Palo Alto Networks · Capability

Palo Alto Networks Cortex XDR REST API — Endpoints

Palo Alto Networks Cortex XDR REST API — Endpoints. 4 operations. Lead operation: Palo Alto Networks List Endpoints. Self-contained Naftiko capability covering one Palo Alto Networks business surface.

Run with Naftiko Palo Alto NetworksEndpoints

What You Can Do

POST
Getendpoints — Palo Alto Networks List Endpoints
/v1/endpoints/get-endpoints
POST
Isolateendpoints — Palo Alto Networks Isolate Endpoints
/v1/endpoints/isolate
POST
Scanendpoints — Palo Alto Networks Scan Endpoints
/v1/endpoints/scan
POST
Unisolateendpoints — Palo Alto Networks Unisolate Endpoints
/v1/endpoints/unisolate

MCP Tools

palo-alto-networks-list-endpoints

Palo Alto Networks List Endpoints

read-only
palo-alto-networks-isolate-endpoints

Palo Alto Networks Isolate Endpoints

palo-alto-networks-scan-endpoints

Palo Alto Networks Scan Endpoints

palo-alto-networks-unisolate-endpoints

Palo Alto Networks Unisolate Endpoints

Capability Spec

palo-alto-cortex-xdr-endpoints.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Palo Alto Networks Cortex XDR REST API — Endpoints
  description: 'Palo Alto Networks Cortex XDR REST API — Endpoints. 4 operations. Lead operation: Palo Alto Networks List
    Endpoints. Self-contained Naftiko capability covering one Palo Alto Networks business surface.'
  tags:
  - Palo Alto Networks
  - Endpoints
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    PALO_ALTO_NETWORKS_API_KEY: PALO_ALTO_NETWORKS_API_KEY
capability:
  consumes:
  - type: http
    namespace: palo-alto-cortex-xdr-endpoints
    baseUri: https://api-{fqdn}/public_api/v1
    description: Palo Alto Networks Cortex XDR REST API — Endpoints business capability. Self-contained, no shared references.
    resources:
    - name: endpoints-get_endpoints
      path: /endpoints/get_endpoints
      operations:
      - name: getendpoints
        method: POST
        description: Palo Alto Networks List Endpoints
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: endpoints-isolate
      path: /endpoints/isolate
      operations:
      - name: isolateendpoints
        method: POST
        description: Palo Alto Networks Isolate Endpoints
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: endpoints-scan
      path: /endpoints/scan
      operations:
      - name: scanendpoints
        method: POST
        description: Palo Alto Networks Scan Endpoints
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: endpoints-unisolate
      path: /endpoints/unisolate
      operations:
      - name: unisolateendpoints
        method: POST
        description: Palo Alto Networks Unisolate Endpoints
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    authentication:
      type: apikey
      key: x-xdr-hmac-v2
      value: '{{env.PALO_ALTO_NETWORKS_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: palo-alto-cortex-xdr-endpoints-rest
    port: 8080
    description: REST adapter for Palo Alto Networks Cortex XDR REST API — Endpoints. One Spectral-compliant resource per
      consumed operation, prefixed with /v1.
    resources:
    - path: /v1/endpoints/get-endpoints
      name: endpoints-get-endpoints
      description: REST surface for endpoints-get_endpoints.
      operations:
      - method: POST
        name: getendpoints
        description: Palo Alto Networks List Endpoints
        call: palo-alto-cortex-xdr-endpoints.getendpoints
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/endpoints/isolate
      name: endpoints-isolate
      description: REST surface for endpoints-isolate.
      operations:
      - method: POST
        name: isolateendpoints
        description: Palo Alto Networks Isolate Endpoints
        call: palo-alto-cortex-xdr-endpoints.isolateendpoints
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/endpoints/scan
      name: endpoints-scan
      description: REST surface for endpoints-scan.
      operations:
      - method: POST
        name: scanendpoints
        description: Palo Alto Networks Scan Endpoints
        call: palo-alto-cortex-xdr-endpoints.scanendpoints
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/endpoints/unisolate
      name: endpoints-unisolate
      description: REST surface for endpoints-unisolate.
      operations:
      - method: POST
        name: unisolateendpoints
        description: Palo Alto Networks Unisolate Endpoints
        call: palo-alto-cortex-xdr-endpoints.unisolateendpoints
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: palo-alto-cortex-xdr-endpoints-mcp
    port: 9090
    transport: http
    description: MCP adapter for Palo Alto Networks Cortex XDR REST API — Endpoints. One tool per consumed operation, routed
      inline through this capability's consumes block.
    tools:
    - name: palo-alto-networks-list-endpoints
      description: Palo Alto Networks List Endpoints
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: palo-alto-cortex-xdr-endpoints.getendpoints
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: palo-alto-networks-isolate-endpoints
      description: Palo Alto Networks Isolate Endpoints
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: palo-alto-cortex-xdr-endpoints.isolateendpoints
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: palo-alto-networks-scan-endpoints
      description: Palo Alto Networks Scan Endpoints
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: palo-alto-cortex-xdr-endpoints.scanendpoints
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: palo-alto-networks-unisolate-endpoints
      description: Palo Alto Networks Unisolate Endpoints
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: palo-alto-cortex-xdr-endpoints.unisolateendpoints
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.