[](https://www.paloaltonetworks.com/?ts=markdown)

* Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)
  ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [](https://www.paloaltonetworks.com/?ts=markdown)

* Products  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products  
  [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)
  
  * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)
  
  * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  
  * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)
  
  * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)
  
  * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  
  * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)
  
  * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)
  
  * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  
  * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)
  
  * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)
  
  * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)
  
  * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)
  
  * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)
  
  * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  
  * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)
  
  * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)
  
  * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)
  
  * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)
  
  * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)
  
  * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)
  
  * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)
  
  * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)
  
  * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)
  
  * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)  
    [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)
  
  * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)
  
  * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)
  
  * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)
  
  * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)
  
  * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)
  
  * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown)
  
  * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)
  
  * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown)
  
  * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)
  
  * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown)
  
  * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  
  * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* Solutions  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions  
  Secure AI by Design
  
  * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)  
    Network Security
  * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown)
  * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown)
  * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown)
  * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown)
  * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown)
  * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown)
  * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown)
  * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown)
  * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)  
    Cloud Security
  * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown)
  * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown)
  * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown)
  * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown)
  * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown)
  * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown)
  * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown)
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown)
  * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown)  
    Security Operations
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown)
  * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown)
  * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown)
  * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown)
  * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown)
  * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown)
  * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown)
  * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown)
  * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown)
  * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown)  
    Endpoint Security
  * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown)
  * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown)
  * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown)
  * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown)  
    [Industries](https://www.paloaltonetworks.com/industry?ts=markdown)
  * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown)
  * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown)
  * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown)
  * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown)
  * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown)

* Services  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services  
  [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)
  
  * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)
  
  * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown)
  
  * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown)
  
  * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown)
  
  * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown)
  
  * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown)
  
  * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown)
  
  * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown)
  
  * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown)
  
  * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown)
  
  * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown)
  
  * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown)
  
  * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown)
  
  * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown)
  
  * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)
  
  * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown)
  
  * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown)
  
  * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown)
  
  * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown)
  
  * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown)
  
  * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)
  
  * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown)
  
  * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown)
  
  * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown)
  
  * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown)  
    [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown)
  
  * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown)
  
  * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown)
  
  * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown)
  
  * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown)
  
  * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown)  
    [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg)  
    UNIT 42 RETAINER
    Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial.
    Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)

* Partners  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners  
  NextWave Partners
  
  * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown)
  * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown)
  * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown)
  * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown)
  * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown)
  * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown)
  * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown)
  * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown)  
    Take Action
  * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown)
  * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown)
  * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner)
  * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess)
  * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator)  
    [CYBERFORCE
    CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise.
    Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown)

* Company  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company  
  Palo Alto Networks
  
  * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
  * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown)
  * [Investor Relations](https://investors.paloaltonetworks.com)
  * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
  * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown)
  * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
  * [Military \& Veterans](https://jobs.paloaltonetworks.com/military)  
    [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown)
  * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown)
  * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown)
  * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown)
  * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown)
  * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown)
  * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
  * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown)  
    Careers
  * [Overview](https://jobs.paloaltonetworks.com/)
  * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/)  
    [A Newsweek Most Loved Workplace
    "Businesses that do right by their employees"
    Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown)

* More  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More  
  Resources
  
  * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
  * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/)
  * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
  * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
  * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
  * [Tech Insider](https://techinsider.paloaltonetworks.com/)
  * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/)
  * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/)
  * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown)
  * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown)
  * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown)
  * [Tech Docs](https://docs.paloaltonetworks.com/)
  * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown)
  * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/)
  * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown)  
    Connect
  * [LIVE community](https://live.paloaltonetworks.com/)
  * [Events](https://events.paloaltonetworks.com/)
  * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown)
  * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown)
  * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)  
    [Blog
    Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity
    Learn more](https://www.paloaltonetworks.com/blog/)

* Sign In  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)

* [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown)  
  Search  
  All

* [Tech Docs](https://docs.paloaltonetworks.com/search)  
  Close search modal
  [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.paloaltonetworks.com/deploybravely?ts=markdown)  
  [](https://www.paloaltonetworks.com/?ts=markdown)

1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown)
3. [API Security](https://www.paloaltonetworks.com/cyberpedia/security-misconfiguration-api8?ts=markdown)
4. [What Is Improper Inventory Management?](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9?ts=markdown)  
   Table of Contents

* [What is Security Misconfiguration?](https://www.paloaltonetworks.com/cyberpedia/security-misconfiguration-api8?ts=markdown)
  * [API8:2023 - Security Misconfiguration Explained](https://www.paloaltonetworks.com/cyberpedia/security-misconfiguration-api8#explained?ts=markdown)
  * [Understanding Security Misconfiguration in API Security](https://www.paloaltonetworks.com/cyberpedia/security-misconfiguration-api8#understanding?ts=markdown)
  * [How Security Misconfiguration Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/security-misconfiguration-api8#how?ts=markdown)
  * [The Business Impact of Security Misconfiguration](https://www.paloaltonetworks.com/cyberpedia/security-misconfiguration-api8#business?ts=markdown)
  * [Identifying Security Misconfiguration in Your APIs](https://www.paloaltonetworks.com/cyberpedia/security-misconfiguration-api8#identifying?ts=markdown)
  * [Preventing Security Misconfiguration: Best Practices](https://www.paloaltonetworks.com/cyberpedia/security-misconfiguration-api8#preventing?ts=markdown)
  * [Security Misconfiguration FAQs](https://www.paloaltonetworks.com/cyberpedia/security-misconfiguration-api8#faqs?ts=markdown)
* [What Is Broken Object Level Authorization?](https://www.paloaltonetworks.com/cyberpedia/broken-object-level-authentication-api1?ts=markdown)
  * [API1:2023 - Broken Object Level Authorization Explained](https://www.paloaltonetworks.com/cyberpedia/broken-object-level-authentication-api1#explained?ts=markdown)
  * [Understanding Object-Level Authorization in API Security](https://www.paloaltonetworks.com/cyberpedia/broken-object-level-authentication-api1#understanding?ts=markdown)
  * [How Broken Object Level Authorization Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/broken-object-level-authentication-api1#how?ts=markdown)
  * [The Business Impact of Broken Object Level Authorization](https://www.paloaltonetworks.com/cyberpedia/broken-object-level-authentication-api1#business?ts=markdown)
  * [Identifying Broken Object Level Authorization in Your APIs](https://www.paloaltonetworks.com/cyberpedia/broken-object-level-authentication-api1#apis?ts=markdown)
  * [Preventing Broken Object Level Authorization: Best Practices](https://www.paloaltonetworks.com/cyberpedia/broken-object-level-authentication-api1#preventing?ts=markdown)
  * [Broken Object Level Authorization FAQs](https://www.paloaltonetworks.com/cyberpedia/broken-object-level-authentication-api1#faqs?ts=markdown)
* [What Is API Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security?ts=markdown)
  * [API Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#api?ts=markdown)
  * [Definition of an API](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#definition?ts=markdown)
  * [Why API Security Is Important](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#why?ts=markdown)
  * [Traditional Approach to Web Application Security](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#traditional?ts=markdown)
  * [Anatomy of an API Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#anatomy?ts=markdown)
  * [API Security Risks](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#risks?ts=markdown)
  * [API Security for SOAP, REST and GraphQL](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#graphql?ts=markdown)
  * [API Security Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#best?ts=markdown)
  * [Cortex Cloud's API Security Solution](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#prisma?ts=markdown)
  * [API Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security#faqs?ts=markdown)
* [What Is Server Side Request Forgery?](https://www.paloaltonetworks.com/cyberpedia/server-side-request-forgery-api7?ts=markdown)
  * [API7:2023 - Server Side Request Forgery Explained](https://www.paloaltonetworks.com/cyberpedia/server-side-request-forgery-api7#explained?ts=markdown)
  * [Understanding Server Side Request Forgery in API Security](https://www.paloaltonetworks.com/cyberpedia/server-side-request-forgery-api7#understanding?ts=markdown)
  * [How Server Side Request Forgery Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/server-side-request-forgery-api7#how?ts=markdown)
  * [The Business Impact of Server Side Request Forgery](https://www.paloaltonetworks.com/cyberpedia/server-side-request-forgery-api7#forgery?ts=markdown)
  * [Identifying Server Side Request Forgery in Your APIs](https://www.paloaltonetworks.com/cyberpedia/server-side-request-forgery-api7#apis?ts=markdown)
  * [Preventing Server Side Request Forgery: Best Practices](https://www.paloaltonetworks.com/cyberpedia/server-side-request-forgery-api7#preventing?ts=markdown)
  * [Server Side Request Forgery FAQs](https://www.paloaltonetworks.com/cyberpedia/server-side-request-forgery-api7#faqs?ts=markdown)
* [What Is Unrestricted Resource Consumption?](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption?ts=markdown)
  * [API4:2023 - Unrestricted Resource Consumption Explained](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#api4?ts=markdown)
  * [Understanding Unrestricted Resource Consumption in API Security](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#understanding?ts=markdown)
  * [How Unrestricted Resource Consumption Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#how?ts=markdown)
  * [The Business Impact of Unrestricted Resource Consumption](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#consumption?ts=markdown)
  * [Identifying Unrestricted Resource Consumption in Your APIs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#identifying?ts=markdown)
  * [Preventing Unrestricted Resource Consumption: Best Practices](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#preventing?ts=markdown)
  * [Unrestricted Resource Consumption FAQs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-resource-consumption#faqs?ts=markdown)
* [What Is Unrestricted Access to Sensitive Business Flows?](https://www.paloaltonetworks.com/cyberpedia/unrestricted-access-sensitive-business-flows?ts=markdown)
  * [API6:2023 - Unrestricted Access to Sensitive Business Flows Explained](https://www.paloaltonetworks.com/cyberpedia/unrestricted-access-sensitive-business-flows#explained?ts=markdown)
  * [Understanding Unrestricted Access to Sensitive Business Flows in API Security](https://www.paloaltonetworks.com/cyberpedia/unrestricted-access-sensitive-business-flows#understanding?ts=markdown)
  * [How Unrestricted Access to Sensitive Business Flows Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-access-sensitive-business-flows#how?ts=markdown)
  * [The Business Impact of Unrestricted Access to Sensitive Business Flows](https://www.paloaltonetworks.com/cyberpedia/unrestricted-access-sensitive-business-flows#flows?ts=markdown)
  * [Identifying Unrestricted Access to Sensitive Business Flows in Your APIs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-access-sensitive-business-flows#identifying?ts=markdown)
  * [Preventing Unrestricted Access to Sensitive Business Flows: Best Practices](https://www.paloaltonetworks.com/cyberpedia/unrestricted-access-sensitive-business-flows#preventing?ts=markdown)
  * [Unrestricted Access to Sensitive Business Flows FAQs](https://www.paloaltonetworks.com/cyberpedia/unrestricted-access-sensitive-business-flows#faqs?ts=markdown)
* [What Is Broken Function Level Authorization?](https://www.paloaltonetworks.com/cyberpedia/broken-function-level-authorization?ts=markdown)
  * [API5:2023 - Broken Function Level Authorization Explained](https://www.paloaltonetworks.com/cyberpedia/broken-function-level-authorization#broken?ts=markdown)
  * [Understanding Broken Function Level Authorization in API Security](https://www.paloaltonetworks.com/cyberpedia/broken-function-level-authorization#understanding?ts=markdown)
  * [How Broken Function Level Authorization Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/broken-function-level-authorization#how?ts=markdown)
  * [The Business Impact of Broken Function Level Authorization](https://www.paloaltonetworks.com/cyberpedia/broken-function-level-authorization#business?ts=markdown)
  * [Identifying Broken Function Level Authorization in Your APIs](https://www.paloaltonetworks.com/cyberpedia/broken-function-level-authorization#identifying?ts=markdown)
  * [Preventing Broken Function Level Authorization: Best Practices](https://www.paloaltonetworks.com/cyberpedia/broken-function-level-authorization#preventing?ts=markdown)
  * [Broken Function Level Authorization FAQs](https://www.paloaltonetworks.com/cyberpedia/broken-function-level-authorization#faqs?ts=markdown)
* [What Is Broken Object Property Level Authorization?](https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization?ts=markdown)
  * [API3:2023 - Broken Object Property Level Authorization Explained](https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization#explained?ts=markdown)
  * [Understanding Broken Object Property Level Authorization](https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization#understanding?ts=markdown)
  * [How Broken Object Property Level Authorization Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization#how?ts=markdown)
  * [The Business Impact of Broken Object Property Level Authorization](https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization#business?ts=markdown)
  * [Identifying Broken Object Property Level Authorization in Your APIs](https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization#identifying?ts=markdown)
  * [Preventing Broken Object Property Level Authorization: Best Practices](https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization#preventing?ts=markdown)
  * [Broken Object Property Level Authorization FAQs](https://www.paloaltonetworks.com/cyberpedia/broken-object-property-level-authorization#faqs?ts=markdown)
* [API Security Checklist for Modern Application Teams](https://www.paloaltonetworks.com/cyberpedia/api-security-checklist?ts=markdown)
  * [Discover and Classify All APIs](https://www.paloaltonetworks.com/cyberpedia/api-security-checklist#discover?ts=markdown)
  * [Apply Core API Security Controls](https://www.paloaltonetworks.com/cyberpedia/api-security-checklist#apply?ts=markdown)
  * [Protect API Data at Every Layer](https://www.paloaltonetworks.com/cyberpedia/api-security-checklist#protect?ts=markdown)
  * [Secure API Endpoints and Runtime Behavior](https://www.paloaltonetworks.com/cyberpedia/api-security-checklist#secure?ts=markdown)
  * [Continuously Monitor, Test, and Improve](https://www.paloaltonetworks.com/cyberpedia/api-security-checklist#monitor?ts=markdown)
  * [Building Resilience Through Systematic Execution](https://www.paloaltonetworks.com/cyberpedia/api-security-checklist#resilience?ts=markdown)
  * [API Security Checklist FAQs](https://www.paloaltonetworks.com/cyberpedia/api-security-checklist#faqs?ts=markdown)
* [API Security Monitoring](https://www.paloaltonetworks.com/cyberpedia/api-security-monitoring?ts=markdown)
  * [What to Monitor: Traffic, Sessions, Anomalies, Threats](https://www.paloaltonetworks.com/cyberpedia/api-security-monitoring#monitor?ts=markdown)
  * [Services and Tools for Monitoring APIs](https://www.paloaltonetworks.com/cyberpedia/api-security-monitoring#services?ts=markdown)
  * [Response Mechanisms: Threat Detection, Response, Remediation for APIs](https://www.paloaltonetworks.com/cyberpedia/api-security-monitoring#response?ts=markdown)
  * [Ensuring the Best API Security Posture with Monitoring and Continuous Improvement](https://www.paloaltonetworks.com/cyberpedia/api-security-monitoring#ensuring?ts=markdown)
  * [Building a Monitoring-Driven API Security Lifecycle](https://www.paloaltonetworks.com/cyberpedia/api-security-monitoring#building?ts=markdown)
  * [API Security Monitoring FAQs](https://www.paloaltonetworks.com/cyberpedia/api-security-monitoring#faqs?ts=markdown)
* [What Is API Endpoint Security](https://www.paloaltonetworks.com/cyberpedia/api-endpoint-security?ts=markdown)
  * [Threats Targeting Endpoints](https://www.paloaltonetworks.com/cyberpedia/api-endpoint-security#threats?ts=markdown)
  * [How to Secure API Endpoints](https://www.paloaltonetworks.com/cyberpedia/api-endpoint-security#secure?ts=markdown)
  * [Endpoint Protection Strategies](https://www.paloaltonetworks.com/cyberpedia/api-endpoint-security#endpoint?ts=markdown)
  * [Building Endpoint-Aware API Security Programs](https://www.paloaltonetworks.com/cyberpedia/api-endpoint-security#programs?ts=markdown)
  * [API Endpoint Security FAQs](https://www.paloaltonetworks.com/cyberpedia/api-endpoint-security#faqs?ts=markdown)
* What Is Improper Inventory Management?
  * [API9:2023 - Improper Inventory Management Explained](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#explained?ts=markdown)
  * [Understanding Improper Inventory Management in API Security](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#understanding?ts=markdown)
  * [How Improper Inventory Management Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#how?ts=markdown)
  * [The Business Impact of Improper Inventory Management](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#management?ts=markdown)
  * [Identifying Improper Inventory Management in Your APIs](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#identifying?ts=markdown)
  * [Preventing Improper Inventory Management: Best Practices](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#preventing?ts=markdown)
  * [Improper Inventory Management FAQs](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#faqs?ts=markdown)
* [Cloud API Security: Strategy for the DevOps Era](https://www.paloaltonetworks.com/cyberpedia/cloud-api-security-strategy?ts=markdown)
  * [The Role of API Keys and Secrets in Cloud APIs --- Risks and Misuses](https://www.paloaltonetworks.com/cyberpedia/cloud-api-security-strategy#role?ts=markdown)
  * [The Gateway Layer in Cloud APIs: Why a Web API Security Gateway Is Critical](https://www.paloaltonetworks.com/cyberpedia/cloud-api-security-strategy#gateway?ts=markdown)
  * [Monitoring and Protecting APIs in Real Time in Cloud/DevOps Contexts](https://www.paloaltonetworks.com/cyberpedia/cloud-api-security-strategy#monitoring?ts=markdown)
  * [Strategy Checklist: Best Practices for Cloud API Security in DevOps](https://www.paloaltonetworks.com/cyberpedia/cloud-api-security-strategy#strategy?ts=markdown)
  * [Conclusion: Bridging DevOps Velocity with Secure API Posture](https://www.paloaltonetworks.com/cyberpedia/cloud-api-security-strategy#conclusion?ts=markdown)
  * [Cloud API Security FAQs](https://www.paloaltonetworks.com/cyberpedia/cloud-api-security-strategy#faqs?ts=markdown)
* [What Is Broken Authentication?](https://www.paloaltonetworks.com/cyberpedia/broken-authentication-api2?ts=markdown)
  * [API2:2023 - Broken Authentication Explained](https://www.paloaltonetworks.com/cyberpedia/broken-authentication-api2#API2-2023?ts=markdown)
  * [Understanding Broken Authentication in API Security](https://www.paloaltonetworks.com/cyberpedia/broken-authentication-api2#understanding?ts=markdown)
  * [How Broken Authentication Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/broken-authentication-api2#broken?ts=markdown)
  * [The Business Impact of Broken Authentication](https://www.paloaltonetworks.com/cyberpedia/broken-authentication-api2#business?ts=markdown)
  * [Identifying Broken Authentication in Your APIs](https://www.paloaltonetworks.com/cyberpedia/broken-authentication-api2#identifying?ts=markdown)
  * [Preventing Broken Authentication: Best Practices](https://www.paloaltonetworks.com/cyberpedia/broken-authentication-api2#preventing?ts=markdown)
* [Broken Authentication FAQs](https://www.paloaltonetworks.com/cyberpedia/broken-authentication-api2#faqs?ts=markdown)

# What Is Improper Inventory Management?

3 min. read  
Table of Contents

* * [API9:2023 - Improper Inventory Management Explained](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#explained?ts=markdown)
  * [Understanding Improper Inventory Management in API Security](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#understanding?ts=markdown)
  * [How Improper Inventory Management Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#how?ts=markdown)
  * [The Business Impact of Improper Inventory Management](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#management?ts=markdown)
  * [Identifying Improper Inventory Management in Your APIs](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#identifying?ts=markdown)
  * [Preventing Improper Inventory Management: Best Practices](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#preventing?ts=markdown)
* [Improper Inventory Management FAQs](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#faqs?ts=markdown)

1. API9:2023 - Improper Inventory Management Explained

* * [API9:2023 - Improper Inventory Management Explained](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#explained?ts=markdown)
  * [Understanding Improper Inventory Management in API Security](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#understanding?ts=markdown)
  * [How Improper Inventory Management Manifests in Real-World APIs](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#how?ts=markdown)
  * [The Business Impact of Improper Inventory Management](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#management?ts=markdown)
  * [Identifying Improper Inventory Management in Your APIs](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#identifying?ts=markdown)
  * [Preventing Improper Inventory Management: Best Practices](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#preventing?ts=markdown)
* [Improper Inventory Management FAQs](https://www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9#faqs?ts=markdown)

Organizations manage hundreds if not thousands of API endpoints across cloud environments, yet most orgs can't answer basic questions about what's running where. API9:2023 Improper Inventory Management ranks ninth on the OWASP Top 10 API Security Risks because unknown APIs commonly bypass security controls.

## API9:2023 - Improper Inventory Management Explained

Organizations often run APIs they've forgotten exist. Development teams spin up beta endpoints for testing, legacy systems continue serving data through deprecated interfaces, and third-party integrations multiply across business units without centralized tracking. API inventory management refers to maintaining comprehensive knowledge of every API host, endpoint, version, and data flow within your environment.

### The Visibility Gap

Security teams can't protect assets they don't know exist. An undocumented API running in a staging environment might lack the rate limiting, authentication controls, or monitoring applied to production systems. Attackers actively scan for these forgotten endpoints, knowing they represent soft targets with production-level data access but development-level security.

Modern application architectures amplify the challenge. [Microservices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices?ts=markdown) sprawl across multiple [cloud service providers](https://www.paloaltonetworks.com/cyberpedia/cloud-service-provider?ts=markdown), [containerized workloads](https://www.paloaltonetworks.com/cyberpedia/containerization?ts=markdown) shift between environments, and serverless functions create ephemeral endpoints. Organizations running [Kubernetes](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes?ts=markdown) clusters might have hundreds of services communicating through internal APIs, each potentially exposing data, or functionality. [CI/CD pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown) deploy new versions while old ones persist. [Shadow IT](https://www.paloaltonetworks.com/cyberpedia/shadow-it?ts=markdown) emerges as business units adopt [SaaS](https://www.paloaltonetworks.com/cyberpedia/what-is-saas?ts=markdown) platforms with their own API ecosystems.

### Two Dimensions of Risk

The risk operates on distinct planes. First, internal inventory: knowing which API hosts exist, which environment they serve, who should access them, and what version runs where. A beta API host might replicate production functionality without production security controls.

Second, external data flows: tracking where APIs send [sensitive data](https://www.paloaltonetworks.com/cyberpedia/sensitive-data?ts=markdown) to third parties, whether business justification exists for each flow, and what categories of data move across organizational boundaries.

Improper inventory management differs fundamentally from traditional vulnerabilities. [SQL injection](https://www.paloaltonetworks.com/cyberpedia/sql-injection?ts=markdown) represents a technical flaw in code. Inventory failures stem from organizational gaps in governance, documentation, and awareness. You might have perfect code security but still face catastrophic breaches because nobody knew a particular API existed or tracked which customer data it shared with external partners.

## Understanding Improper Inventory Management in API Security

Effective API inventory demands cataloging five distinct asset categories, each with unique security implications.

### 1. API Hosts and Environmental Context

Every server running an API instance requires documentation. Organizations commonly discover forgotten hosts running outdated code when conducting security audits or responding to incidents. A host serving beta.api.company.com might mirror production functionality but run in a staging environment with debug modes enabled and authentication bypassed for developer convenience.

Environmental classification determines appropriate security posture. Production environments demand encryption, authentication, authorization, rate limiting, and comprehensive logging. Staging environments often relax these controls to facilitate testing. Development instances might skip them entirely. Attackers exploit these discrepancies when they find nonproduction hosts handling production data.

### 2. Version Proliferation and Attack Surface

Each API version multiplies management overhead and security exposure. Version 1 might use API keys for authentication while version 2 implements OAuth 2.0, and version 3 adds rate limiting to prevent [brute force attacks](https://www.paloaltonetworks.com/cyberpedia/brute-force?ts=markdown). Organizations running all three versions simultaneously must maintain distinct security controls for each.

Retiring old versions proves difficult when client applications hard-code dependencies. Mobile apps released years ago might still call deprecated endpoints. Internal systems built by teams long disbanded might break if legacy APIs disappear. The path of least resistance leaves every version running indefinitely.

Backporting security improvements to older versions requires engineering resources. Organizations face a choice: invest in updating deprecated code or accept that older versions carry known vulnerabilities. Meanwhile, attackers scan version-specific paths like /v1/, /v2/, /api/legacy/ searching for weaker implementations.

### 3. Endpoint Cataloging

Each API version exposes specific endpoints with distinct parameters, authentication requirements, and data access patterns. An endpoint might accept GET requests in version 1 but require POST in version 2. Parameters that were optional become required. Response formats shift from XML to JSON. Documentation must capture methods, paths, request schemas, response structures, and error handling for every endpoint.

### 4. Third-Party API Integrations

APIs you consume from external providers and APIs you expose to partners create bidirectional risk. Consumed APIs might change behavior, introduce vulnerabilities, or experience breaches that compromise your data. Partner-facing APIs grant external entities access to your systems and information.

### 5. Sensitive Data Flow Tracking

Data flows to third parties require granular tracking: which specific fields move where, under what legal agreements, with what business justification, and subject to which compliance requirements. A marketing API might share email addresses with an analytics platform. Payment APIs send transaction details to fraud detection services. Each flow needs documentation, approval, monitoring, and periodic review.

## How Improper Inventory Management Manifests in Real-World APIs

Inventory failures create exploitable gaps between what security teams believe they protect and what actually runs in production.

### Forgotten Endpoints and Shadow Infrastructure

Development teams spin up test instances at dev.api.company.com, finish their work, and move on without decommissioning resources. Six months later, those servers still run, often with root credentials in environment variables and CORS policies set to allow all origins. [Infrastructure-as-code](https://www.paloaltonetworks.com/cyberpedia/what-is-iac?ts=markdown) deployments create [API gateways](https://www.paloaltonetworks.com/cyberpedia/what-is-api-gateway?ts=markdown) across multiple AWS accounts. Terraform state files tracked in one repository don't reflect manual changes made through the console.

Beta APIs designed for partner testing remain accessible years after the partnership ended. A URL like beta-v2.api.company.com might replicate production endpoints while bypassing the [web application firewall](https://www.paloaltonetworks.com/cyberpedia/what-is-a-web-application-firewall?ts=markdown) that protects api.company.com. Teams launch new microservices in Kubernetes namespaces without updating the central API catalog. Service mesh configurations drift as engineers add routes locally.

### Documentation Decay

API contracts documented during initial development become obsolete as features evolve. An endpoint accepts additional parameters that security teams don't know exist. Rate limiting gets removed to fix a performance issue, but documentation still claims 1,000 requests per-hour limits apply. Authentication schemes change from bearer tokens to mutual TLS without updating the OpenAPI specification.

Teams inherit APIs from acquired companies or departed engineers. Nobody remembers what /api/internal/legacy/sync actually does or which systems depend on it. Comment blocks in code contradict actual behavior. Swagger files checked into repositories six months ago describe endpoints that were refactored or removed.

### Cross-Environment Security Inconsistencies

Production APIs enforce OAuth 2.0 with PKCE, while staging accepts simple API keys. Load balancers terminate TLS for production traffic, but staging endpoints accept plaintext HTTP. Rate limiting prevents credential stuffing attacks on production password reset flows, while the identical flow in a QA environment allows unlimited attempts.

Organizations patch CVEs in production [containers](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container?ts=markdown) but leave staging images months out of date. Development databases contain full production data dumps refreshed nightly. Developers test against these endpoints using hard-coded credentials committed to public GitHub repositories.

### Uncontrolled Third-Party Access

Marketing integrates with a social media analytics platform, granting API access to customer email addresses and engagement metrics. Eighteen months later, nobody recalls approving the integration or what data actually flows. OAuth scopes granted during initial setup allow read access to all customer records, despite the vendor only needing aggregate statistics.

Mobile SDK partners receive API keys with admin-level permissions. The integration works, ships to production, and persists unchanged for years while the vendor's security posture deteriorates or ownership changes through acquisition. Data processing agreements signed during the initial partnership don't reflect current data sharing practices.

## The Business Impact of Improper Inventory Management

Poor API inventory is an [API security](https://www.paloaltonetworks.com/cyberpedia/what-is-api-security?ts=markdown) risk that translates directly into financial loss, regulatory penalties, and competitive disadvantage.

### Attack Surface and Breach Probability

Every undocumented API host represents an unmonitored entry point. Attackers systematically enumerate subdomains, probe for version-specific paths, and exploit the statistical likelihood that forgotten infrastructure lacks current security controls. A single unpatched endpoint can compromise entire databases. Organizations running 20 API hosts but only monitoring 15 face a 25% security blind spot.

### Compliance and Regulatory Exposure

[GDPR](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance?ts=markdown) Article 30 requires organizations to maintain records of processing activities. Regulators expect documentation of what data goes where, under what legal basis, with what safeguards. Unknown data flows to third parties violate these requirements. During audits, organizations must demonstrate that they track all personal data processing. Gaps in API inventory mean gaps in compliance evidence.

Privacy regulations mandate data subject access requests within 30 days. Organizations must locate all instances of an individual's data across systems. Undocumented APIs make fulfilling these requests effectively impossible. Failure carries fines up to 4% of global revenue under GDPR.

### Incident Response Paralysis

[Data breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach?ts=markdown) require a rapid assessment of the impact scope. Security teams must answer what data was exposed, which systems were compromised, and which customers need notification. Unknown APIs delay these determinations by days or weeks. Meanwhile, breach notification windows expire, compounding regulatory penalties.

A third party experiencing a breach should trigger an immediate review of what data they hold. Organizations with poor data flow visibility can't assess their exposure. The difference between notifying 50,000 affected customers and 50 million depends on knowing what data was shared.

### Resource Drain and Opportunity Cost

Infrastructure running forgotten APIs consumes cloud compute costs indefinitely. Engineering teams maintain multiple API versions instead of consolidating functionality. Security tools scan endpoints nobody uses. Each unnecessary version requires patching, monitoring, and incident response capability.

Capital allocated to managing technical debt from poor inventory practices could fund innovation, market expansion, or competitive advantages. The opportunity cost of defensive security maintenance versus strategic initiatives compounds quarterly.

## Identifying Improper Inventory Management in Your APIs

Organizations need systematic discovery methods to uncover forgotten infrastructure, document active endpoints, and trace data flows.

### Host Discovery Across Cloud Environments

Network scanning tools like Nmap and Shodan identify internet-facing API hosts. DNS enumeration reveals subdomains through zone transfers, where misconfigured, or through brute force against common patterns like api-, dev-, staging-, beta-. Certificate Transparency logs expose every domain for which TLS certificates were issued, including internal API hosts that briefly faced the internet during testing.

Cloud provider inventory tools query the infrastructure programmatically. AWS Config tracks every EC2 instance, Lambda function, and API Gateway deployment across accounts and regions. Azure Resource Graph runs KQL queries against all resources. GCP Asset Inventory provides similar visibility. Organizations running multicloud environments need separate queries for each provider, plus any on-premises infrastructure.

Code repositories contain API endpoint definitions. Scanning GitHub, GitLab, or Bitbucket for OpenAPI specifications, route definitions in Express or Flask applications, and controller classes in Spring Boot reveals endpoints that developers built. Comparing repository findings against production infrastructure highlights discrepancies where code exists, but documentation doesn't, or vice versa.

### Version and Endpoint Enumeration

API responses often leak version information through headers like X-API-Version or in URL paths like /v1/users versus /v2/users. Probing common version patterns identifies active versions. Traffic analysis through API gateways or application performance monitoring tools shows which versions clients actually call versus which versions exist.

Deployment pipeline configurations in Jenkins, GitLab CI, or GitHub Actions document which versions get built and where they deploy. Terraform or CloudFormation templates describe infrastructure but might not reflect manual changes made outside infrastructure-as-code workflows.

### Documentation Accuracy Validation

OpenAPI specifications claim an endpoint requires authentication, but testing shows it accepts anonymous requests. Documentation states rate limiting at 1,000 requests per hour, while the actual implementation allows unlimited calls. CORS policies documented as restrictive actually permit all origins.

Automated testing compares documented behavior against actual responses. Tools like Dredd or Schemathesis execute tests derived from OpenAPI specifications and flag discrepancies. Manual penetration testing validates security controls documented in API contracts.

### Third-Party Integration Tracing

API gateway logs reveal external destinations receiving data. CloudWatch, Stackdriver, or Application Insights show HTTP calls to third-party domains. Network flow logs from VPC Flow Logs or NSG flow logs capture traffic patterns even when [application-layer](https://www.paloaltonetworks.com/cyberpedia/what-is-layer-7?ts=markdown) logging fails.

Data processing agreements signed with vendors provide a legal record of intended data sharing. Comparing agreements against actual traffic identifies scope creep where integrations access more data than contracts permit. OAuth consent screens and permission grants show what access third parties requested versus what users approved.

## Preventing Improper Inventory Management: Best Practices

Prevention requires continuous discovery, automated documentation generation, and deliberate lifecycle management rather than periodic audits.

### Building and Maintaining Host Inventories

Asset management databases must capture environment designation, network exposure, version identifiers, and active security controls for every API host. A host record documents whether api-staging.company.com runs in a staging environment, accepts public internet traffic, serves version 2.3, and implements OAuth 2.0 with rate limiting at 500 requests per minute.

Discovery scans run weekly or daily, depending on deployment velocity. Organizations shipping multiple times daily need automated discovery integrated into CI/CD pipelines. Terraform deployments trigger inventory updates. Kubernetes admission controllers register new services automatically. Manual processes fail at scale when engineering teams deploy hundreds of microservices monthly.

Asset inventories become authoritative sources for security tooling. Web application firewalls pull configuration from inventory records. [Vulnerability scanners](https://www.paloaltonetworks.com/cyberpedia/vulnerability-scanning?ts=markdown) target hosts listed in asset databases. Monitoring tools alert when traffic reaches undocumented endpoints.

### Tracking Data Flows and Integration Points

Third-party integrations require formal approval workflows. A marketing team requests access to customer email addresses for an analytics platform. The request documents which data fields will transfer, under what legal basis, with what data retention period, and subject to which processing agreement. Security and legal teams approve before credentials get issued.

API gateways log external destinations. Organizations query these logs against approved integration lists to detect unauthorized data sharing. Automated alerts fire when an API sends data to unapproved domains.

[Data flow diagrams](https://www.paloaltonetworks.com/cyberpedia/data-flow-diagram?ts=markdown) map how information moves across boundaries. Payment processing APIs send transaction amounts to fraud detection services while customer names go to email marketing platforms. Each arrow on the diagram corresponds to a documented business justification and compliance review.

### Automated Documentation in Development Workflows

OpenAPI specifications are generated from source code annotations. Developers annotate endpoints with @ApiOperation decorators, specify parameters with @ApiParam, and document response schemas. Build processes extract these annotations into OpenAPI 3.0 files.

Documentation builds fail when endpoints exist without documentation or when documented behavior diverges from implementation. Integration tests validate that actual API responses match OpenAPI schemas. Pull requests without documentation updates get rejected automatically.

Documentation access requires authentication. Public documentation leaks endpoint structures, parameter names, and business logic that attackers use for reconnaissance. Organizations publish sanitized API references for public consumption while maintaining detailed internal documentation for authorized developers.

### Security Parity Across Environments

Every environment handling sensitive data receives production-grade security controls. Staging APIs processing customer information implement the same authentication, authorization, encryption, and rate limiting as production. Development instances use synthetic test data rather than production database exports.

API security gateways front all exposed endpoints regardless of version or environment. Web application firewalls protect beta.api.company.com identically to api.company.com. Rate limiting, [DDoS protection](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack?ts=markdown), and threat detection apply uniformly.

### Structured Version Deprecation

Version sunset timelines communicate 12 months before retirement. Organizations notify API consumers, update documentation with deprecation notices, and monitor usage patterns. Metrics track which clients still call deprecated endpoints.

Security improvements in newer versions prompt risk assessments. If version 3 patches a critical authentication bypass present in versions 1 and 2, organizations decide whether backporting the fix maintains compatibility or whether forced migration becomes mandatory. Client migration paths need documentation, support resources, and reasonable timelines balanced against security urgency.

## Improper Inventory Management FAQs

### What is API sprawl?

API sprawl occurs when organizations accumulate APIs faster than they can track them. Microservices architectures, multicloud deployments, and rapid development cycles create hundreds of endpoints across teams and environments. Engineering velocity outpaces governance, leaving security teams unable to catalog what exists, where it runs, or who maintains it.

### What is attack surface management?

Attack surface management continuously discovers, catalogs, and monitors all internet-facing assets an organization owns. The practice identifies unknown infrastructure, misconfigured services, and forgotten endpoints attackers could exploit. For APIs, attack surface management means finding every exposed host, version, and integration before adversaries do.

### What is an API governance framework?

API governance frameworks establish policies, standards, and processes controlling how organizations design, deploy, document, and retire APIs. Frameworks define approval workflows for new endpoints, mandate security requirements, specify documentation standards, and enforce lifecycle management practices. Governance translates security principles into enforceable development practices.

### What is schema drift?

Schema drift happens when API implementations diverge from their documented contracts. Developers add parameters, change data types, or modify response structures without updating OpenAPI specifications. Clients depend on documented behavior while actual endpoints operate differently, creating integration failures and security gaps where validation logic becomes obsolete.

### What is service mesh observability?

Service mesh observability provides visibility into microservice-to-microservice API communication within cluster environments. Tools like Istio or Linkerd instrument service calls, capturing request patterns, authentication flows, and data transfers between pods. Observability reveals which services communicate, what data they exchange, and whether interactions match documented architectures.

### What is API dependency mapping?

API dependency mapping traces how services rely on other APIs to function. A customer checkout endpoint might call payment processing, inventory management, and shipping calculation APIs in sequence. Dependency maps reveal cascading failure points, identify which deprecated APIs still support critical business functions, and expose transitive risks where vulnerabilities propagate through integration chains.
Related Content  
[Secure Your Application Programming Interfaces (APIs)
API security is critical for application protection. Gain complete visibility, protect against threats, and eliminate blind spots with our tipsheet.](https://www.paloaltonetworks.com/resources/datasheets/tip-sheet-secure-your-apis?ts=markdown)  
[Securing the API Attack Surface
In partnership with the ESG research team, we surveyed IT, cybersecurity and application development professionals to uncover the latest trends in API security.](https://www.paloaltonetworks.com/resources/research/api-security-statistics-report?ts=markdown)  
[API Security
API security involves real-time protection against OWASP Top 10 attacks, DoS, and bot attacks, including SQL injection and cross-site scripting.](https://www.paloaltonetworks.com/cortex/cloud/api-security?ts=markdown)  
[Secure APIs in the Cloud-Native Era
Cloud-native applications rely on APIs to function, and attackers know it. Every connection between microservices is a potential entry point for threat actors without continuous AP...](https://www.paloaltonetworks.com/resources/whitepapers/api-security-in-the-cloud-native-era?ts=markdown)  
![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Improper%20Inventory%20Management%3F&body=Improper%20Inventory%20Management%3A%20Unknown%20APIs%20create%20security%20gaps.%20Learn%20discovery%20methods%2C%20prevention%20best%20practices%2C%20and%20lifecycle%20management%20strategies.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/improper-inventory-management-api9)  
Back to Top  
[Previous](https://www.paloaltonetworks.com/cyberpedia/api-endpoint-security?ts=markdown) What Is API Endpoint Security  
[Next](https://www.paloaltonetworks.com/cyberpedia/cloud-api-security-strategy?ts=markdown) Cloud API Security: Strategy for the DevOps Era  
{#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language