Make Your First WildFire API Call
After you Get
Your API Key, use that API key to make your first call to
the WildFire API. This first call returns a WildFire analysis report for a Microsoft
Excel file that was submitted to WildFire and determined to be malware.
- In your cURL POST request to theget/reportresource, include your API key along with the MD5 or SHA-256hashvalue of the sample. If you are issuing the request using a WildFire public API key associated with a Prisma Access or Prisma Cloud Compute subscription, you must also specify the type by includingagent=pccoragent=prismaaccessapiform parameter in the query, wherebypccindicates Prisma Cloud Compute andprismaaccessapiindicates Prisma Access. Ensure that aformatis specified, which isXMLin this example, but can also be retrieved in thePDFandmaecformats:curl -F 'hash=dca86121cc7427e375fd24fe5871d727' -F 'apikey=<API KEY>' -F 'format=xml' 'https://wildfire.paloaltonetworks.com/publicapi/get/report'If you are using a Prisma Access based WildFire public API key, the following query would be issued:curl -F agent=prismaaccessapi 'hash=dca86121cc7427e375fd24fe5871d727' -F 'apikey=<API KEY>' -F 'format=xml' 'https://wildfire.paloaltonetworks.com/publicapi/get/report'If you are using a Prisma Cloud Compute based WildFire public API key, the following query would be issued:curl -F agent=pcc 'hash=dca86121cc7427e375fd24fe5871d727' -F 'apikey=<API KEY>' -F 'format=xml' 'https://wildfire.paloaltonetworks.com/publicapi/get/report'The response includes detailed information with sections such as file_info and task_info:<?xml version="1.0" encoding="UTF-8"?> <wildfire> <version>2.0</version> <file_info> <malware>yes</malware> <sha1></sha1> <filetype>Microsoft Excel 97 - 2003 Document</filetype> <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> <md5>dca86121cc7427e375fd24fe5871d727</md5> <size>13825</size> </file_info> <task_info> <report> <version>2.0</version> <platform>101</platform> <software>DOC/CDF Static Analyzer</software> <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> <md5>dca86121cc7427e375fd24fe5871d727</md5> <malware>suspicious</malware> <summary> <entry>CDF document has abnormal file attributes</entry> <entry>CDF document has no Last Modified time</entry> </summary> </report> <report> <version>2.0</version> <platform>2</platform> <software>Windows XP, Adobe Reader 9.4.0, Flash 10, Office 2007</software> <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> <md5>dca86121cc7427e375fd24fe5871d727</md5> <size>13825</size> <malware>yes</malware> <!-- truncated --> </report> </task_info> </wildfire>
- Next Steps...When making a cURL request to the WildFire private cloud, ensure that you use the-koption to specify an insecure connection. The WildFire appliance has a private certificate that will not match the certificate authority database. Example:curl -k -F apikey=<API KEY> -F hash=dca86121cc7427e375fd24fe5871d727 https://11.129.70.17/publicapi/get/report
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.