API Support for Signature Coverage
The AutoFocus™ API now allows you to view the WildFire®
signatures that are available to identify a malware sample. In addition
to the observed properties, behaviors, and activities included in
sample analysis results,
the API request can specify
"coverage":"true"
to
include WildFire
signature coverage in sample analysis:
curl -X POST -H "Content-Type: application/json" -d '{"apiKey":"
apikey","coverage":"true"}' "https://autofocus.paloaltonetworks.com/api/v1.0/sample/
0759049506430d46304c84f757e4e8e3b0f634a9efc06fdb01ce8c0bcb856daa/analysis"
"coverage": {
"wf_av_sig": [
{
"name": "Worm/Win32.mydoom.nszw",
"create_date": "2016-05-05T14:33:12.000Z",
"first_added_daily": 1868,
"last_added_daily": 1868,
"first_added_15min": 96265,
"last_added_15min": 96265,
"first_added_5min": 33799,
"last_added_5min": 33799,
"currently_present_daily": false,
"currently_present_15min": false,
"currently_present_5min": false
}
],
"dns_sig": "Not Available",
"fileurl_sig": "Not Available",
"url_cat": [
{
"url": "nserver3.apple.com",
"cat": "Computer and Internet Info",
"importance": 1
}
