Get Antivirus Signature
Table of Contents
Expand all | Collapse all
-
- Get Session Details
- Get Sample Analysis
- Get Tags
- Get Tag Details
- Get Threat Indicator Feed
- Get Custom Threat Indicator Feed
- Get Threat Intelligence Card Summary
- Export List
- Get Anti-spyware, Vulnerability, and File-Format Signature
- Get Antivirus Signature
- Get DNS Signature
- Get Geolocation
- Get Anti-spyware, Vulnerability, and File-Format Release Info
Get Antivirus Signature
Use this resource to get antivirus signature info based
on the specified signature ID or SHA256 value.
Resource
https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/panav/signature/{antivirus_signature_id}
https://autofocus.paloaltonetworks.com/api/intel/v1/file/{sha256}/signature
Request Parameters
The following table describes the parameters
used with this endpoint.
Parameters | Description | Type | Example or Possible Values |
---|---|---|---|
apiKey | (Required) API key tied to your license.
All users attached to a license share a single API key. | string | Example (obfuscated): d32108a5-XXX-XXXX-XXXX-c04bda5b8450 |
{antivirus_signature_id} | (Required for /panav/signature/) The identification
number of an antivirus signature. | string | The ID range for antivirus signatures are
based on the file type.
Example:
Antivirus
signatures that are not associated with the file types shown above
can have an ID number that exceeds the range defined in this table. |
{sha256} | (Required for /file/{sha256}/signature)
The SHA256 hash value of a sample. | string | Valid SHA256 hash. Example:
|
JSON Sample 1
Request
Include
the API key and antivirus signature ID number in the resource URL.
curl -X GET "https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/panav/signature/1065689?api_key=apiKey" -H "accept: application/json"
Response
The
response contains details about the antivirus signature.
[ { "signatureName": "Worm/Win32.autorun.crck", "signatureId": "93534285", "createTime": "2010-10-01 10:28:57(UTC)", "active": false, "sha256": [ "7a520be9db919a09d8ccd9b78c11885a6e97bc9cc87414558254cef3081dccf8" ], "release": { "wildfire": { "latestReleaseVersion": n/a, "latestReleaseTime": n/a, "firstReleaseVersion": 316, "firstReleaseTime": "2011-04-05 UTC" }, "antivirus": { "latestReleaseVersion": n/a, "latestReleaseTime": n/a, "firstReleaseVersion": 316, "firstReleaseTime": "2011-04-05 UTC" } } } ]
JSON Sample 2
Request
Include
the API key and SHA256 hash in the resource URL.
curl -X GET "https://autofocus.paloaltonetworks.com/api/intel/v1/file/050aef130c079f10a2549b3f948c5d6548bfd33e0dee4fa264300de57ba619da/signature?api_key=apiKey" -H "accept: application/json"
Response
The
response contains details about the antivirus signature.
[ { "signatureName": "Adware/Win32.zango.crck", "signatureId": "94674345", "createTime": "2011-02-16 19:37:56(UTC)", "active": false, "sha256": [ "050aef130c079f10a2549b3f948c5d6548bfd33e0dee4fa264300de57ba619da" ], "release": { "wildfire": { "latestReleaseVersion": n/a, "latestReleaseTime": n/a, "firstReleaseVersion": 418, "firstReleaseTime": "2011-04-21 UTC" }, "antivirus": { "latestReleaseVersion": n/a, "latestReleaseTime": n/a, "firstReleaseVersion": 418, "firstReleaseTime": "2011-04-21 UTC" } } } ]