - example: false - type: boolean - normalized_tag: - description: Normalized tag. - example: finance - type: string platform_type: description: Platform type. example: prisma_access type: string - risk_of_app: - description: Risk level of the application. - example: 0 - type: integer - security_service_type: - description: Type of security service. - enum: - - url_filtering - - threat_protection - - wildfire - example: url_filtering - type: string - severity: - description: Severity of the threat. - example: true - type: boolean - source_type: - description: Source type. - enum: - - user - - iot - - other - example: user - type: string - threat_category_group: - description: Threat category group. - example: malware - type: string - threats_active: - description: Indicates if threats are active. - example: true - type: boolean - use_cases: - description: Use cases. - example: data-transfer + username: + description: Username. + example: john.doe type: string type: object required: @@ -13208,15 +12578,14 @@ paths: application/json: schema: properties: - app_category: - description: Application category. - example: collaboration - type: string - total_data_usage: - description: Total data usage in bytes. - example: 1000000000.0 - format: float + event_time: + description: Event time + example: 1709226000000 type: number + user_count: + description: Number of users + example: 1045 + type: integer type: object description: OK '400': @@ -13229,16 +12598,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Total Data Transfer Per Application + summary: Branch User Histogram Data tags: - - Application API - /insights/v3.0/resource_query/applications/internal/total_data_transfer_by_destination: + - Branch User API + /insights/v3.0/resource/query/users/branch/user_list: post: - description: 'Retrieve total data transfer metrics by destination, including - destination details and total bytes. + description: 'Retrieve a list of users, including details on devices and applications. ' - operationId: post-insights-v3.0-resource_query-applications-internal-total_data_transfer_by_destination + operationId: post-insights-v3.0-resource-query-users-branch-user_list parameters: - description: 'Map the region for the tenant. @@ -13279,62 +12647,39 @@ paths: property: event_time values: - 5 - - operator: in - property: app - values: - - Box - - operator: in - property: app_category - values: - - general-internet - - operator: in - property: risk_of_app - values: - - 3 - - operator: in - property: edge_location_display_name - values: - - US West - operator: in property: platform_type values: - prisma_access + - ngfw - operator: in - property: application_type - values: - - saas - - operator: in - property: security_service_type - values: - - url_filtering - - operator: in - property: source_type + property: username values: - - user + - john.doe - operator: in - property: threats_active + property: source_city values: - - true + - San Jose - operator: in - property: severity + property: source_country values: - - critical + - US - operator: in - property: threat_category_group + property: app values: - - malware + - Zoom - operator: in - property: normalized_tag + property: edge_location_display_name values: - - finance + - US West - operator: in - property: use_cases + property: instance_name values: - - data-loss-prevention + - instance1 - operator: in - property: is_genai + property: user_source_ip_address values: - - true + - 192.168.1.1 schema: properties: filter: @@ -13342,17 +12687,9 @@ paths: rules: items: properties: - app: + application_name: description: Application name. - example: Box - type: string - app_category: - description: Application category. - example: general-internet - type: string - application_type: - description: Application type. - example: saas + example: Zoom type: string edge_location_display_name: description: Prisma Access Location. @@ -13362,46 +12699,29 @@ paths: description: Time of the event. example: 5 type: number - is_genai: - description: Is it a GenAI application? true or false - example: true - type: boolean - normalized_tag: - description: Normalized tag. - example: finance + instance_name: + description: Instance name. + example: instance1 type: string platform_type: - description: Platform type. + description: Type of platform. example: prisma_access type: string - risk_of_app: - description: Risk of the application. - example: 3 - type: integer - security_service_type: - description: Security service type. It can be url_filtering, - threat_protection, wildfire - example: url_filtering - type: string - severity: - description: Severity of the threat. - example: critical - type: string - source_type: - description: Source type. It can be user, iot, other - example: user + source_city: + description: City from GeoIP. + example: San Jose type: string - threat_category_group: - description: Threat category group. - example: malware + source_country: + description: Country from GeoIP. + example: US type: string - threats_active: - description: Are threats active? It can be true or false - example: true - type: boolean - use_cases: - description: Use cases. - example: data-loss-prevention + user_source_ip_address: + description: Source IP address. + example: 192.168.1.1 + type: string + username: + description: Username. + example: john.doe type: string type: object required: @@ -13416,15 +12736,90 @@ paths: application/json: schema: properties: - destination: - description: Destination of the data transfer. - example: 192.168.1.1 + application_count: + description: Number of applications. + example: 5 + type: integer + device_auth_type: + description: Device authentication type. + example: certificate + type: string + device_client_private_address: + description: Device client private address. + example: 10.0.0.200 + type: string + device_count: + description: Number of devices. + example: 2 + type: integer + device_last_activity_timestamp_epoc_millis: + description: Device last activity timestamp in epoch milliseconds. + example: 1678886500000 + type: integer + device_last_connected_pa_fw_location: + description: Device last connected PA FW location. + example: US East + type: string + device_last_connected_source_city: + description: Device last connected source city. + example: New York + type: string + device_last_connected_source_country: + description: Device last connected source country. + example: USA type: string + device_name: + description: Device name. + example: device1 + type: string + device_os_version: + description: Device OS version. + example: iOS 15 + type: string + device_source_ip_address: + description: Device source IP address. + example: 192.168.1.200 + type: string + threat_count: + description: Number of threats. + example: 10 + type: integer total_bytes: - description: Total bytes transferred to the destination. - example: 1000000.0 - format: float - type: number + description: Total bytes transferred. + example: 1000000 + type: integer + user_client_private_address: + description: User client private address. + example: 10.0.0.100 + type: string + user_client_source_address: + description: User client source address. + example: 192.168.1.100 + type: string + user_last_activity_timestamp_epoc_millis: + description: User last activity timestamp in epoch milliseconds. + example: 1678886400000 + type: integer + user_last_connected_pa_fw_location: + description: Last connected PA FW location. + example: US West + type: string + user_last_connected_source_city: + description: User last connected source city. + example: San Francisco + type: string + user_last_connected_source_country: + description: User last connected source country. + example: USA + type: string + user_os_version: + description: User OS version. + example: Windows 10 + type: string + username: + description: Username. + example: john.doe + type: string type: object description: OK '400': @@ -13437,16 +12832,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Total Data Transfer by Destination + summary: Branch User List tags: - - Application API - /insights/v3.0/resource_query/applications/pab/access_events: + - Branch User API + /insights/v3.0/resource/query/users/eb/active_user_count: post: - description: 'Retrieve the number of Prisma Access Browser events for access - classification categories. + description: 'Retrieve the number of active users. ' - operationId: post-insights-v3.0-resource_query-applications-pab-access_events + operationId: post-insights-v3.0-resource-query-users-eb-active_user_count parameters: - description: 'Map the region for the tenant. @@ -13479,10 +12873,6 @@ paths: property: event_time values: - 5 - - operator: in - property: platform_type - values: - - prisma_access With possible filters: value: filter: @@ -13491,18 +12881,19 @@ paths: property: event_time values: - 5 - - operator: in - property: transformed_user_name - values: - - john.doe - operator: in property: platform_type values: - prisma_access + - ngfw - operator: in - property: app + property: device_connection_method values: - - salesforce + - pab + - operator: in + property: username + values: + - john.doe schema: properties: filter: @@ -13510,26 +12901,25 @@ paths: rules: items: properties: - app: - description: Application name. - example: salesforce + device_connection_method: + description: Method of connection. + example: pab type: string event_time: description: Time of the event. example: 5 type: number platform_type: - description: Platform type. + description: Type of platform. example: prisma_access type: string - transformed_user_name: + username: description: Username. example: john.doe type: string type: object required: - event_time - - platform_type type: array type: object type: object @@ -13540,9 +12930,9 @@ paths: application/json: schema: properties: - pab_event_count: - description: PAB event count - example: 10 + user_count: + description: Count of active users. + example: 100 type: integer type: object description: OK @@ -13556,16 +12946,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Access Events + summary: Active User Data tags: - - Application API - /insights/v3.0/resource_query/applications/pab/access_events_breakdown: + - Enterprise Browser Users API + /insights/v3.0/resource/query/users/eb/connected_user_count: post: - description: 'Retrieve a breakdown of Prisma Access Browser events by type and - access classification categories. + description: 'Retrieve the number of users connected through Enterprise Browser. ' - operationId: post-insights-v3.0-resource_query-applications-pab-access_events_breakdown + operationId: post-insights-v3.0-resource-query-users-eb-connected_user_count parameters: - description: 'Map the region for the tenant. @@ -13598,10 +12987,6 @@ paths: property: event_time values: - 5 - - operator: in - property: platform_type - values: - - prisma_access With possible filters: value: filter: @@ -13610,19 +12995,43 @@ paths: property: event_time values: - 5 - - operator: in - property: transformed_user_name - values: - - john.doe - operator: in property: platform_type values: - prisma_access + - ngfw - operator: in - property: app + property: connection_method + values: + - PAB + - operator: in + property: application_name values: - - zoom - salesforce + - operator: in + property: edge_location_display_name + values: + - US West + - operator: in + property: instance_name + values: + - fw00 + - operator: in + property: source_country + values: + - US + - operator: in + property: source_city + values: + - San Jose + - operator: in + property: username + values: + - john.doe + - operator: in + property: domain_name + values: + - salesforce.com schema: properties: filter: @@ -13630,26 +13039,49 @@ paths: rules: items: properties: - app: - description: Application name. - example: zoom + application_name: + description: Name of the application. + example: salesforce + type: string + connection_method: + description: Method of connection. + example: PAB + type: string + domain_name: + description: Application domain name. + example: salesforce.com + type: string + edge_location_display_name: + description: Name of the PA location. + example: US West type: string event_time: description: Time of the event. example: 5 type: number + instance_name: + description: Name of the firewall. + example: fw00 + type: string platform_type: - description: Platform type. + description: Type of platform. example: prisma_access type: string - transformed_user_name: + source_city: + description: Name of the source city. + example: San Jose + type: string + source_country: + description: Name of the source country. + example: US + type: string + username: description: Username. example: john.doe type: string type: object required: - event_time - - platform_type type: array type: object type: object @@ -13660,14 +13092,10 @@ paths: application/json: schema: properties: - pab_event_count: - description: PAB event count - example: 10 + user_count: + description: Count of users. + example: 19399 type: integer - type: - description: Type of event - example: File Open - type: string type: object description: OK '400': @@ -13680,15 +13108,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Access Events Breakdown + summary: Enterprise Browser Connected Users Data tags: - - Application API - /insights/v3.0/resource_query/applications/pab/access_events_breakdown_blocked_histogram: + - Users API + /insights/v3.0/resource/query/users/eb/user_count_histogram: post: - description: 'Retrieve a histogram of blocked access events breakdown. + description: 'Retrieve a histogram of Enterprise Browser user data. ' - operationId: post-insights-v3.0-resource_query-applications-pab-access_events_breakdown_blocked_histogram + operationId: post-insights-v3.0-resource-query-users-eb-user_count_histogram parameters: - description: 'Map the region for the tenant. @@ -13721,10 +13149,6 @@ paths: property: event_time values: - 5 - - operator: in - property: platform_type - values: - - prisma_access histogram: enableEmptyInterval: true property: event_time @@ -13738,23 +13162,19 @@ paths: property: event_time values: - 5 - - operator: in - property: transformed_user_name - values: - - john.doe - operator: in property: platform_type values: - prisma_access + - ngfw + - operator: in + property: device_connection_method + values: + - pab - operator: in - property: app + property: username values: - - zoom - histogram: - enableEmptyInterval: true - property: event_time - range: minute - value: 30 + - john.doe schema: properties: filter: @@ -13762,9 +13182,9 @@ paths: rules: items: properties: - app: - description: Application name. - example: zoom + device_connection_method: + description: Connect method. + example: pab type: string event_time: description: Time of the event. @@ -13774,35 +13194,15 @@ paths: description: Platform type. example: prisma_access type: string - transformed_user_name: + username: description: Username. example: john.doe type: string type: object required: - event_time - - platform_type type: array type: object - histogram: - properties: - enableEmptyInterval: - description: Whether to include empty intervals in the histogram. - example: true - type: boolean - property: - description: The property to create a histogram for. - example: event_time - type: string - range: - description: The range for the histogram. - example: minute - type: string - value: - description: The value for the histogram range. - example: 30 - type: integer - type: object type: object required: true responses: @@ -13815,9 +13215,9 @@ paths: description: Event time example: 1709226000000 type: number - pab_event_count: - description: PAB event count - example: 10 + user_count: + description: Number of users + example: 1045 type: integer type: object description: OK @@ -13831,16 +13231,15 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Blocked Access Events Histogram + summary: Enterprise Browser User Histogram Data tags: - - Application API - /insights/v3.0/resource_query/applications/pab/data_events: + - Enterprise Browser Users API + /insights/v3.0/resource/query/users/eb/user_list: post: - description: 'Retrieve the number of Prisma Access Browser events for data classification - categories. + description: 'Retrieve a list of users for Enterprise Browser. ' - operationId: post-insights-v3.0-resource_query-applications-pab-data_events + operationId: post-insights-v3.0-resource-query-users-eb-user_list parameters: - description: 'Map the region for the tenant. @@ -13873,10 +13272,6 @@ paths: property: event_time values: - 5 - - operator: in - property: platform_type - values: - - prisma_access With possible filters: value: filter: @@ -13885,19 +13280,19 @@ paths: property: event_time values: - 5 - - operator: in - property: transformed_user_name - values: - - john.doe - operator: in property: platform_type values: - prisma_access + - ngfw - operator: in - property: app + property: device_connection_method values: - - zoom - - salesforce + - pab + - operator: in + property: username + values: + - john.doe schema: properties: filter: @@ -13905,9 +13300,9 @@ paths: rules: items: properties: - app: - description: Application name. - example: zoom + device_connection_method: + description: Connect method. + example: pab type: string event_time: description: Time of the event. @@ -13917,14 +13312,13 @@ paths: description: Platform type. example: prisma_access type: string - transformed_user_name: + username: description: Username. example: john.doe type: string type: object required: - event_time - - platform_type type: array type: object type: object @@ -13935,10 +13329,38 @@ paths: application/json: schema: properties: - pab_event_count: - description: PAB event count - example: 10 + browser_version: + description: Browser version. + example: 114.0.5735.198 + type: string + connect_method: + description: Connect method. + example: pab + type: string + user_last_activity_timestamp_epoc_millis: + description: User last activity timestamp epoch millis. + example: 1678886400000 type: integer + user_last_connected_pa_fw_location: + description: User last connected PA FW location. + example: US West + type: string + user_last_connected_source_city: + description: User last connected source city. + example: San Jose + type: string + user_last_connected_source_country: + description: User last connected source country. + example: USA + type: string + user_source_ip_address: + description: User source IP address. + example: 192.168.1.1 + type: string + username: + description: Username. + example: john.doe + type: string type: object description: OK '400': @@ -13951,15 +13373,16 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Retrieve Data Events + summary: Enterprise Browser User List tags: - - Application API - /insights/v3.0/resource_query/users/agentless/users: + - Enterprise Browser Users API + /insights/v3.0/resource/query/users/monitored/device_count: post: - description: 'Retrieve agentless user data. + description: 'Retrieve the number of monitored devices, with options for applying + filters. ' - operationId: post-insights-v3.0-resource_query-users-agentless-users + operationId: post-insights-v3.0-resource-query-users-monitored-device_count parameters: - description: 'Map the region for the tenant. @@ -14001,9 +13424,34 @@ paths: values: - 5 - operator: in - property: edge_location_display_name + property: platform_type values: - - US West + - prisma_access + - ngfw + - operator: in + property: user_connection_method + values: + - monitored + - operator: in + property: device_connection_method + values: + - monitored + - operator: in + property: username + values: + - john.doe + - operator: in + property: device_name + values: + - DHCP + - operator: in + property: client_agent_version + values: + - 1.0.0 + - operator: in + property: client_os_version + values: + - Windows 10 - operator: in property: source_city values: @@ -14011,12 +13459,67 @@ paths: - operator: in property: source_country values: - - US + - USA - operator: in - property: platform_type + property: user_source_ip_address values: - - prisma_access - - ngfw + - 192.0.2.1 + - operator: in + property: usergroups + values: + - admins + - operator: in + property: edge_location_display_name + values: + - US West + - operator: gt + property: experience_score + values: + - 70 + - operator: gt + property: device_score + values: + - 65 + - operator: gt + property: lan_score + values: + - 80 + - operator: gt + property: wifi_score + values: + - 75 + - operator: gt + property: pa_score + values: + - 90 + - operator: gt + property: internet_score + values: + - 60 + - operator: eq + property: device_self_serve_status + values: + - true + - operator: in + property: device_isp_name + values: + - Comcast + - operator: in + property: instance_name + values: + - fw00 + - operator: in + property: project_name + values: + - ProjectA + - operator: in + property: location_group_name + values: + - LocationGroup1 + - operator: in + property: domain_name + values: + - example.com schema: properties: filter: @@ -14024,26 +13527,106 @@ paths: rules: items: properties: + client_agent_version: + description: Version of the client agent. + example: 1.0.0 + type: string + client_os_version: + description: Version of the client OS. + example: Windows 10 + type: string + device_connection_method: + description: Device connection method. + example: monitored + type: string + device_isp_name: + description: Name of the ISP. + example: Comcast + type: string + device_name: + description: Source of the device name. + example: DHCP + type: string + device_score: + description: Device score. + example: 75 + type: number + device_self_serve_status: + description: Indicates if self-serve user is enabled. + example: true + type: boolean + domain_name: + description: Application domain name. + example: example.com + type: string edge_location_display_name: - description: Prisma Access Location. + description: Prisma Access location name. example: US West type: string - event_time: - description: Time of the event. - example: 5 + event_time: + description: Time of the event. + example: 5 + type: number + experience_score: + description: Experience score. + example: 80 + type: number + instance_name: + description: Firewall name. + example: fw00 + type: string + internet_score: + description: Internet score. + example: 70 + type: number + lan_score: + description: LAN score. + example: 90 + type: number + location_group_name: + description: Location group name. + example: LocationGroup1 + type: string + pa_score: + description: PA score. + example: 95 type: number platform_type: - description: Platform type. + description: Type of platform. example: prisma_access type: string + project_name: + description: Project name. + example: ProjectA + type: string source_city: - description: City from GeoIP. + description: Name of the source city. example: San Jose type: string source_country: - description: Country from GeoIP. - example: US + description: Name of the source country. + example: USA + type: string + user_connection_method: + description: User connection method. + example: monitored + type: string + user_source_ip_address: + description: Public IP address of the client. + example: 192.0.2.1 + type: string + usergroups: + description: User groups. + example: admins + type: string + username: + description: Username. + example: john.doe type: string + wifi_score: + description: WiFi score. + example: 85 + type: number type: object required: - event_time @@ -14057,10 +13640,22 @@ paths: application/json: schema: properties: - username: - description: Username. - example: john.doe - type: string + device_count_fair: + description: Count of devices with fair score. + example: 20 + type: integer + device_count_good: + description: Count of devices with good score. + example: 70 + type: integer + device_count_poor: + description: Count of devices with poor score. + example: 10 + type: integer + device_count_total: + description: Total device count. + example: 100 + type: integer type: object description: OK '400': @@ -14073,15 +13668,16 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Agentless Users Data + summary: Monitored Device Data tags: - - Agentless Users API - /insights/v3.0/resource_query/users/all/user_list_all: + - Monitored Users API + /insights/v3.0/resource/query/users/monitored/device_count_histogram: post: - description: 'Retrieve detailed information about users. + description: 'Retrieve a histogram of device data, with options for applying + filters. ' - operationId: post-insights-v3.0-resource_query-users-all-user_list_all + operationId: post-insights-v3.0-resource-query-users-monitored-device_count_histogram parameters: - description: 'Map the region for the tenant. @@ -14092,8 +13688,10 @@ paths: schema: example: americas type: string - - description: Use a unique Prisma-Tenant identifier for precise tenant management + - description: 'Use a unique Prisma-Tenant identifier for precise tenant management and resource allocation within single or multi-tenant architectures. + + ' in: header name: Prisma-Tenant required: false @@ -14112,6 +13710,11 @@ paths: property: event_time values: - 5 + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 With possible filters: value: filter: @@ -14126,69 +13729,102 @@ paths: - prisma_access - ngfw - operator: in - property: connection_method + property: user_connection_method values: - - Agent - - operator: gt + - monitored + - operator: in + property: device_connection_method + values: + - monitored + - operator: in + property: username + values: + - john.doe + - operator: in + property: device_name + values: + - DHCP + - operator: in + property: client_agent_version + values: + - 10.2.3 + - operator: in + property: client_os_version + values: + - Windows 10 + - operator: in + property: source_city + values: + - San Jose + - operator: in + property: source_country + values: + - USA + - operator: in + property: user_source_ip_address + values: + - 192.0.2.1 + - operator: in + property: usergroups + values: + - Employees + - operator: in + property: edge_location_display_name + values: + - US West + - operator: in property: experience_score values: - - 70 - - operator: gt + - 75 + - operator: in property: device_score values: - 80 - - operator: gt + - operator: in property: lan_score values: - 90 - - operator: gt + - operator: in property: wifi_score values: - 85 - - operator: gt + - operator: in property: pa_score values: - - 75 - - operator: gt - property: internet_score - values: - 95 - operator: in - property: pa_location_name - values: - - US West - - operator: in - property: edge_location_display_name - values: - - US East - - operator: in - property: instance_name + property: internet_score values: - - PA-VM + - 70 - operator: in - property: source_country + property: device_self_serve_status values: - - US + - true - operator: in - property: source_city + property: isp_name values: - - San Jose + - Comcast - operator: in - property: application_name + property: fw_name values: - - Salesforce + - PA-VM - operator: in - property: rbi + property: project_name values: - - Enabled + - ProjectA - operator: in - property: username + property: location_group_name values: - - john.doe + - HQ - operator: in - property: domain_name + property: app_domain_name values: - - salesforce.com + - example.com + histogram: + enableEmptyInterval: true + property: event_time + range: minute + value: 30 schema: properties: filter: @@ -14196,25 +13832,41 @@ paths: rules: items: properties: - application_name: - description: Application. - example: Salesforce + client_agent_version: + description: Version of the client agent. + example: 10.2.3 type: string - connection_method: + client_os_version: + description: Version of the client OS. + example: Windows 10 + type: string + device_connection_method: description: Device connection method. - example: Agent + example: monitored + type: string + device_isp_name: + description: Name of the ISP. + example: Comcast + type: string + device_name: + description: Source of the device name. + example: DHCP type: string device_score: description: Device score. example: 80 type: number + device_self_serve_status: + description: Indicates if self-serve user is enabled. + example: true + type: boolean domain_name: - description: Application domain name. - example: salesforce.com + description: Name of the application domain. + example: example.com type: string edge_location_display_name: - description: Edge location display name. - example: US East + description: Prisma Access location name. + example: US West type: string event_time: description: Time of the event. @@ -14222,39 +13874,55 @@ paths: type: number experience_score: description: Experience score. - example: 70 + example: 75 type: number instance_name: description: Firewall name. - example: PA-VM + example: fw00 type: string internet_score: description: Internet score. - example: 95 + example: 70 type: number lan_score: description: LAN score. example: 90 type: number + location_group_name: + description: Name of the location group. + example: HQ + type: string pa_score: - description: Prisma Access score. - example: 75 + description: PA score. + example: 95 type: number platform_type: description: Type of platform. example: prisma_access type: string - rbi: - description: RBI status. - example: Enabled + project_name: + description: Name of the project. + example: ProjectA type: string - source_city_name: - description: Source city name. + source_city: + description: Name of the source city. example: San Jose type: string - source_country_name: - description: Source country name. - example: US + source_country: + description: Name of the source country. + example: USA + type: string + user_connection_method: + description: User connection method. + example: monitored + type: string + user_source_ip_address: + description: Public IP address of the client. + example: 192.0.2.1 + type: string + usergroups: + description: User groups. + example: Employees type: string username: description: Username. @@ -14277,78 +13945,15 @@ paths: application/json: schema: properties: - adem_username: - description: ADEM Username. - example: john.doe@example.com - type: string - agent_uuid: - description: Agent UUID. - example: a1b2c3d4-e5f6-7890-1234-567890abcdef - type: string - application_count: - description: Application count. - example: 10 - type: integer - connection_method: - description: Connection method. - example: Agent - type: string - device_name: - description: Device name. - example: Device - 10.01.00.00 - type: string - device_score_value: - description: Device score value. - example: 80 - type: integer - experience_score_value: - description: Experience score value. - example: 70 - type: integer - internet_score_value: - description: Internet score value. - example: 95 - type: integer - lan_score_value: - description: LAN score value. - example: 90 - type: integer - last_activity_timestamp_epoc_millis: - description: Last activity timestamp in epoch milliseconds. - example: 1678886400000 - type: integer - pa_fw_location: - description: Prisma Access firewall location. - example: sfc-cor-cf000 - type: string - pa_score_value: - description: Prisma Access score value. - example: 75 - type: integer - source_city: - description: Source city. - example: San Jose - type: string - source_country: - description: Source country. - example: US - type: string - threat_count: - description: Threat count. - example: 5 - type: integer - total_bytes: - description: Total bytes transferred. - example: 1000000 - type: integer - username: - description: Username. - example: john.doe - type: string - wifi_score_value: - description: WiFi score value. - example: 85 - type: integer + device_count: + description: Number of devices + example: 100.0 + format: float + type: number + event_time: + description: Event time + example: 1709226000000 + type: number type: object description: OK '400': @@ -14361,29 +13966,24 @@ paths: description: Failed to process request security: - Bearer: [] - summary: User List + summary: Device Histogram Data tags: - - Users API - /insights/v3.0/resource_query/users/monitored/user_experience_score: + - Monitored Users API + /insights/v3.0/resource/query/users/monitored/user_experience_score: post: - description: 'Retrieve user experience scores to evaluate and monitor user satisfaction. - - ' - operationId: post-insights-v3.0-resource_query-users-monitored-user_experience_score + description: Retrieves user experience scores. + operationId: post-insights-v3.0-resource-query-users-monitored-user_experience_score parameters: - - description: 'Map the region for the tenant. - - ' + - description: Region mapping for the tenant. in: header name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. in: header name: Prisma-Tenant required: false @@ -14610,10 +14210,160 @@ paths: description: Username. example: john.doe type: string - wifi_score: - description: WiFi score. - example: 85 - type: number + wifi_score: + description: WiFi score. + example: 85 + type: number + type: object + required: + - event_time + type: array + type: object + type: object + required: true + responses: + '200': + content: + application/json: + schema: + properties: + experience_score: + description: User experience score. + example: 85 + type: number + verdict: + description: Verdict based on the experience score. + example: Good + type: string + type: object + description: OK + '400': + description: Resource property is not valid + '403': + description: Permission Denied + '404': + description: Resource not found + '500': + description: Failed to process request + security: + - Bearer: [] + summary: Get User Experience Score + tags: + - Monitored Users API + /insights/v3.0/resource/query/users/other/active_user_count: + post: + description: 'Retrieve the number of active users based on the provided filters. + + ' + operationId: post-insights-v3.0-resource-query-users-other-active_user_count + parameters: + - description: 'Map the region for the tenant. + + ' + in: header + name: X-PANW-Region + required: true + schema: + example: americas + type: string + - description: 'Use a unique Prisma-Tenant identifier for precise tenant management + and resource allocation within single or multi-tenant architectures. + + ' + in: header + name: Prisma-Tenant + required: false + schema: + example: 12345678:12345679 + type: string + requestBody: + content: + application/json: + examples: + With mandatory filters: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + With possible filters: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + - operator: in + property: platform_type + values: + - prisma_access + - ngfw + - operator: in + property: username + values: + - john.doe + - operator: in + property: application_name + values: + - Zoom + - operator: in + property: source_country + values: + - US + - operator: in + property: source_city + values: + - San Jose + - operator: in + property: instance_name + values: + - PA-VM + - operator: in + property: edge_location_display_name + values: + - US West + schema: + properties: + filter: + properties: + rules: + items: + properties: + application_name: + description: Name of the application. + example: Zoom + type: string + edge_location_display_name: + description: Prisma Access Location Name. + example: US West + type: string + event_time: + description: Time of the event. + example: 5 + type: number + instance_name: + description: Instance Name. + example: PA-VM + type: string + platform_type: + description: Type of platform. + example: prisma_access + type: string + source_city: + description: Name of the source city. + example: San Jose + type: string + source_country: + description: Name of the source country. + example: US + type: string + username: + description: Username. + example: john.doe + type: string type: object required: - event_time @@ -14627,14 +14377,10 @@ paths: application/json: schema: properties: - experience_score: - description: User experience score. - example: 85 - type: number - verdict: - description: Verdict based on the experience score. - example: Good - type: string + user_count: + description: Count of active users. + example: 10034 + type: integer type: object description: OK '400': @@ -14647,30 +14393,23 @@ paths: description: Failed to process request security: - Bearer: [] - summary: User Experience Scores + summary: Active User Data tags: - - Monitored Users API - /insights/v3.0/resource_query/users/other/active_user_list: + - Other Users API + /insights/v3.0/resource/query/users/other/active_user_list: post: - description: 'Retrieve a list of active users, including details and connection - information. - - ' - operationId: post-insights-v3.0-resource_query-users-other-active_user_list + description: Retrieves a list of active users with details and connection information. + operationId: post-insights-v3.0-resource-query-users-other-active_user_list parameters: - - description: 'Map the region for the tenant. - - ' + - description: Region mapping for the tenant. in: header name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture. in: header name: Prisma-Tenant required: false @@ -14814,29 +14553,24 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Active User List + summary: Get Active User List tags: - Other Users API - /insights/v3.0/resource_query/users/other/connected_entity_count: + /insights/v3.0/resource/query/users/other/connected_entity_count: post: - description: 'Retrieve the number of connected users for other hosts. - - ' - operationId: post-insights-v3.0-resource_query-users-other-connected_entity_count + description: Retrieves the count of connected user count for other hosts. + operationId: post-insights-v3.0-resource-query-users-other-connected_entity_count parameters: - - description: 'Map the region for the tenant. - - ' + - description: Region mapping for the tenant. in: header name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. in: header name: Prisma-Tenant required: false @@ -15012,29 +14746,24 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Connected Users for Other Hosts + summary: Connected User Count For Other Hosts tags: - Users API - /insights/v3.0/resource_query/users/other/session_list: + /insights/v3.0/resource/query/users/other/session_list: post: - description: 'Retrieve a list of user sessions. - - ' - operationId: post-insights-v3.0-resource_query-users-other-session_list + description: Retrieves a list of user sessions. + operationId: post-insights-v3.0-resource-query-users-other-session_list parameters: - - description: 'Map the region for the tenant. - - ' + - description: Region mapping for the tenant. in: header name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. in: header name: Prisma-Tenant required: false @@ -15180,29 +14909,24 @@ paths: description: Failed to process request security: - Bearer: [] - summary: Session List + summary: Get Session List tags: - Other Users API - /insights/v3.0/resource_query/users/other/user_count_histogram: + /insights/v3.0/resource/query/users/other/user_count_histogram: post: - description: 'Retrieve a histogram of user data. - - ' - operationId: post-insights-v3.0-resource_query-users-other-user_count_histogram + description: User Count Histogram + operationId: post-insights-v3.0-resource-query-users-other-user_count_histogram parameters: - - description: 'Map the region for the tenant. - - ' + - description: Region mapping for the tenant. in: header name: X-PANW-Region required: true schema: example: americas type: string - - description: 'Use a unique Prisma-Tenant identifier for precise tenant management - and resource allocation within single or multi-tenant architectures. - - ' + - description: A Prisma-Tenant is a unique identifier for a tenant or a subtenant + within a single or multi-tenant architecture, providing precise tenant management + and resource allocation. in: header name: Prisma-Tenant required: false @@ -15341,7 +15065,193 @@ paths: description: Failed to process request security: - Bearer: [] - summary: User Histogram Data + summary: Get User Count Histogram data + tags: + - Other Users API + /insights/v3.0/resource/query/users/other/user_list: + post: + description: 'Retrieve a list of internal users. + + ' + operationId: post-insights-v3.0-resource-query-users-other-user_list + parameters: + - description: 'Map the region for the tenant. + + ' + in: header + name: X-PANW-Region + required: true + schema: + example: americas + type: string + - description: 'Use a unique Prisma-Tenant identifier for precise tenant management + and resource allocation within single or multi-tenant architectures. + + ' + in: header + name: Prisma-Tenant + required: false + schema: + example: 12345678:12345679 + type: string + requestBody: + content: + application/json: + examples: + With mandatory filters: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + With possible filters: + value: + filter: + rules: + - operator: last_n_hours + property: event_time + values: + - 5 + - operator: in + property: platform_type + values: + - prisma_access + - ngfw + - operator: in + property: node_type + values: + - 153 + - operator: in + property: username + values: + - john.doe + - operator: in + property: application_name + values: + - Zoom + - operator: in + property: edge_location_display_name + values: + - US West + - operator: in + property: instance_name + values: + - instance1 + - operator: in + property: cdl_traffic_class_var + values: + - premium + - operator: in + property: user_source_ip_address + values: + - 192.168.1.1 + - operator: in + property: source_country + values: + - US + - operator: in + property: source_city + values: + - San Jose + schema: + properties: + filter: + properties: + rules: + items: + properties: + application_name: + description: Application name. + example: Zoom + type: string + cdl_traffic_class_var: + description: CDL traffic class. + example: premium + type: string + edge_location_display_name: + description: Prisma Access Location. + example: US West + type: string + event_time: + description: Time of the event. + example: 5 + type: number + instance_name: + description: Instance name. + example: instance1 + type: string + node_type: + description: Type of node. + example: 153 + type: number + platform_type: + description: Platform type. + example: prisma_access + type: string + source_city: + description: City from GeoIP. + example: San Jose + type: string + source_country: + description: Country from GeoIP. + example: US + type: string + user_source_ip_address: + description: Source IP address. + example: 192.168.1.1 + type: string + username: + description: Source user info name. + example: john.doe + type: string + type: object + required: + - event_time + type: array + type: object + type: object + required: true + responses: + '200': + content: + application/json: + schema: + properties: + application_count: + description: Number of applications used. + example: 10 + type: integer + last_activity_epoc_time_millis: + description: Last activity epoch time in milliseconds. + example: 1678886400000 + type: integer + threat_count: + description: Number of threats detected. + example: 5 + type: integer + total_bytes: + description: Total bytes transferred. + example: 1000000 + type: integer + username: + description: Username. + example: john.doe + type: string + type: object + description: OK + '400': + description: Resource property is not valid + '403': + description: Permission Denied + '404': + description: Resource not found + '500': + description: Failed to process request + security: + - Bearer: [] + summary: Internal User List tags: - Other Users API servers: