Focus

AutoFocus® API Reference

Get Antivirus Signature

Table of Contents

Get Antivirus Signature

Use this resource to get antivirus signature info based on the specified signature ID or SHA256 value.

Resource
Request Parameters
JSON Sample 1
JSON Sample 2

Resource

https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/panav/signature/{antivirus_signature_id}

https://autofocus.paloaltonetworks.com/api/intel/v1/file/{sha256}/signature

Request Parameters

The following table describes the parameters used with this endpoint.

Parameters	Description	Type	Example or Possible Values
apiKey	(Required) API key tied to your license. All users attached to a license share a single API key.	string	Example (obfuscated): d32108a5-XXX-XXXX-XXXX-c04bda5b8450
{antivirus_signature_id}	(Required for /panav/signature/) The identification number of an antivirus signature.	string	The ID range for antivirus signatures are based on the file type. PE: 2000000-2900000 PDF: 1100000-1102000 APK: 1000000-1015000 DNS: 4000000-4100000 Office/RTF: 1110000-1140000 JAVA Class: 1250000-1253000 Flash: 1270000-1273000 OpenOffice: 1210000-1225000 SWFZWS: 6000000-60000500 PKG: 1050000-1055000 MACH-O: 1060000-106200 APP: 1070000-1071000 DMG: 60100000-6015000 Example: 93544016 Antivirus signatures that are not associated with the file types shown above can have an ID number that exceeds the range defined in this table.
{sha256}	(Required for /file/{sha256}/signature) The SHA256 hash value of a sample.	string	Valid SHA256 hash. Example: eb4559d2debb5de11b3a90536ef36709de394b91c1e9a981e4987c4c02036b52

Request

Include the API key and antivirus signature ID number in the resource URL.

curl -X GET "https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/panav/signature/1065689?api_key=apiKey" -H "accept: application/json"

Response

The response contains details about the antivirus signature.

[
  {
    "signatureName": "Worm/Win32.autorun.crck",
    "signatureId": "93534285",
    "createTime": "2010-10-01 10:28:57(UTC)",
    "active": false,
    "sha256": [
      "7a520be9db919a09d8ccd9b78c11885a6e97bc9cc87414558254cef3081dccf8"
    ],
    "release": {
      "wildfire": {
        "latestReleaseVersion": n/a,
        "latestReleaseTime": n/a,
        "firstReleaseVersion": 316,
        "firstReleaseTime": "2011-04-05 UTC"
      },
      "antivirus": {
        "latestReleaseVersion": n/a,
        "latestReleaseTime": n/a,
        "firstReleaseVersion": 316,
        "firstReleaseTime": "2011-04-05 UTC"
      }
    }
  }
]

JSON Sample 2

Request
Response

Request

Include the API key and SHA256 hash in the resource URL.

curl -X GET "https://autofocus.paloaltonetworks.com/api/intel/v1/file/050aef130c079f10a2549b3f948c5d6548bfd33e0dee4fa264300de57ba619da/signature?api_key=apiKey" -H "accept: application/json"

Response

The response contains details about the antivirus signature.

[
  {
    "signatureName": "Adware/Win32.zango.crck",
    "signatureId": "94674345",
    "createTime": "2011-02-16 19:37:56(UTC)",
    "active": false,
    "sha256": [
      "050aef130c079f10a2549b3f948c5d6548bfd33e0dee4fa264300de57ba619da"
    ],
    "release": {
      "wildfire": {
        "latestReleaseVersion": n/a,
        "latestReleaseTime": n/a,
        "firstReleaseVersion": 418,
        "firstReleaseTime": "2011-04-21 UTC"
      },
      "antivirus": {
        "latestReleaseVersion": n/a,
        "latestReleaseTime": n/a,
        "firstReleaseVersion": 418,
        "firstReleaseTime": "2011-04-21 UTC"
      }
    }
  }
]

Get Anti-spyware, Vulnerability, and File-Format Signature

Get DNS Signature