01-24-2019 03:15 PM
So I had a crazy idea and started poking around at the XML API on my firewall. I wanted to see if there was a generally efficient way to automate a query against PAN-DB. Seems straightforward enought; either test/url-info-cloud or test/url-info-host (depending on whether I want to check the MP cache or against the cloud... though I'm not sure if there are limitations for the latter, such as what WildFire's API has). I realize there's a public web interface for this check, but that's not what I'm looking for. I'm trying to automate a process.
What I'm not sure about is the formatting of the response/output. For example, submitting the following against url-info-cloud for google.com returns an interesting response:
<test><url-info-cloud>google.com</url-info-cloud></test>
<response cmd="status" status="success"><result>BM: google.com,9,5,search-engines ... BM: ... </result></response>
(I've limited the output intentionally... not sure about how sensitive PA is to this)
And querying the same against url-info-host:
<test><url-info-host>google.com</url-info-host></test>
<response cmd="status" status="success"><result>Ancestors info: BM: google.com,1,5,search-engines,, Descendants info: wallet.google.com,1,5,financial-services,, ... </result></response>
I'm expecting some differences between url-info-cloud and url-info-host due to PAN-DB's design, but I'm not sure what the all of the output means, other than the obvious stuff. Strings like "BM:" and ",9,5," in url-info-cloud don't appear to have any corresponding documentation to explain their meaning. The same goes for "Anscestors info:", "Decendants info:", ",1,5,", and the ",," at the end of the individual result.
When parsing out this response, should these strings and values mean something?
