Strata Copilot
    WildFire API Reference
    : Get a List of Samples with Changed WildFire Appliance Verdicts (WildFire API)
    Focus
    Download PDF
    Focus
    1. Home
    2. WildFire
    3. WildFire API Reference
    4. Get WildFire Information through the WildFire API
    5. Get a List of Samples with Changed WildFire Appliance Verdicts (WildFire API)
    Download PDF

    WildFire API Reference

    Get a List of Samples with Changed WildFire Appliance Verdicts (WildFire API)

    Table of Contents

    Get a List of Samples with Changed WildFire Appliance Verdicts (WildFire API)

    Use the /get/verdicts/changed resource to retrieve a list of samples with changed WildFire appliance verdicts. Changed verdicts can only be obtained for the past 30 days.

    Resource

    /get/verdicts/changed

    Request Parameters

    Use the following form parameters when requesting a list of changed WildFire appliance verdicts:
    Parameters
    Description
    Example
     
    apikey
    (Required for API key authentication) API key
    Example:
    apikey=<API KEY>
    Authorization
    (Required for token-based authentication) HTTP request header for token-based authentication. To obtain an access token, create a WildFire API token in Strata Cloud Manager, then generate an access token from the authentication service.
    Example:
    -H "Authorization: Bearer <ACCESS_TOKEN>"
    agent
    (Required for Prisma Access and Prisma Cloud Compute-based WildFire public API keys) Designates the API key type
    Example:
    agent=pcc
    Options include:
    • pcc—for use with Prisma Cloud Compute-based WildFire public API keys
    • prismaaccessapi—for use with Prisma Access-based WildFire public API keys
    date
    (Required) Samples with changed verdicts from the specified date to the present date is shown in this list.
    You cannot get WildFire verdicts older than 30 days. Attempting to retrieve older records results in a 403 error.
    The date value must be in the following format: YYYY-MM-DD
    Example:
    date=2017-02-23

    Example Request

    Make a POST request to the /get/verdicts/changed resource and include the API key and a start date for the query, similar to the following cURL command:
    curl
-F ‘apikey=<API KEY>’ -F ‘date=2017-02-03’ ‘https://10.1.1.1/publicapi/get/verdicts/changed’
    The XML response contains the WildFire verdict along with the related hash values for each sample with changed verdicts within the specified time-frame:
    <wildfire> 
    <get-verdict-info> 
        <sha256>afe6b95ad95bc689c356f34ec8d9094c495e4af57c932ac413b65ef132063acc</sha256> 
        <verdict>1</verdict> 
        <md5>0e4e3c2d84a9bc726a50b3c91346fbb1</md5> 
    </get-verdict-info> 
........... 
    <get-verdict-info> 
        <sha256>9739eb4207fe251d40f05187cbfd16081f97b246ebcc6010660244a84a9391b0</sha256> 
        <verdict>2</verdict> 
        <md5>481e625e50211efcaf6edb8f54f8cf83</md5> 
    </get-verdict-info> 
</wildfire>
    The verdict element value can be one of the following:
    • 0: benign
    • 1: malware
    • 2: grayware
    • 4: phishing

    Example Request (Token-Based Authentication)

    Alternatively, you can authenticate using a Bearer token instead of an API key. Make the same POST request to the /get/verdictchanged resource, but replace the apikey form field with an Authorization header containing your access token:
    curl -F 'date=2020-01-01 00:00:00' -H 'Authorization: Bearer <ACCESS_TOKEN>' 'https://wildfire.paloaltonetworks.com/publicapi/get/verdictchanged'

    © 2026 Palo Alto Networks, Inc. All rights reserved.