WildFire API Reference
    : Submit a Remote File to WildFire (API)
    Focus
    Download PDF
    Focus
    1. Home
    2. WildFire
    3. WildFire API Reference
    4. Submit Files and Links through the WildFire API
    5. Submit a Remote File to WildFire (API)
    Download PDF

    WildFire API Reference

    Submit a Remote File to WildFire (API)

    Table of Contents

    Submit a Remote File to WildFire (API)

    Submit a supported file type on a website for WildFire analysis. Use this resource for files hosted remotely and not website URLs.
    • The /submit/url resource is not available on the WildFire appliance.
    • When submitting supported script files, you must specify an accurate filename using the context parameter, otherwise WildFire is unable to parse the file and returns a 418 Unsupported File Type response.

    Resource

    /submit/url/

    Request Parameters

    Use the following form parameters when you submit a single file for WildFire analysis:
    Parameters
    Description
    Example
     
    apikey
    ( Required) API key
    Example:
    apikey=<API KEY>
    agent
    (Required for Prisma Access and Prisma Cloud Compute-based WildFire public API keys) Designates the API key type
    Example:
    agent=pcc
    Options include:
    • pcc—for use with Prisma Cloud Compute-based WildFire public API keys
    • prismaaccessapi—for use with Prisma Access-based WildFire public API keys
    url
    ( Required) Remote file URL path
    Example:
    url=http://www.pdf995.com/samples/pdf.pdf
    context
    (Required for script, ASP/ASPX, and XML/HTML filetype submissions) Specify the filename of the sample.
    The following file types are supported:
    • JScript (.js)
    • VBScript (.vbs)
    • PowerShell (.ps1)
    • Shell Script (.sh)
    • Perl Script (.pl)
    • Batch files (.bat)
    • Comma-separated files (.csv)
    • Symbolic Link (.slk)
    • Internet Query (.iqy)
    • Script (.cmd)
    • HTML Application (.hta)
    • Python (.py, .pyc)
    • Markup Language (.html, .xml)
    • ASP.NET (.asp, .aspx)
    context=<base64 encoded
json string>
    Example:
    context=eyJmaWxlbmFtZSI6ICJ0ZXN0LnNoIn0=
    Whereby eyJmaWxlbmFtZSI6ICJ0ZXN0LnNoIn0= is decoded to the following JSON string: {"filename": "test.sh"}

    Example Request 1

    Make a POST request to the /submit/url resource and include the API key along with the URL file path to analyze, as shown in the following cURL command:
    curl
-F 'apikey=<API KEY>' -F 'url=http://www.pdf995.com/samples/pdf.pdf'
'https://wildfire.paloaltonetworks.com/publicapi/submit/url'
    The XML response contains the URL of the file along with the SHA256 and MD5 hash:
    <wildfire>
				<upload-file-info>
				<url>http://www.pdf995.com/samples/pdf.pdf</url>
				<filetype>Adobe PDF document</filetype>
				<filename></filename>
				<sha256>857b6bb4c61fc81eee716b4cada4902f0ad73b1daa9a1fb75e005b38e62800b4</sha256>
				<md5>a4b5f81544801fa2b6007bd5046f1d73</md5>
				<size>312819</size>
				</upload-file-info>
				</wildfire>

    Example Request 2

    Make a POST request to the /submit/url resource and include the API key, the URL script file path to analyze, as well as the context (the filename) in a base64 encoded json string format, as shown in the following cURL command:
    curl -F 'apikey=<API KEY>'
-F 'url=https://www.testserver/test.sh’ -F context=’eyJmaWxlbmFtZSI6ICJ0ZXN0LnNoIn0=' https://wildfire.paloaltonetworks.com/publicapi/submit/url
    The XML response contains the URL of the file along with the SHA256 and MD5 hash:
    
				<wildfire>
				<upload-file-info>
				<url>https://testserver/test.sh</url>
				<filetype>Shell</filetype>
				<filename></filename>
				<sha256>dbc2aa04c02e06e61f3acdba528bb1536ccbb1758a29dc8d25438c2d3ce07e7d</sha256>
				<md5>b0cfc14687e42e2236db247f5c7d861a</md5>
				<size>10740</size>
				</upload-file-info>
				</wildfire>

    © 2024 Palo Alto Networks, Inc. All rights reserved.