API Support for Signature Coverage

The AutoFocus™ API now allows you to view the WildFire® signatures that are available to identify a malware sample. In addition to the observed properties, behaviors, and activities included in sample analysis results, the API request can specify
"coverage":"true"
to include WildFire signature coverage in sample analysis:
curl -X POST -H "Content-Type: application/json" -d '{"apiKey":"
apikey
","coverage":"true"}' "https://autofocus.paloaltonetworks.com/api/v1.0/sample/ 0759049506430d46304c84f757e4e8e3b0f634a9efc06fdb01ce8c0bcb856daa/analysis"
Truncated response:
"coverage": { "wf_av_sig": [ { "name": "Worm/Win32.mydoom.nszw", "create_date": "2016-05-05T14:33:12.000Z", "first_added_daily": 1868, "last_added_daily": 1868, "first_added_15min": 96265, "last_added_15min": 96265, "first_added_5min": 33799, "last_added_5min": 33799, "currently_present_daily": false, "currently_present_15min": false, "currently_present_5min": false } ], "dns_sig": "Not Available", "fileurl_sig": "Not Available", "url_cat": [ { "url": "nserver3.apple.com", "cat": "Computer and Internet Info", "importance": 1 }

Recommended For You