Start a Search
Table of Contents
Expand all | Collapse all
-
- Get Session Details
- Get Sample Analysis
- Get Tags
- Get Tag Details
- Get Threat Indicator Feed
- Get Custom Threat Indicator Feed
- Get Threat Intelligence Card Summary
- Export List
- Get Anti-spyware, Vulnerability, and File-Format Signature
- Get Antivirus Signature
- Get DNS Signature
- Get Geolocation
- Get Anti-spyware, Vulnerability, and File-Format Release Info
Start a Search
In this call, we will start a search for the first 50
samples that WildFire™ has determined are malware.
In your cURL request, specify a POST request using JSON as your
content type:
curl -X POST https://autofocus.paloaltonetworks.com/api/v1.0/samples/search/ \ -H "Content-Type: application/json" \ -d '{ "apiKey": "apikey", "query": { "operator": "all", "children": [ { "field": "sample.malware", "operator": "is", "value": 1 } ] }, "size": 50, "from": 0, "sort": { "create_date": { "order": "desc" } }, "scope": "public" }’
In response to your initial request, the API returns the following
JSON, which contains a search ID (also known as an af_cookie):
{ "in_progress":true, "af_cookie":"870218db-27cd-4614-ac36-1d87f3f0016e+0", "bucket_info":{ "minute_points":200, "daily_points":25000, "minute_points_remaining":190, "daily_points_remaining":24114, "minute_bucket_start":"2015-09-04 18:51:39", "daily_bucket_start":"2015-09-04 13:58:42" } }