Get a List of Samples with Changed WildFire Appliance Verdicts (WildFire API)

Use the /get/verdicts/changed resource to retrieve a list of samples with changed WildFire appliance verdicts. Changed verdicts can only be obtained for the past 30 days.

Resource

/get/verdicts/changed
Code copied to clipboard
Unable to copy due to lack of browser support.

Request Parameters

Use the following form parameters when requesting a list of changed WildFire appliance verdicts:
Parameters
Description
Example
apikey
Code copied to clipboard
Unable to copy due to lack of browser support.
(Required) API key
Example:
apikey=b0e0e395614d46170ee7498452967c71
Code copied to clipboard
Unable to copy due to lack of browser support.
date
Code copied to clipboard
Unable to copy due to lack of browser support.
(Required) Samples with changed verdicts from the specified date to the present date is shown in this list.
You cannot get WildFire verdicts older than 30 days. Attempting to retrieve older records results in a 403 error.
The date value must be in the following format: YYYY-MM-DD
Example:
date=2017-02-23
Code copied to clipboard
Unable to copy due to lack of browser support.

Example Request

Make a POST request to the /get/verdicts/changed resource and include the API key and a start date for the query, similar to the following cURL command:
curl
-F ‘apikey=b0e0e395614d46170ee7498452967c71’ -F ‘date=2017-02-03’ ‘https://10.1.1.1/publicapi/get/verdicts/changed’
Code copied to clipboard
Unable to copy due to lack of browser support.
The XML response contains the WildFire verdict along with the related hash values for each sample with changed verdicts within the specified time-frame:
<wildfire> 
    <get-verdict-info> 
        <sha256>afe6b95ad95bc689c356f34ec8d9094c495e4af57c932ac413b65ef132063acc</sha256> 
        <verdict>1</verdict> 
        <md5>0e4e3c2d84a9bc726a50b3c91346fbb1</md5> 
    </get-verdict-info> 
........... 
    <get-verdict-info> 
        <sha256>9739eb4207fe251d40f05187cbfd16081f97b246ebcc6010660244a84a9391b0</sha256> 
        <verdict>2</verdict> 
        <md5>481e625e50211efcaf6edb8f54f8cf83</md5> 
    </get-verdict-info> 
</wildfire> 
Code copied to clipboard
Unable to copy due to lack of browser support.
The verdict element value can be one of the following:
  • 0: benign
  • 1: malware
  • 2: grayware
  • 4: phishing

Related Documentation