Make Your First WildFire API Call

After you Get Your API Key, use that API key to make your first call to the WildFire API. This first call returns a WildFire analysis report for a Microsoft Excel file that was submitted to WildFire and determined to be malware.
  1. In your cURL POST request to the get/report resource, include your API key along with the MD5 or SHA-256 hash value of the sample. Ensure that a format is specified, which is XML in this example, but can also be PDF:
    curl -F 'hash=dca86121cc7427e375fd24fe5871d727'
    -F 'apikey=b0e0a39515d46170ee7498452967c21' -F 'format=xml' 'https://wildfire.paloaltonetworks.com/publicapi/get/report'
    The response includes detailed information with sections such as file_info and task_info:
    <?xml version="1.0" encoding="UTF-8"?> 
    <wildfire> 
        <version>2.0</version> 
        <file_info> 
            <malware>yes</malware> 
            <sha1></sha1> 
            <filetype>Microsoft Excel 97 - 2003 Document</filetype> 
            <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> 
            <md5>dca86121cc7427e375fd24fe5871d727</md5> 
            <size>13825</size> 
        </file_info> 
        <task_info> 
            <report> 
                <version>2.0</version> 
                <platform>101</platform> 
                <software>DOC/CDF Static Analyzer</software> 
                <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> 
                <md5>dca86121cc7427e375fd24fe5871d727</md5> 
                <malware>suspicious</malware> 
                <summary> 
                    <entry>CDF document has abnormal file attributes</entry> 
                    <entry>CDF document has no Last Modified time</entry> 
                </summary> 
            </report> 
            <report> 
                <version>2.0</version> 
                <platform>2</platform> 
                <software>Windows XP, Adobe Reader 9.4.0, Flash 10, Office 2007</software> 
                <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> 
                <md5>dca86121cc7427e375fd24fe5871d727</md5> 
                <size>13825</size> 
                <malware>yes</malware> 
    <!-- truncated --> 
    </report> 
    </task_info>  
    </wildfire> 
  2. Next Steps...
    When making a cURL request to the WildFire private cloud, ensure that you use the -k option to specify an insecure connection. The WildFire appliance has a private certificate that will not match the certificate authority database. Example:
    curl
    -k -F apikey=b0e0a39515d46170ee7498452967c21 -F hash=dca86121cc7427e375fd24fe5871d727
    https://11.129.70.17/publicapi/get/report

Related Documentation