So I had a crazy idea and started poking around at the XML API on my firewall. I wanted to see if there was a generally efficient way to automate a query against PAN-DB. Seems straightforward enought; either test/url-info-cloud or test/url-info-host (depending on whether I want to check the MP cache or against the cloud... though I'm not sure if there are limitations for the latter, such as what WildFire's API has). I realize there's a public web interface for this check, but that's not what I'm looking for. I'm trying to automate a process. What I'm not sure about is the formatting of the response/output. For example, submitting the following against url-info-cloud for google.com returns an interesting response: <test><url-info-cloud>google.com</url-info-cloud></test> <response cmd="status" status="success"><result>BM:
</result></response> (I've limited the output intentionally... not sure about how sensitive PA is to this) And querying the same against url-info-host: <test><url-info-host>google.com</url-info-host></test> <response cmd="status" status="success"><result>Ancestors info:
</result></response> I'm expecting some differences between url-info-cloud and url-info-host due to PAN-DB's design, but I'm not sure what the all of the output means, other than the obvious stuff. Strings like "BM:" and ",9,5," in url-info-cloud don't appear to have any corresponding documentation to explain their meaning. The same goes for "Anscestors info:", "Decendants info:", ",1,5,", and the ",," at the end of the individual result. When parsing out this response, should these strings and values mean something?
... View more