WildFire API Resources

The WildFire API allows you to submit files and links to WildFire for analysis using the /submit/ resources. Use the /get/ and /test/pe resources to get samples, packet captures, WildFire verdicts, analysis reports, and malware test files.
To use the WildFire API, use one of the following base URIs that correspond to each WildFire public cloud:
  • Global cloud: https://wildfire.paloaltonetworks.com/publicapi
  • EU cloud: https://eu.wildfire.paloaltonetworks.com/publicapi
  • Japan cloud: https://jp.wildfire.paloaltonetworks.com/publicapi
  • Singapore cloud: https://sg.wildfire.paloaltonetworks.com/publicapi
See the WildFire Administrator’s Guide for details of each public cloud deployment.
The base URI when using the WildFire API with the WildFire appliance is the fully qualified domain name or IP address of the WildFire appliance:
https://<wf-appliance>/publicapi
Example: https://10.1.1.1/publicapi
Resource
Description
Available on WildFire Appliance
Resources for Submitting Files and Links for Analysis
/submit/file
Submit a file for WildFire analysis.
Yes
/submit/url
Submit a file through a URL for WildFire analysis.
No
/submit/link
Submit a URL for WildFire analysis.
Yes
/submit/links
Submit multiple URLs for WildFire analysis.
Yes
/submit/local-verdict-change
Change the WildFire verdict of a sample.
Yes (appliance only)
Resources for Getting WildFire Data, Verdicts, or Test Malware
/get/sample
Get a particular sample.
Yes
/get/pcap
Get a particular packet capture.
Yes
/get/verdict
Get a WildFire verdict for a submitted sample.
Yes
/get/verdicts
Get WildFire verdicts for multiple samples.
Yes
/get/verdicts/changed
Get a list of samples with changed WildFire verdicts.
Yes (appliance only)
/get/report
Get an XML or PDF report of analysis results for a particular sample.
Yes
/test/pe
Get a malware test file for testing end-to-end testing of how the WildFire public cloud processes a malware sample.
No

Related Documentation