Make Your First WildFire API Call

After you Get Your API Key, use that API key to make your first call to the WildFire API. This first call returns a WildFire analysis report for a Microsoft Excel file that was submitted to WildFire and determined to be malware.
  1. In your cURL POST request to the
    resource, include your API key along with the MD5 or SHA-256
    value of the sample. If you are issuing the request using a WildFire public API key associated with a Prisma Access or Prisma Cloud Compute subscription, you must also specify the type by including
    form parameter in the query, whereby
    indicates Prisma Cloud Compute and
    indicates Prisma Access. Ensure that a
    is specified, which is
    in this example, but can also be retrieved in the
    curl -F 'hash=dca86121cc7427e375fd24fe5871d727' -F 'apikey=<API KEY>' -F 'format=xml' ''
    If you are using a Prisma Access based WildFire public API key, the following query would be issued:
    curl -F agent=prismaaccessapi 'hash=dca86121cc7427e375fd24fe5871d727' -F 'apikey=<API KEY>' -F 'format=xml' ''
    If you are using a Prisma Cloud Compute based WildFire public API key, the following query would be issued:
    curl -F agent=pcc 'hash=dca86121cc7427e375fd24fe5871d727' -F 'apikey=<API KEY>' -F 'format=xml' ''
    The response includes detailed information with sections such as file_info and task_info:
    <?xml version="1.0" encoding="UTF-8"?> <wildfire> <version>2.0</version> <file_info> <malware>yes</malware> <sha1></sha1> <filetype>Microsoft Excel 97 - 2003 Document</filetype> <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> <md5>dca86121cc7427e375fd24fe5871d727</md5> <size>13825</size> </file_info> <task_info> <report> <version>2.0</version> <platform>101</platform> <software>DOC/CDF Static Analyzer</software> <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> <md5>dca86121cc7427e375fd24fe5871d727</md5> <malware>suspicious</malware> <summary> <entry>CDF document has abnormal file attributes</entry> <entry>CDF document has no Last Modified time</entry> </summary> </report> <report> <version>2.0</version> <platform>2</platform> <software>Windows XP, Adobe Reader 9.4.0, Flash 10, Office 2007</software> <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> <md5>dca86121cc7427e375fd24fe5871d727</md5> <size>13825</size> <malware>yes</malware> <!-- truncated --> </report> </task_info> </wildfire>
  2. Next Steps...
    When making a cURL request to the WildFire private cloud, ensure that you use the
    option to specify an insecure connection. The WildFire appliance has a private certificate that will not match the certificate authority database. Example:
    curl -k -F apikey=<API KEY> -F hash=dca86121cc7427e375fd24fe5871d727

Recommended For You