Get a WildFire Verdict (WildFire API)
Table of Contents
Expand all | Collapse all
-
- Get a WildFire Verdict (WildFire API)
- Get Multiple WildFire Verdicts (WildFire API)
- Get a List of Samples with Changed WildFire Appliance Verdicts (WildFire API)
- Get a Sample (WildFire API)
- Get a Packet Capture (WildFire API)
- Get a WildFire Analysis Report (WildFire API)
- Get a Malware Test File (WildFire API)
- Get URL Web Artifacts
- WildFire API Error Codes
Get a WildFire Verdict (WildFire API)
Use the /get/verdict resource
to get a WildFire verdict for a sample based on the MD5 or SHA-256
hash or a web page based on the URL.
When requesting
multiple WildFire verdicts, use the /get/verdicts resource
to reduce the number of requests that count toward your daily limit.
Learn how to Get Multiple WildFire Verdicts (WildFire API) and learn
about request limits as part of WildFire
API Access Control.
Resource
/get/verdict/
Request Parameters
Use the following form
parameters when requesting a WildFire verdict for a sample or web
page:
Parameters | Description | Example |
|---|---|---|
| ( Required) API key | Example:
|
| (Required for Prisma Access and Prisma Cloud
Compute-based WildFire public API keys) Designates the API
key type | Example:
Options
include:
|
| MD5 or SHA-256 hash value of the sample | Example:
|
| The URL of the web page | Example:
|
Example Request 1
Make a POST request
to the /get/verdict resource and include the API key along with
the MD5 or SHA-256 hash value of the sample, similar to the following
cURL command:
curl -F 'apikey=<API KEY>' -F 'hash=afe6b95ad95bc689c356f34ec8d9094c495e4af57c932ac413b65ef132063acc' 'https://wildfire.paloaltonetworks.com/publicapi/get/verdict'
The
XML response contains the WildFire verdict along with the related
hash values:
<wildfire> <get-verdict-info> <sha256>afe6b95ad95bc689c356f34ec8d9094c495e4af57c932ac413b65ef132063acc</sha256> <verdict>1</verdict> <md5>0e4e3c2d84a9bc726a50b3c91346fbb1</md5> </get-verdict-info> </wildfire>
The verdict element
value can be one of the following:
- 0: benign
- 1: malware
- 2: grayware
- 4: phishing
- 5: C2
- -100: pending, the sample exists, but there is currently no verdict (applicable to file analysis only)
- -101: error
- -102: unknown, cannot find sample record in the database
- -103: invalid hash value
When
sending an invalid hash value, an HTTP 421 status
is returned.
Example Request 2
Make a POST request
to the /get/verdict resource and include the API key along with
a web page URL, similar to the following cURL command:
curl -F 'apikey=<API KEY>' -F 'url=http://www.google.com' 'https://wildfire.paloaltonetworks.com/publicapi/get/verdict'
The
XML response contains the WildFire verdict for the specified URL,
the time and date when it was analyzed, and the validity, meaning
that the verdict is up-to-date. URLs that have not been analyzed
recently are considered obsolete and are designated as no longer
valid:
<wildfire> <get-verdict-info> <url>http://www.google.com</url> <verdict>0</verdict> <analysis_time>2020-07-29T16:33:17Z</analysis_time> <valid>Yes</valid> </get-verdict-info> </wildfire>