Is there TRAPS API documentation available? If so, where to find it?
This would be for TRAPS 6, but I would also like to see other versions.
For example I need to retrieve information from policies with an API call.
I have been searching for an answer to this same question for quite some time. From what I can tell, and please correct me if I am wrong, there is not a publicly available Traps API, at least not yet anyway. However, there are robust public APIs for WildFire, Cortex XDR, and Demisto that utilize Traps as a key component of their functionality. These other APIs provide ways of interacting with Traps that could probably solve some of the use cases a Traps API would provide.
From my understanding, with the release of Traps 6, Traps TMS is about to get a face lift that has a strong resemblance to the interface of Cortex XDR. For all intents and purposes, Traps is actually a subcomponent to Cortex XDR, and you cannot own XDR without also deploying traps on your end points. Because of this dependency we will see some functionality added to Traps in the coming months that will be critical to the functionality of Cortex XDR, specifically the BIOCs and possibly USB management.
That all sounds fantastic, but what does that mean for the Traps API? Well Traps uses Cortex Data Lake to store all event and incident data to allow integration with Cortex XDR and probably other Palo Alto products. All of these APIs seem to be using Data Lake in some way. This may suggest at some point in time that there was a fundamental shift in Palo Alto's integration strategy between the PAN-OS API and Cortex XDR to use this Data Lake as the key to all of the APIs and to keep it obscure as possible from public view. If there was a Data Lake API a user could potentially do the "Stitching" on their own. In my opinion, before this shift in integration strategy, there was a private Traps API, and probably is still being used by Traps under the hood. This may be pretty far into the realm of speculation, but if anybody has additional supporting or contradicting details, I would really like to know more about the reason why there is not a public Traps API.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!