Get Multiple WildFire Verdicts (WildFire API)

Use this resource to get multiple WildFire verdicts based on a text file that contains multiple hashes. You can include up to 500 hash values in a single file, with each hash value being on a separate line:
9739eb4207fe251d40f05187cbfd16081f97b246ebcc6010660244a84a9391b0 e9039e873b59574762afb0d15bdcaf9fee9b163c81d239458b95b4087167f86e

Resource

/get/verdicts/

Request Parameters

Use the following form parameters when requesting multiple WildFire verdicts:
Parameters
Description
Example
apikey
(
Required
) API key
Example:
apikey=<API KEY>
file
(
Required
) Local path to file containing up to 500 hash values
Example:
file=@c:\hashlist.txt

Example Request

Make a POST request to the /get/verdicts resource and include the API key along with the file that contains a list of hashes (each hash value must be on a separate line):
afe6b95ad95bc689c356f34ec8d9094c495e4af57c932ac413b65ef132063acc 9739eb4207fe251d40f05187cbfd16081f97b246ebcc6010660244a84a9391b4
The following cURL command includes a filepath on the local file system:
curl -F 'apikey=<API KEY>' -F 'file=@c:\hashlist.txt' https://wildfire.paloaltonetworks.com/publicapi/get/verdicts
The XML response contains multiple WildFire verdicts for each hash value:
<wildfire> <get-verdict-info> <sha256>9739eb4207fe251d40f05187cbfd16081f97b246ebcc6010660244a84a9391b0</sha256> <verdict>0</verdict> <md5>481e625e50211efcaf6edb8f54f8cf83</md5> </get-verdict-info> <get-verdict-info> <sha256>e9039e873b59574762afb0d15bdcaf9fee9b163c81d239458b95b4087167f86e</sha256> <verdict>0</verdict> <md5>b8624d8d267ba2c8e2f91d90eb1a5c9b</md5> </get-verdict-info> </wildfire>
The
verdict
element value can have one of the following:
  • 0
    : benign
  • 1
    : malware
  • 2
    : grayware
  • 4
    : phishing
  • -100
    : pending, the sample exists, but there is currently no verdict
  • -101
    : error
  • -102
    : unknown, cannot find sample record in the database
  • -103
    : invalid hash value

Related Documentation