WildFire API Reference
    : Make Your First WildFire API Call
    Focus
    Download PDF
    Focus
    1. Home
    2. WildFire
    3. WildFire API Reference
    4. Get Started with the WildFire API
    5. Make Your First WildFire API Call
    Download PDF

    WildFire API Reference

    Make Your First WildFire API Call

    Table of Contents

    Make Your First WildFire API Call

    After you Get Your API Key, use that API key to make your first call to the WildFire API. This first call returns a WildFire analysis report for a Microsoft Excel file that was submitted to WildFire and determined to be malware.
    1. In your cURL POST request to the get/report resource, include your API key along with the MD5 or SHA-256 hash value of the sample. If you are issuing the request using a WildFire public API key associated with a Prisma Access or Prisma Cloud Compute subscription, you must also specify the type by including agent=pcc or agent=prismaaccessapi form parameter in the query, whereby pcc indicates Prisma Cloud Compute and prismaaccessapi indicates Prisma Access. Ensure that a format is specified, which is XML in this example, but can also be retrieved in the PDF and maec formats:
      curl -F 'hash=dca86121cc7427e375fd24fe5871d727'
-F 'apikey=<API KEY>' -F 'format=xml' 'https://wildfire.paloaltonetworks.com/publicapi/get/report'
      If you are using a Prisma Access based WildFire public API key, the following query would be issued:
      curl -F agent=prismaaccessapi 'hash=dca86121cc7427e375fd24fe5871d727'
-F 'apikey=<API KEY>' -F 'format=xml' 'https://wildfire.paloaltonetworks.com/publicapi/get/report'
      If you are using a Prisma Cloud Compute based WildFire public API key, the following query would be issued:
      curl -F agent=pcc 'hash=dca86121cc7427e375fd24fe5871d727'
-F 'apikey=<API KEY>' -F 'format=xml' 'https://wildfire.paloaltonetworks.com/publicapi/get/report'
      The response includes detailed information with sections such as file_info and task_info:
      <?xml version="1.0" encoding="UTF-8"?> 
<wildfire> 
    <version>2.0</version> 
    <file_info> 
        <malware>yes</malware> 
        <sha1></sha1> 
        <filetype>Microsoft Excel 97 - 2003 Document</filetype> 
        <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> 
        <md5>dca86121cc7427e375fd24fe5871d727</md5> 
        <size>13825</size> 
    </file_info> 
    <task_info> 
        <report> 
            <version>2.0</version> 
            <platform>101</platform> 
            <software>DOC/CDF Static Analyzer</software> 
            <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> 
            <md5>dca86121cc7427e375fd24fe5871d727</md5> 
            <malware>suspicious</malware> 
            <summary> 
                <entry>CDF document has abnormal file attributes</entry> 
                <entry>CDF document has no Last Modified time</entry> 
            </summary> 
        </report> 
        <report> 
            <version>2.0</version> 
            <platform>2</platform> 
            <software>Windows XP, Adobe Reader 9.4.0, Flash 10, Office 2007</software> 
            <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> 
            <md5>dca86121cc7427e375fd24fe5871d727</md5> 
            <size>13825</size> 
            <malware>yes</malware> 
<!-- truncated --> 
</report> 
</task_info>  
</wildfire>
    2. Next Steps...
      When making a cURL request to the WildFire private cloud, ensure that you use the -k option to specify an insecure connection. The WildFire appliance has a private certificate that will not match the certificate authority database. Example:
      curl
-k -F apikey=<API KEY> -F hash=dca86121cc7427e375fd24fe5871d727
https://11.129.70.17/publicapi/get/report

    © 2024 Palo Alto Networks, Inc. All rights reserved.