TRAPS API documentation

Reply
Highlighted
L0 Member

TRAPS API documentation

Is there TRAPS API documentation available? If so, where to find it?

This would be for TRAPS 6, but I would also like to see other versions.

For example I need to retrieve information from policies with an API call.

Tags (3)
Highlighted
L1 Bithead

Re: TRAPS API documentation

I have been searching for an answer to this same question for quite some time. From what I can tell, and please correct me if I am wrong, there is not a publicly available Traps API, at least not yet anyway. However, there are robust public APIs for WildFire, Cortex XDR, and Demisto that utilize Traps as a key component of their functionality. These other APIs provide ways of interacting with Traps that could probably solve some of the use cases a Traps API would provide.

 

From my understanding, with the release of Traps 6, Traps TMS is about to get a face lift that has a strong resemblance to the interface of Cortex XDR. For all intents and purposes, Traps is actually a subcomponent to Cortex XDR, and you cannot own XDR without also deploying traps on your end points. Because of this dependency we will see some functionality added to Traps in the coming months that will be critical to the functionality of Cortex XDR, specifically the BIOCs and possibly USB management.

 

That all sounds fantastic, but what does that mean for the Traps API? Well Traps uses Cortex Data Lake to store all event and incident data to allow integration with Cortex XDR and probably other Palo Alto products. All of these APIs seem to be using Data Lake in some way. This may suggest at some point in time that there was a fundamental shift in Palo Alto's integration strategy between the PAN-OS API and Cortex XDR  to use this Data Lake as the key to all of the APIs and to keep it obscure as possible from public view. If there was a Data Lake API a user could potentially do the "Stitching" on their own. In my opinion, before this shift in integration strategy, there was a private Traps API, and probably is still being used by Traps under the hood. This may be pretty far into the realm of speculation, but if anybody has additional supporting or contradicting details, I would really like to know more about the reason why there is not a public Traps API. 

 

Screen Shot 2019-12-16 at 11.56.49 PM.png

https://www.paloaltonetworks.nl/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resourc...

 

 

 

 

Highlighted
L4 Transporter
Highlighted
L1 Bithead

Re: TRAPS API documentation

Can you use this with out XDR?

Highlighted
L4 Transporter

Re: TRAPS API documentation

Cortex XDR is required; however everyone has either been or will be migrated very soon.


David Falcon 
MDR Systems Engineer, Cortex
Palo AltoNetworks® 
Highlighted
L1 Bithead

Re: TRAPS API documentation

You are correct. I am excited to see what we can do with the Cortex API.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!