Palo Alto Networks

Prisma Cloud CSPM API

The Cloud Security Posture Management API for Prisma Cloud (formerly RedLock) providing programmatic access to cloud security monitoring across AWS, Azure, GCP, and Oracle Cloud. The API supports managing security alerts, compliance policies, cloud accounts, asset inventories, and remediation workflows. Endpoints cover alert management, policy configuration, compliance reporting, cloud account onboarding, resource queries using RQL (Resource Query Language), and integration management.

GitHub OpenAPI

Documentation

📖
Documentation
https://pan.dev/prisma-cloud/api/cspm/
📖
Authentication
https://prisma.pan.dev/api/cloud/api-auth/
📖
GettingStarted
https://pan.dev/prisma-cloud/docs/cspm/cspm-gs/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/openapi/palo-alto-prisma-cloud-cspm-api-openapi-original.yml
AsyncAPI
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/asyncapi/palo-alto-prisma-cloud-webhooks-asyncapi-original.yml

Examples

📝
Example
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/prisma-cloud-cspm-api-alert-example.json
📝
Example
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/prisma-cloud-cspm-api-alert-filter-example.json
📝
Example
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/prisma-cloud-cspm-api-cloud-account-example.json
📝
Example
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/prisma-cloud-cspm-api-compliance-standard-example.json
📝
Example
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/prisma-cloud-cspm-api-policy-example.json
📝
Example
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/prisma-cloud-cspm-api-policy-input-example.json
📝
Example
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/prisma-cloud-cspm-api-report-example.json
📝
Example
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/prisma-cloud-cspm-api-search-result-example.json
📝
Example
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/prisma-cloud-cspm-api-time-range-example.json
📝
Example
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/prisma-cloud-policy-example.json
📝
Example
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/prisma-cloud-webhooks-alert-payload-example.json

Schemas & Data

📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-policy-schema.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-cspm-api-alert-filter-schema.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-cspm-api-alert-schema.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-cspm-api-cloud-account-schema.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-cspm-api-compliance-standard-schema.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-cspm-api-policy-input-schema.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-cspm-api-policy-schema.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-cspm-api-report-schema.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-cspm-api-search-result-schema.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-cspm-api-time-range-schema.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-webhooks-alert-payload-schema.json
📊
JSONStructure
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-cspm-api-alert-filter-structure.json
📊
JSONStructure
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-cspm-api-alert-structure.json
📊
JSONStructure
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-cspm-api-cloud-account-structure.json
📊
JSONStructure
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-cspm-api-compliance-standard-structure.json
📊
JSONStructure
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-cspm-api-policy-input-structure.json
📊
JSONStructure
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-cspm-api-policy-structure.json
📊
JSONStructure
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-cspm-api-report-structure.json
📊
JSONStructure
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-cspm-api-search-result-structure.json
📊
JSONStructure
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-cspm-api-time-range-structure.json
📊
JSONStructure
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-policy-structure.json
📊
JSONStructure
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-webhooks-alert-payload-structure.json

Other Resources

🔗
JSONLD
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-ld/palo-alto-prisma-cloud-cspm-api-context.jsonld
🔗
JSONLD
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-ld/palo-alto-prisma-cloud-webhooks-context.jsonld
🔗
JSONLD
https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-ld/palo-alto-prisma-cloud-context.jsonld

OpenAPI Specification

palo-alto-prisma-cloud-cspm-api-openapi-original.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Palo Alto Networks Prisma Cloud CSPM API
  description: >-
    REST API for Prisma Cloud Security Posture Management providing
    programmatic access to cloud security monitoring across AWS, Azure, GCP,
    and Oracle Cloud. The API supports managing security alerts, compliance
    policies, cloud account onboarding, asset inventories, and resource
    queries using RQL (Resource Query Language). Authentication uses JWT
    tokens obtained from the /login endpoint with access key credentials.
    Tokens are valid for 10 minutes and must be refreshed for long-running
    operations.
  version: '1.0'
  contact:
    name: Palo Alto Networks Developer Support
    url: https://pan.dev/
  license:
    name: Proprietary
    url: https://www.paloaltonetworks.com/legal
servers:
- url: https://api.prismacloud.io
  description: Prisma Cloud API (US region 1).
- url: https://api2.prismacloud.io
  description: Prisma Cloud API (US region 2).
- url: https://api3.prismacloud.io
  description: Prisma Cloud API (US region 3).
- url: https://api.eu.prismacloud.io
  description: Prisma Cloud API (EU).
- url: https://api.anz.prismacloud.io
  description: Prisma Cloud API (ANZ).
- url: https://api.sg.prismacloud.io
  description: Prisma Cloud API (Singapore).
- url: https://api.ca.prismacloud.io
  description: Prisma Cloud API (Canada).
security:
- bearerAuth: []
tags:
- name: Alerts
  description: Security alert management.
- name: Authentication
  description: Login and token management.
- name: CloudAccounts
  description: Cloud account onboarding and management.
- name: Compliance
  description: Compliance posture and reporting.
- name: Policies
  description: Security policy management.
- name: Reports
  description: Report management.
- name: Search
  description: RQL-based resource and configuration search.
paths:
  /login:
    post:
      operationId: login
      summary: Palo Alto Networks Authenticate and Get JWT Token
      description: >-
        Authenticates with Prisma Cloud access key credentials and returns
        a JWT token for subsequent API calls. Tokens are valid for 10
        minutes.
      tags:
      - Authentication
      security: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
              - username
              - password
              properties:
                username:
                  type: string
                  description: Access Key ID from Prisma Cloud Settings.
                password:
                  type: string
                  description: Secret Key associated with the Access Key.
                customerName:
                  type: string
                  description: Customer name (required for multi-tenant accounts).
            examples:
              LoginRequestExample:
                summary: Default login request
                x-microcks-default: true
                value:
                  username: jsmith
                  password: example-password
                  customerName: Branch Gateway 17
      responses:
        '200':
          description: Authentication successful.
          content:
            application/json:
              schema:
                type: object
                properties:
                  token:
                    type: string
                    description: JWT bearer token for API authorization.
                  message:
                    type: string
                  customerNames:
                    type: array
                    items:
                      type: object
                      properties:
                        customerName:
                          type: string
                        tosAccepted:
                          type: boolean
              examples:
                Login200Example:
                  summary: Default login 200 response
                  x-microcks-default: true
                  value:
                    token: b92f25f9d9ca270185936012ae9c8b4a
                    message: Threat network traffic violation alert threat violation policy alert suspicious traffic.
                    customerNames:
                    - customerName: Corporate Firewall 06
                      tosAccepted: false
        '401':
          description: Invalid credentials.
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /alert:
    get:
      operationId: getAlerts
      summary: Palo Alto Networks List Alerts
      description: >-
        Returns security alerts matching the specified filters. Supports
        filtering by status, severity, policy, time range, cloud type,
        and account. The timeType, timeAmount, and timeUnit parameters
        control the time range filter for relative time windows.
      tags:
      - Alerts
      parameters:
      - name: timeType
        in: query
        description: Time filter type.
        schema:
          type: string
          enum:
          - relative
          - absolute
          - to_now
        example: relative
      - name: timeAmount
        in: query
        description: Time amount for relative time type.
        schema:
          type: integer
        example: 629
      - name: timeUnit
        in: query
        description: Time unit for relative time type.
        schema:
          type: string
          enum:
          - minute
          - hour
          - day
          - week
          - month
          - year
        example: month
      - name: startTime
        in: query
        description: Start time in epoch milliseconds for absolute time type.
        schema:
          type: integer
        example: 1730951626179
      - name: endTime
        in: query
        description: End time in epoch milliseconds for absolute time type.
        schema:
          type: integer
        example: 1722147834745
      - name: limit
        in: query
        description: Maximum number of alerts to return.
        schema:
          type: integer
          default: 10000
        example: 10000
      - name: offset
        in: query
        description: Pagination offset.
        schema:
          type: integer
          default: 0
        example: 0
      - name: severity
        in: query
        description: Filter by alert severity.
        schema:
          type: string
          enum:
          - critical
          - high
          - medium
          - low
          - informational
        example: critical
      - name: policy.id
        in: query
        description: Filter alerts by policy identifier.
        schema:
          type: string
        example: '750350'
      - name: detailed
        in: query
        description: Include full alert details.
        schema:
          type: boolean
          default: false
        example: false
      responses:
        '200':
          description: Alerts returned successfully.
          content:
            application/json:
              schema:
                type: object
                properties:
                  totalRows:
                    type: integer
                    description: Total number of alerts matching filters.
                  items:
                    type: array
                    items:
                      $ref: '#/components/schemas/Alert'
              examples:
                GetAlerts200Example:
                  summary: Default getAlerts 200 response
                  x-microcks-default: true
                  value:
                    totalRows: 424
                    items:
                    - id: example-id
                      status: open
                      reason: Firewall detected monitoring incident activity traffic blocked endpoint incident alert.
                      firstSeen: 725
                      lastSeen: 266
                      alertTime: 684
                      policy: &id001
                        policyId: '936608'
                        policyType: custom
                        name: Primary Gateway 71
                        severity: high
                        recommendation: example-recommendation
                      resource: &id002
                        rrn: example-rrn
                        id: example-id
                        name: Staging Agent 24
                        cloudType: custom
                        accountId: '699331'
                        accountName: Staging Policy 89
                        regionId: '252983'
                        resourceType: custom
                      riskDetail: &id003
                        score: 776
                        rating: example-rating
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /alert/{id}:
    get:
      operationId: getAlert
      summary: Palo Alto Networks Get Alert Details
      description: Returns full details for a specific security alert.
      tags:
      - Alerts
      parameters:
      - name: id
        in: path
        required: true
        description: Unique alert identifier.
        schema:
          type: string
        example: example-id
      responses:
        '200':
          description: Alert details returned successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Alert'
              examples:
                GetAlert200Example:
                  summary: Default getAlert 200 response
                  x-microcks-default: true
                  value:
                    id: example-id
                    status: open
                    reason: Firewall detected monitoring incident activity traffic blocked endpoint incident alert.
                    firstSeen: 725
                    lastSeen: 266
                    alertTime: 684
                    policy: *id001
                    resource: *id002
                    riskDetail: *id003
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /alert/dismiss:
    post:
      operationId: dismissAlerts
      summary: Palo Alto Networks Dismiss Alerts
      description: Dismisses one or more security alerts with a reason and optional note.
      tags:
      - Alerts
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
              - alerts
              - dismissalNote
              properties:
                alerts:
                  type: array
                  items:
                    type: object
                    properties:
                      id:
                        type: string
                  description: List of alert IDs to dismiss.
                dismissalNote:
                  type: string
                  description: Reason for dismissal.
                dismissalTimeRange:
                  $ref: '#/components/schemas/TimeRange'
                filter:
                  type: object
                  properties:
                    timeRange:
                      $ref: '#/components/schemas/TimeRange'
                    filters:
                      type: array
                      items:
                        $ref: '#/components/schemas/AlertFilter'
            examples:
              DismissAlertsRequestExample:
                summary: Default dismissAlerts request
                x-microcks-default: true
                value:
                  alerts:
                  - id: example-id
                  dismissalNote: example-dismissalNote
                  dismissalTimeRange:
                    type: to_now
                    value: &id004
                      amount: 301
                      unit: year
                  filter:
                    timeRange:
                      type: to_now
                      value: *id004
                    filters:
                    - name: Staging Agent 23
                      operator: '='
                      value: example-value
                    - name: Staging Agent 23
                      operator: '='
                      value: example-value
      responses:
        '200':
          description: Alerts dismissed successfully.
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /alert/reopen:
    post:
      operationId: reopenAlerts
      summary: Palo Alto Networks Reopen Dismissed Alerts
      description: >-
        Reopens one or more previously dismissed alerts, restoring them
        to open status for active review.
      tags:
      - Alerts
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
              - alerts
              properties:
                alerts:
                  type: array
                  items:
                    type: object
                    properties:
                      id:
                        type: string
                  description: List of dismissed alert IDs to reopen.
            examples:
              ReopenAlertsRequestExample:
                summary: Default reopenAlerts request
                x-microcks-default: true
                value:
                  alerts:
                  - id: example-id
      responses:
        '200':
          description: Alerts reopened successfully.
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /policy:
    get:
      operationId: listPolicies
      summary: Palo Alto Networks List Policies
      description: >-
        Returns all security policies including built-in and custom
        policies with their severity, cloud type, and compliance mappings.
      tags:
      - Policies
      responses:
        '200':
          description: Policies returned successfully.
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/Policy'
              examples:
                ListPolicies200Example:
                  summary: Default listPolicies 200 response
                  x-microcks-default: true
                  value:
                  - policyId: '167432'
                    name: Production Sensor 48
                    policyType: audit_event
                    severity: high
                    description: Malware malware violation activity blocked detected malware malware suspicious suspicious.
                    recommendation: example-recommendation
                    cloudType: custom
                    enabled: false
                    systemDefault: false
                    rule: &id005
                      name: Staging Policy 35
                      criteria: example-criteria
                      type: standard
                    complianceMetadata: &id006
                    - standardName: Corporate Agent 39
                      requirementId: '465802'
                      requirementName: Production Agent 65
                      sectionId: '568679'
                    - standardName: Branch Sensor 82
                      requirementId: '690794'
                      requirementName: Primary Gateway 49
                      sectionId: '340660'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    post:
      operationId: createPolicy
      summary: Palo Alto Networks Create a Custom Policy
      description: Creates a new custom security policy with an RQL query.
      tags:
      - Policies
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PolicyInput'
            examples:
              CreatePolicyRequestExample:
                summary: Default createPolicy request
                x-microcks-default: true
                value:
                  name: Production Policy 14
                  policyType: standard
                  severity: high
                  description: Investigation endpoint incident detected on suspicious configured endpoint firewall.
                  recommendation: example-recommendation
                  cloudType: custom
                  enabled: true
                  rule: &id007
                    name: Primary Policy 53
                    criteria: example-criteria
                    type: standard
      responses:
        '200':
          description: Policy created successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Policy'
              examples:
                CreatePolicy200Example:
                  summary: Default createPolicy 200 response
                  x-microcks-default: true
                  value:
                    policyId: '167432'
                    name: Production Sensor 48
                    policyType: audit_event
                    severity: high
                    description: Malware malware violation activity blocked detected malware malware suspicious suspicious.
                    recommendation: example-recommendation
                    cloudType: custom
                    enabled: false
                    systemDefault: false
                    rule: *id005
                    complianceMetadata: *id006
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /policy/{policyId}:
    get:
      operationId: getPolicy
      summary: Palo Alto Networks Get Policy Details
      description: Returns details of a specific policy.
      tags:
      - Policies
      parameters:
      - name: policyId
        in: path
        required: true
        description: Unique policy identifier.
        schema:
          type: string
        example: '397286'
      responses:
        '200':
          description: Policy returned successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Policy'
              examples:
                GetPolicy200Example:
                  summary: Default getPolicy 200 response
                  x-microcks-default: true
                  value:
                    policyId: '167432'
                    name: Production Sensor 48
                    policyType: audit_event
                    severity: high
                    description: Malware malware violation activity blocked detected malware malware suspicious suspicious.
                    recommendation: example-recommendation
                    cloudType: custom
                    enabled: false
                    systemDefault: false
                    rule: *id005
                    complianceMetadata: *id006
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    put:
      operationId: updatePolicy
      summary: Palo Alto Networks Update a Policy
      description: Updates an existing security policy.
      tags:
      - Policies
      parameters:
      - name: policyId
        in: path
        required: true
        description: Unique policy identifier.
        schema:
          type: string
        example: '874390'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PolicyInput'
            examples:
              UpdatePolicyRequestExample:
                summary: Default updatePolicy request
                x-microcks-default: true
                value:
                  name: Production Policy 14
                  policyType: standard
                  severity: high
                  description: Investigation endpoint incident detected on suspicious configured endpoint firewall.
                  recommendation: example-recommendation
                  cloudType: custom
                  enabled: true
                  rule: *id007
      responses:
        '200':
          description: Policy updated successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Policy'
              examples:
                UpdatePolicy200Example:
                  summary: Default updatePolicy 200 response
                  x-microcks-default: true
                  value:
                    policyId: '167432'
                    name: Production Sensor 48
                    policyType: audit_event
                    severity: high
                    description: Malware malware violation activity blocked detected malware malware suspicious suspicious.
                    recommendation: example-recommendation
                    cloudType: custom
                    enabled: false
                    systemDefault: false
                    rule: *id005
                    complianceMetadata: *id006
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /cloud:
    get:
      operationId: listCloudAccounts
      summary: Palo Alto Networks List Cloud Accounts
      description: >-
        Returns a list of all cloud accounts onboarded to Prisma Cloud
        for security monitoring.
      tags:
      - CloudAccounts
      responses:
        '200':
          description: Cloud accounts returned successfully.
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/CloudAccount'
              examples:
                ListCloudAccounts200Example:
                  summary: Default listCloudAccounts 200 response
                  x-microcks-default: true
                  value:
                  - accountId: '166602'
                    name: Branch Policy 85
                    cloudType: aws
                    enabled: true
                    numberOfPolicies: 638
                    lastModifiedTs: 347
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /cloud/{cloudType}:
    post:
      operationId: addCloudAccount
      summary: Palo Alto Networks Add a Cloud Account
      description: >-
        Onboards a cloud account (AWS, Azure, GCP, or OCI) for security
        monitoring. Requires appropriate cloud credentials and permissions.
      tags:
      - CloudAccounts
      parameters:
      - name: cloudType
        in: path
        required: true
        description: Cloud provider type to onboard.
        schema:
          type: string
          enum:
          - aws
          - azure
          - gcp
          - oci
        example: azure
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
              - accountId
              - name
              properties:
                accountId:
                  type: string
                  description: Cloud provider account identifier.
                enabled:
                  type: boolean
                  default: true
                  description: Whether monitoring is enabled for this account.
                name:
                  type: string
                  description: Display name for the account.
                groupIds:
                  type: array
                  items:
                    type: string
                  description: Account group IDs to associate.
            examples:
              AddCloudAccountRequestExample:
                summary: Default addCloudAccount request
                x-microcks-default: true
                value:
                  accountId: '207427'
                  enabled: true
                  name: Primary Sensor 81
                  groupIds:
                  - example-groupIds_item
                  - example-groupIds_item
      responses:
        '200':
          description: Cloud account onboarded successfully.
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /cloud/{cloudType}/{id}:
    delete:
      operationId: removeCloudAccount
      summary: Palo Alto Networks Remove a Cloud Account
      description: >-
        Removes a cloud account from Prisma Cloud monitoring. All
        associated alerts and data are retained for historical analysis.
      tags:
      - CloudAccounts
      parameters:
      - name: cloudType
        in: path
        required: true
        description: Cloud provider type.
        schema:
          type: string
          enum:
          - aws
          - azure
          - gcp
          - oci
        example: azure
      - name: id
        in: path
        required: true
        description: Cloud account identifier.
        schema:
          type: string
        example: example-id
      responses:
        '200':
          description: Cloud account removed successfully.
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /search/asset:
    post:
      operationId: searchAsset
      summary: Palo Alto Networks Search Assets with RQL
      description: >-
        Executes an RQL (Resource Query Language) asset query against
        cloud resource configurations and returns matching resources.
        Supports config, network, and event query types.
      tags:
      - Search
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
              - query
              - timeRange
              properties:
                query:
                  type: string
                  description: >-
                    RQL query string (e.g., "config from cloud.resource
                    where cloud.type = 'aws'").
                timeRange:
                  $ref: '#/components/schemas/TimeRange'
                limit:
                  type: integer
                  default: 100
                withResourceJson:
                  type: boolean
                  default: false
            examples:
              SearchAssetRequestExample:
                summary: Default searchAsset request
                x-microcks-default: true
                value:
                  query: example-query
                  timeRange:
                    type: to_now
                    value: *id004
                  limit: 100
                  withResourceJson: false
      responses:
        '200':
          description: Asset search results returned successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SearchResult'
              examples:
                SearchAsset200Example:
                  summary: Default searchAsset 200 response
                  x-microcks-default: true
                  value:
                    cloudType: advanced
                    query: example-query
                    data: &id008
                      totalRows: 728
                      items:
                      - id: example-id
                        name: Branch Sensor 66
                        cloudType: standard
                        accountId: '697058'
                        accountName: Production Agent 91
                        regionId: '906120'
                        resourceType: advanced
                        overallPassed: false
                      - id: example-id
                        name: Branch Firewall 11
                        cloudType: advanced
                        accountId: '226442'
                        accountName: Corporate Agent 48
                        regionId: '307869'
                        resourceType: standard
                        overallPassed: false
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /search/config:
    post:
      operationId: searchConfig
      summary: Palo Alto Networks Search Cloud Resource Configurations
      description: >-
        Executes an RQL config query against cloud resource configurations.
        Returns resources matching the query criteria with their
        configuration details.
      tags:
      - Search
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
              - query
              - timeRange
              properties:
                query:
                  type: string
                  description: RQL config query string.
                timeRange:
                  $ref: '#/components/schemas/TimeRange'
                limit:
                  type: integer
                  default: 100
                withResourceJson:
                  type: boolean
                  default: false
            examples:
              SearchConfigRequestExample:
                summary: Default searchConfig request
                x-microcks-default: true
                value:
                  query: example-query
                  timeRange:
                    type: to_now
                    value: *id004
                  limit: 100
                  withResourceJson: false
      responses:
        '200':
          description: Config search results returned successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SearchResult'
              ex

# --- truncated at 32 KB (49 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/openapi/palo-alto-prisma-cloud-cspm-api-openapi-original.yml