Make Your First WildFire API Call

After you Get Your API Key, use that API key to make your first call to the WildFire API. This first call returns a WildFire analysis report for a Microsoft Excel file that was submitted to WildFire and determined to be malware.
  1. In your cURL POST request to the
    get/report
    resource, include your API key along with the MD5 or SHA-256
    hash
    value of the sample. If you are issuing the request using a WildFire public API key associated with a Prisma Access or Prisma Cloud Compute subscription, you must also specify the type by including
    agent=pcc
    or
    agent=prismaaccessapi
    form parameter in the query, whereby
    pcc
    indicates Prisma Cloud Compute and
    prismaaccessapi
    indicates Prisma Access. Ensure that a
    format
    is specified, which is
    XML
    in this example, but can also be retrieved in the
    PDF
    and
    maec
    formats:
    curl -F 'hash=dca86121cc7427e375fd24fe5871d727' -F 'apikey=<API KEY>' -F 'format=xml' 'https://wildfire.paloaltonetworks.com/publicapi/get/report'
    If you are using a Prisma Access based WildFire public API key, the following query would be issued:
    curl -F agent=prismaaccessapi 'hash=dca86121cc7427e375fd24fe5871d727' -F 'apikey=<API KEY>' -F 'format=xml' 'https://wildfire.paloaltonetworks.com/publicapi/get/report'
    If you are using a Prisma Cloud Compute based WildFire public API key, the following query would be issued:
    curl -F agent=pcc 'hash=dca86121cc7427e375fd24fe5871d727' -F 'apikey=<API KEY>' -F 'format=xml' 'https://wildfire.paloaltonetworks.com/publicapi/get/report'
    The response includes detailed information with sections such as file_info and task_info:
    <?xml version="1.0" encoding="UTF-8"?> <wildfire> <version>2.0</version> <file_info> <malware>yes</malware> <sha1></sha1> <filetype>Microsoft Excel 97 - 2003 Document</filetype> <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> <md5>dca86121cc7427e375fd24fe5871d727</md5> <size>13825</size> </file_info> <task_info> <report> <version>2.0</version> <platform>101</platform> <software>DOC/CDF Static Analyzer</software> <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> <md5>dca86121cc7427e375fd24fe5871d727</md5> <malware>suspicious</malware> <summary> <entry>CDF document has abnormal file attributes</entry> <entry>CDF document has no Last Modified time</entry> </summary> </report> <report> <version>2.0</version> <platform>2</platform> <software>Windows XP, Adobe Reader 9.4.0, Flash 10, Office 2007</software> <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> <md5>dca86121cc7427e375fd24fe5871d727</md5> <size>13825</size> <malware>yes</malware> <!-- truncated --> </report> </task_info> </wildfire>
  2. Next Steps...
    When making a cURL request to the WildFire private cloud, ensure that you use the
    -k
    option to specify an insecure connection. The WildFire appliance has a private certificate that will not match the certificate authority database. Example:
    curl -k -F apikey=<API KEY> -F hash=dca86121cc7427e375fd24fe5871d727 https://11.129.70.17/publicapi/get/report

Recommended For You