: Get Antivirus Signature
Focus
Focus

Get Antivirus Signature

Table of Contents

Get Antivirus Signature

Use this resource to get antivirus signature info based on the specified signature ID or SHA256 value.

Resource

https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/panav/signature/{antivirus_signature_id}
https://autofocus.paloaltonetworks.com/api/intel/v1/file/{sha256}/signature

Request Parameters

The following table describes the parameters used with this endpoint.
Parameters
Description
Type
Example or Possible Values
apiKey
(Required) API key tied to your license. All users attached to a license share a single API key.
string
Example (obfuscated):
d32108a5-XXX-XXXX-XXXX-c04bda5b8450
{antivirus_signature_id}
(Required for /panav/signature/) The identification number of an antivirus signature.
string
The ID range for antivirus signatures are based on the file type.
  • PE: 2000000-2900000
  • PDF: 1100000-1102000
  • APK: 1000000-1015000
  • DNS: 4000000-4100000
  • Office/RTF: 1110000-1140000
  • JAVA Class: 1250000-1253000
  • Flash: 1270000-1273000
  • OpenOffice: 1210000-1225000
  • SWFZWS: 6000000-60000500
  • PKG: 1050000-1055000
  • MACH-O: 1060000-106200
  • APP: 1070000-1071000
  • DMG: 60100000-6015000
Example:
93544016
Antivirus signatures that are not associated with the file types shown above can have an ID number that exceeds the range defined in this table.
{sha256}
(Required for /file/{sha256}/signature) The SHA256 hash value of a sample.
string
Valid SHA256 hash.
Example:
eb4559d2debb5de11b3a90536ef36709de394b91c1e9a981e4987c4c02036b52

JSON Sample 1

Request

Include the API key and antivirus signature ID number in the resource URL.
curl -X GET "https://autofocus.paloaltonetworks.com/api/intel/v1/threatvault/panav/signature/1065689?api_key=apiKey" -H "accept: application/json"

Response

The response contains details about the antivirus signature.
[ { "signatureName": "Worm/Win32.autorun.crck", "signatureId": "93534285", "createTime": "2010-10-01 10:28:57(UTC)", "active": false, "sha256": [ "7a520be9db919a09d8ccd9b78c11885a6e97bc9cc87414558254cef3081dccf8" ], "release": { "wildfire": { "latestReleaseVersion": n/a, "latestReleaseTime": n/a, "firstReleaseVersion": 316, "firstReleaseTime": "2011-04-05 UTC" }, "antivirus": { "latestReleaseVersion": n/a, "latestReleaseTime": n/a, "firstReleaseVersion": 316, "firstReleaseTime": "2011-04-05 UTC" } } } ]

JSON Sample 2

Request

Include the API key and SHA256 hash in the resource URL.
curl -X GET "https://autofocus.paloaltonetworks.com/api/intel/v1/file/050aef130c079f10a2549b3f948c5d6548bfd33e0dee4fa264300de57ba619da/signature?api_key=apiKey" -H "accept: application/json"

Response

The response contains details about the antivirus signature.
[ { "signatureName": "Adware/Win32.zango.crck", "signatureId": "94674345", "createTime": "2011-02-16 19:37:56(UTC)", "active": false, "sha256": [ "050aef130c079f10a2549b3f948c5d6548bfd33e0dee4fa264300de57ba619da" ], "release": { "wildfire": { "latestReleaseVersion": n/a, "latestReleaseTime": n/a, "firstReleaseVersion": 418, "firstReleaseTime": "2011-04-21 UTC" }, "antivirus": { "latestReleaseVersion": n/a, "latestReleaseTime": n/a, "firstReleaseVersion": 418, "firstReleaseTime": "2011-04-21 UTC" } } } ]