To learn more, visit the WildFire documentation.
Basic Parameters
| Parameter | Description |
|---|---|
| Format | The format of the report that is returned. |
| Hash | The MD5 or SHA-256 hash of the file. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Agent | Required for Prisma Access and Prisma Cloud Compute-based WildFire public API keys. |
Example Output
{ "success": true, "result": { "detection_reasons": [], "iocs": [], "maec_packages": [ { "id": "package--f4dc11a8-b803-437c-5f1f-de0a08ea5fe7", "maec_objects": [ { "analysis_metadata": [ { "analysis_type": "static", "conclusion": "no detection", "is_automated": true, "tool_refs": [ "1" ] } ], "dynamic_features": { "action_refs": [ "malware-action--cf4acb1f-d613-4ff3-472ac877418c3e15" ], "behavior_refs": [ "behavior--3a7cd04f-b867-4c06-e97e-911df668b4aa", "behavior--832fc6d9-d0d7-44ef-84d7-95015187f56f", "behavior--688b7e60-b8f3-482a-f40cb43121b9fe7d", "behavior--574cc6a8-2334-4abff11c-54c92e5749a6" ] }, "id": "malware-instance--bdae93df-8bb1-4521-696a-593eee2574fb", "instance_object_refs": [ "0" ], "type": "malware-instance" }, { "description": "PDF contains an URI.", "id": "behavior--3a7cd04f-b867-4c06-e97e-911df668b4aa", "name": "pdf_sa_uri", "type": "behavior" }, { "description": "PDF has only one page.", "id": "behavior--832fc6d9-d0d7-44ef-84d7-95015187f56f", "name": "pdf_sa_onepage", "type": "behavior" }, { "description": "PDF document contains an canonicalized object key of Action", "id": "behavior--688b7e60-b8f3-482a-f40cb43121b9fe7d", "name": "pdf_ko_action", "type": "behavior" }, { "description": "The action of containing network artifacts.", "id": "malware-action--cf4acb1f-d613-4ff3-472ac877418c3e15", "name": "network-artifacts", "output_object_refs": [ "4", "2", "3" ], "type": "malware-action" }, { "action_refs": [ "malware-action--cf4acb1f-d613-4ff3-472ac877418c3e15" ], "description": "File contains one or more URL/domain name/IP address", "id": "behavior--574cc6a8-2334-4abff11c-54c92e5749a6", "name": "sa_url", "type": "behavior" } ], "observable_objects": { "0": { "hashes": { "MD5": "3b695ce4b733069a1b8671c4e9ebe247", "SHA-1": "25fec390b4419edd0a08784bcb8960143443b347", "SHA-256": "ac1f40162a2435537171dbe29feaf3b75ce0d12c86db411259914ad75e689266" }, "type": "file", "x-wf-file-type": "pdf" }, "1": { "name": "PDF Static Analyzer", "type": "software" }, "2": { "type": "url", "value": "2.2.2.2/" }, "3": { "type": "url", "value": "portalbeta1.wildfire.paloaltonetworks.com/report/box/7521c97f1705211618f8db072b6d0d0e5c28d0d727ecde12344745974d07e068/2588767858" }, "4": { "type": "url", "value": "2.2.2.2:1234/" } }, "schema_version": "5.0", "type": "package" } ], "primary_malware_instances": { "package--f4dc11a8-b803-437c-5f1f-de0a08ea5fe7": "malwareinstance--bdae93df-8bb1-4521-696a-593eee2574fb" }, "sa_package": "package--f4dc11a8-b803-437c-5f1f-de0a08ea5fe7", "schema_version": "1.0", "sha256": "ac1f40162a2435537171dbe29feaf3b75ce0d12c86db411259914ad75e689266", "type": "wf-report", "verdict": "no detection" }}
Workflow Library Example
Get Report for File with Wildfire and Send Results Via Email
Preview this Workflow on desktop