Retrieves a list of external applications (AWS SQS, AWS S3, Syslog, Splunk, and webhook) and their attributes. The meaning behind all attributes in this response could be found in the ExternalApplication schema. Please note that the field connection_config is retrieved with masked attributes for security purposes; examples are provided in the sample response shown for this endpoint. Please note that the last_modified_by, last_error, and last_error_at attributes are not populated for Syslog integrations.
curl -X 'GET'
-H
'Accept: application/json'
'https://api-cortex.paloaltonetworks.com/platform/integration/v1/external-application'
import http.client
conn = http.client.HTTPSConnection("api-")
conn.request("GET", "%7Bfqdn%7D/platform/integration/v1/external-application")
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-/%7Bfqdn%7D/platform/integration/v1/external-application")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Get.new(url)
response = http.request(request)
puts response.read_bodyconst data = null;
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("GET", "https://api-/%7Bfqdn%7D/platform/integration/v1/external-application");
xhr.send(data);HttpResponse<String> response = Unirest.get("https://api-/%7Bfqdn%7D/platform/integration/v1/external-application")
.asString();import Foundation
let request = NSMutableURLRequest(url: NSURL(string: "https://api-/%7Bfqdn%7D/platform/integration/v1/external-application")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "GET"
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-/%7Bfqdn%7D/platform/integration/v1/external-application",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "GET");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-/%7Bfqdn%7D/platform/integration/v1/external-application");
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-/%7Bfqdn%7D/platform/integration/v1/external-application");
var request = new RestRequest(Method.GET);
IRestResponse response = client.Execute(request);A list of applications.
dataarray
application_idintegerint64Unique identifier
Unique identifier
namestringName of the application.
Name of the application.
descriptionstringDescription of the application.
Description of the application.
statusstring (Enum)Current status of the application.
Current status of the application.
"connected"created_atintegerint64Timestamp when the application was created.
Timestamp when the application was created.
last_modified_bystringIdentifier of the user who created the app.
Identifier of the user who created the app.
last_errorstringDescription summarizing that last known error for the given external application.
Description summarizing that last known error for the given external application.
last_error_atintegerint64Timestamp of the last error.
Timestamp of the last error.
modified_atintegerint64Timestamp of the last modification.
Timestamp of the last modification.
application_typestring (Enum)The type of application instance.
The type of application instance.
connection_configobjectConnection configuration based on application_type.
Connection configuration based on application_type.
urlstringrequiredurlwebhook URL.
webhook URL.
http_methodstring (Enum)
"POST"headersobjectCustom HTTP headers to include.
Custom HTTP headers to include.
hec_endpointstringrequiredurlSplunk HTTP Event Collector (HEC) endpoint.
Splunk HTTP Event Collector (HEC) endpoint.
auth_tokenstringrequiredHEC authentication token.
HEC authentication token.
queue_urlstringrequiredurlThe SQS queue destination URL.
The SQS queue destination URL.
access_keystring
secret_keystring
role_arnstring
connection_typestring (Enum)
"ROLE_ARN"s3_uristringrequiredurlAmazon S3 bucket URI
Amazon S3 bucket URI
regionstringrequiredAWS region where the S3 bucket resides
AWS region where the S3 bucket resides
role_arnstringrequiredRole ARN associated with the IAM role for S3 access
Role ARN associated with the IAM role for S3 access
roll_up_intervalinteger (Enum)int32Roll-up interval for metrics or data aggregation (in minutes)
Roll-up interval for metrics or data aggregation (in minutes)
60portintegerrequired
protocolstring (Enum)required
facilitystringrequiredChoose one of the syslog standard values. The value maps to how your syslog server uses the facility field to manage messages. For details on the facility field, see RFC 5424.
Choose one of the syslog standard values. The value maps to how your syslog server uses the facility field to manage messages. For details on the facility field, see RFC 5424.
addressstringrequiredIP address or fully qualified domain name (FQDN) of the syslog server.
IP address or fully qualified domain name (FQDN) of the syslog server.
security_infoobject
certificate_namestringWhen using TLS for communication between Cortex and the syslog server, Cortex validates that the syslog receiver has a certificate. Specify the certificate name here.
When using TLS for communication between Cortex and the syslog server, Cortex validates that the syslog receiver has a certificate. Specify the certificate name here.
ignore_cert_errorsbooleanWhether to ignore certificate errors. For security reasons, this is not recommended. If you set this to true, logs will be forwarded even if the certificate contains errors.
Whether to ignore certificate errors. For security reasons, this is not recommended. If you set this to true, logs will be forwarded even if the certificate contains errors.
certificate_contentstringbinaryBinary string of the certificate.
Binary string of the certificate.
metadataobjectMetadata for the response
Metadata for the response
{
"data": [
{
"application_id": 1,
"name": "Test External Application 01",
"description": "test description for the given external application",
"status": "connected",
"created_at": 1753918286,
"last_modified_by": "john.doe@example.com",
"modified_at": 1753918286,
"application_type": "webhook",
"connection_config": {
"url": "https://webhook.site/305650415-aad3-45ac-9d92-2455105edb96",
"http_method": "POST"
},
"last_error": null,
"last_error_at": null
},
{
"application_id": 2,
"name": "Test External Application 02",
"status": "connected",
"created_at": 1753918288,
"last_modified_by": "john.doe@example.com",
"modified_at": 1753918288,
"application_type": "splunk",
"connection_config": {
"hec_endpoint": "https://splunk-hec-****.company.com:8088/services/collector/event",
"auth_token": "123-****-****-****-abcd456"
},
"last_error": null,
"last_error_at": null
}
]
}replyobject
err_msgstring
err_extrastring
err_codeinteger
{
"reply": {
"err_code": 401,
"err_msg": "Public API request unauthorized",
"err_extra": null
}
}replyobject
err_msgstring
err_extrastring
err_codeinteger
{
"reply": {
"err_code": 403,
"err_msg": "Forbidden. Access was denied to this resource.",
"err_extra": "Insufficient permissions for api key"
}
}