: Get a Sample (WildFire API)
Focus
Focus

Get a Sample (WildFire API)

Table of Contents

Get a Sample (WildFire API)

Use this resource to download sample files based on the MD5 or SHA-256 hash value. Palo Alto Networks provides access to malware samples collected by the WildFire cloud for 10 years, while grayware sample are available for 14 days. Benign samples are not available for download.

Resource

/get/sample/

Request Parameters

Use the following form parameters when requesting a sample:
Parameters
Description
Example
apikey
(Required) API key
Example:
apikey=<API KEY>
agent
(Required for Prisma Access and Prisma Cloud Compute-based WildFire public API keys) Designates the API key type
Example:
agent=pcc
Options include:
  • pcc—for use with Prisma Cloud Compute-based WildFire public API keys
  • prismaaccessapi—for use with Prisma Access-based WildFire public API keys
hash
(Required) MD5 or SHA-256 hash value of the sample
Example:
hash=afe6b95ad95bc689c356f34 ec8d9094c495e4af57c932ac413b65ef132063acc

Example Request

Make a POST request to the /get/sample resource and include the API key along with the MD5 or SHA-256 hash value of the sample. Include the -JO option to use the Content-Disposition filename as provided by the server, similar to the following cURL command:
curl -JO -F 'apikey=<API KEY>' -F 'hash=afe6b95ad95bc689c356f34ec8d9094c495e4af57c932ac413b65ef132063acc' 'https://wildfire.paloaltonetworks.com/publicapi/get/sample'
The response saves the packet capture file. Example:
175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323.xls.000