WildFire API Reference
    : Get Multiple WildFire Verdicts (WildFire API)
    Focus
    Download PDF
    Focus
    1. Home
    2. WildFire
    3. WildFire API Reference
    4. Get WildFire Information through the WildFire API
    5. Get Multiple WildFire Verdicts (WildFire API)
    Download PDF

    WildFire API Reference

    Get Multiple WildFire Verdicts (WildFire API)

    Table of Contents

    Get Multiple WildFire Verdicts (WildFire API)

    Use this resource to get multiple WildFire verdicts based on a text file that contains multiple hashes. You can include up to 500 hash values in a single file, with each hash value being on a separate line:
    9739eb4207fe251d40f05187cbfd16081f97b246ebcc6010660244a84a9391b0 
e9039e873b59574762afb0d15bdcaf9fee9b163c81d239458b95b4087167f86e

    Resource

    /get/verdicts/

    Request Parameters

    Use the following form parameters when requesting multiple WildFire verdicts:
    Parameters
    Description
    Example
     
    apikey
    (Required) API key
    Example:
    apikey=<API KEY>
    agent
    (Required for Prisma Access and Prisma Cloud Compute-based WildFire public API keys) Designates the API key type
    Example:
    agent=pcc
    Options include:
    • pcc—for use with Prisma Cloud Compute-based WildFire public API keys
    • prismaaccessapi—for use with Prisma Access-based WildFire public API keys
    file
    (Required) Local path to file containing up to 500 hash values
    Example:
    file=@c:\hashlist.txt

    Example Request

    Make a POST request to the /get/verdicts resource and include the API key along with the file that contains a list of hashes (each hash value must be on a separate line):
    
afe6b95ad95bc689c356f34ec8d9094c495e4af57c932ac413b65ef132063acc
9739eb4207fe251d40f05187cbfd16081f97b246ebcc6010660244a84a9391b4
    The following cURL command includes a filepath on the local file system:
    curl
-F 'apikey=<API KEY>' -F 'file=@c:\hashlist.txt' https://wildfire.paloaltonetworks.com/publicapi/get/verdicts
    The XML response contains multiple WildFire verdicts for each hash value:
    <wildfire> 
  <get-verdict-info> 
    <sha256>9739eb4207fe251d40f05187cbfd16081f97b246ebcc6010660244a84a9391b0</sha256> 
    <verdict>0</verdict> 
    <md5>481e625e50211efcaf6edb8f54f8cf83</md5> 
  </get-verdict-info> 
  <get-verdict-info> 
    <sha256>e9039e873b59574762afb0d15bdcaf9fee9b163c81d239458b95b4087167f86e</sha256> 
    <verdict>0</verdict> 
    <md5>b8624d8d267ba2c8e2f91d90eb1a5c9b</md5> 
  </get-verdict-info> 
</wildfire>
    The verdict element value can have one of the following:
    • 0: benign
    • 1: malware
    • 2: grayware
    • 4: phishing
    • 5: C2
    • -100: pending, the sample exists, but there is currently no verdict (applicable to file analysis only)
    • -101: error
    • -102: unknown, cannot find sample record in the database
    • -103: invalid hash value

    © 2024 Palo Alto Networks, Inc. All rights reserved.