Palo Alto Networks · Capability
Palo Alto Networks Threat Vault API — Threats
Palo Alto Networks Threat Vault API — Threats. 2 operations. Lead operation: Palo Alto Networks Get Threat Signatures. Self-contained Naftiko capability covering one Palo Alto Networks business surface.
What You Can Do
GET
Getthreats
— Palo Alto Networks Get Threat Signatures
/v1/threats
GET
Getthreathistory
— Palo Alto Networks Get Signature History
/v1/threats/history
MCP Tools
palo-alto-networks-get-threat
Palo Alto Networks Get Threat Signatures
read-only
idempotent
palo-alto-networks-get-signature
Palo Alto Networks Get Signature History
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Palo Alto Networks Threat Vault API — Threats
description: 'Palo Alto Networks Threat Vault API — Threats. 2 operations. Lead operation: Palo Alto Networks Get Threat
Signatures. Self-contained Naftiko capability covering one Palo Alto Networks business surface.'
tags:
- Palo Alto Networks
- Threats
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
PALO_ALTO_NETWORKS_API_KEY: PALO_ALTO_NETWORKS_API_KEY
capability:
consumes:
- type: http
namespace: palo-alto-threat-vault-threats
baseUri: https://api.threatvault.paloaltonetworks.com/service/v1
description: Palo Alto Networks Threat Vault API — Threats business capability. Self-contained, no shared references.
resources:
- name: threats
path: /threats
operations:
- name: getthreats
method: GET
description: Palo Alto Networks Get Threat Signatures
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: type
in: query
type: string
description: Signature type to filter results.
- name: id
in: query
type: integer
description: Specific signature ID to retrieve.
- name: sha256
in: query
type: string
description: SHA-256 hash to look up associated threat signatures.
- name: name
in: query
type: string
description: Partial or exact signature name to search.
- name: cve
in: query
type: string
description: CVE identifier to find associated vulnerability signatures.
- name: from
in: query
type: string
description: Start date for filtering signatures by release date (YYYY-MM-DD format).
- name: to
in: query
type: string
description: End date for filtering signatures by release date (YYYY-MM-DD format).
- name: offset
in: query
type: integer
description: Number of records to skip for pagination.
- name: limit
in: query
type: integer
description: Maximum number of signatures to return.
- name: threats-history
path: /threats/history
operations:
- name: getthreathistory
method: GET
description: Palo Alto Networks Get Signature History
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: query
type: integer
description: Signature ID to retrieve version history for.
required: true
- name: type
in: query
type: string
description: Signature type.
required: true
- name: offset
in: query
type: integer
- name: limit
in: query
type: integer
authentication:
type: apikey
key: X-API-KEY
value: '{{env.PALO_ALTO_NETWORKS_API_KEY}}'
placement: header
exposes:
- type: rest
namespace: palo-alto-threat-vault-threats-rest
port: 8080
description: REST adapter for Palo Alto Networks Threat Vault API — Threats. One Spectral-compliant resource per consumed
operation, prefixed with /v1.
resources:
- path: /v1/threats
name: threats
description: REST surface for threats.
operations:
- method: GET
name: getthreats
description: Palo Alto Networks Get Threat Signatures
call: palo-alto-threat-vault-threats.getthreats
with:
type: rest.type
id: rest.id
sha256: rest.sha256
name: rest.name
cve: rest.cve
from: rest.from
to: rest.to
offset: rest.offset
limit: rest.limit
outputParameters:
- type: object
mapping: $.
- path: /v1/threats/history
name: threats-history
description: REST surface for threats-history.
operations:
- method: GET
name: getthreathistory
description: Palo Alto Networks Get Signature History
call: palo-alto-threat-vault-threats.getthreathistory
with:
id: rest.id
type: rest.type
offset: rest.offset
limit: rest.limit
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: palo-alto-threat-vault-threats-mcp
port: 9090
transport: http
description: MCP adapter for Palo Alto Networks Threat Vault API — Threats. One tool per consumed operation, routed inline
through this capability's consumes block.
tools:
- name: palo-alto-networks-get-threat
description: Palo Alto Networks Get Threat Signatures
hints:
readOnly: true
destructive: false
idempotent: true
call: palo-alto-threat-vault-threats.getthreats
with:
type: tools.type
id: tools.id
sha256: tools.sha256
name: tools.name
cve: tools.cve
from: tools.from
to: tools.to
offset: tools.offset
limit: tools.limit
outputParameters:
- type: object
mapping: $.
- name: palo-alto-networks-get-signature
description: Palo Alto Networks Get Signature History
hints:
readOnly: true
destructive: false
idempotent: true
call: palo-alto-threat-vault-threats.getthreathistory
with:
id: tools.id
type: tools.type
offset: tools.offset
limit: tools.limit
outputParameters:
- type: object
mapping: $.