1. Home
    2. AutoFocus
    3. AutoFocus™ API References
    4. Perform Direct Searches
    5. Get Antivirus Signature

    Get Antivirus Signature

    Use this resource to get antivirus signature info based on the specified signature ID or SHA256 value.

    Resource

    https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/panav/signature/{antivirus_signature_id}
    https://autofocus.paloaltonetworks.com/api/intel/v1/file/{sha256}/signature

    Request Parameters

    The following table describes the parameters used with this endpoint.
    Parameters
    Description
    Type
    Example or Possible Values
    apiKey
    (
    Required
    ) API key tied to your license. All users attached to a license share a single API key.
    string
    Example (obfuscated):
    d32108a5-XXX-XXXX-XXXX-c04bda5b8450
    {antivirus_signature_id}
    (Required for /panav/signature/) The identification number of an antivirus signature.
    string
    The ID range for antivirus signatures are based on the file type.
    • PE: 2000000-2900000
    • PDF: 1100000-1102000
    • APK: 1000000-1015000
    • DNS: 4000000-4100000
    • Office/RTF: 1110000-1140000
    • JAVA Class: 1250000-1253000
    • Flash: 1270000-1273000
    • OpenOffice: 1210000-1225000
    • SWFZWS: 6000000-60000500
    • PKG: 1050000-1055000
    • MACH-O: 1060000-106200
    • APP: 1070000-1071000
    • DMG: 60100000-6015000
    Example:
    93544016
    Antivirus signatures that are not associated with the file types shown above can have an ID number that exceeds the range defined in this table.
    {sha256}
    (Required for /file/{sha256}/signature) The SHA256 hash value of a sample.
    string
    Valid SHA256 hash.
    Example:
    eb4559d2debb5de11b3a90536ef36709de394b91c1e9a981e4987c4c02036b52

    JSON Sample 1

    Request

    Include the API key and antivirus signature ID number in the resource URL.
    curl -X GET "https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/panav/signature/1065689?api_key=apiKey" -H "accept: application/json"

    Response

    The response contains details about the antivirus signature.
    [
  {
    "signatureName": "Worm/Win32.autorun.crck",
    "signatureId": "93534285",
    "createTime": "2010-10-01 10:28:57(UTC)",
    "active": false,
    "sha256": [
      "7a520be9db919a09d8ccd9b78c11885a6e97bc9cc87414558254cef3081dccf8"
    ],
    "release": {
      "wildfire": {
        "latestReleaseVersion": n/a,
        "latestReleaseTime": n/a,
        "firstReleaseVersion": 316,
        "firstReleaseTime": "2011-04-05 UTC"
      },
      "antivirus": {
        "latestReleaseVersion": n/a,
        "latestReleaseTime": n/a,
        "firstReleaseVersion": 316,
        "firstReleaseTime": "2011-04-05 UTC"
      }
    }
  }
]

    JSON Sample 2

    Request

    Include the API key and SHA256 hash in the resource URL.
    curl -X GET "https://autofocus.paloaltonetworks.com/api/intel/v1/file/050aef130c079f10a2549b3f948c5d6548bfd33e0dee4fa264300de57ba619da/signature?api_key=apiKey" -H "accept: application/json"

    Response

    The response contains details about the antivirus signature.
    [
  {
    "signatureName": "Adware/Win32.zango.crck",
    "signatureId": "94674345",
    "createTime": "2011-02-16 19:37:56(UTC)",
    "active": false,
    "sha256": [
      "050aef130c079f10a2549b3f948c5d6548bfd33e0dee4fa264300de57ba619da"
    ],
    "release": {
      "wildfire": {
        "latestReleaseVersion": n/a,
        "latestReleaseTime": n/a,
        "firstReleaseVersion": 418,
        "firstReleaseTime": "2011-04-21 UTC"
      },
      "antivirus": {
        "latestReleaseVersion": n/a,
        "latestReleaseTime": n/a,
        "firstReleaseVersion": 418,
        "firstReleaseTime": "2011-04-21 UTC"
      }
    }
  }
]

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo