Make Your First WildFire API Call

In your cURL POST request to the

get/report

resource, include your API key along with the MD5 or SHA-256

hash

value of the sample. If you are issuing the request using a WildFire public API key associated with a Prisma Access or Prisma Cloud Compute subscription, you must also specify the type by including

agent=pcc

or

agent=prismaaccessapi

form parameter in the query, whereby

pcc

indicates Prisma Cloud Compute and

prismaaccessapi

indicates Prisma Access. Ensure that a

format

is specified, which is

XML

in this example, but can also be retrieved in the

PDF

and

maec

formats:

curl -F 'hash=dca86121cc7427e375fd24fe5871d727'
-F 'apikey=<API KEY>' -F 'format=xml' 'https://wildfire.paloaltonetworks.com/publicapi/get/report'

If you are using a Prisma Access based WildFire public API key, the following query would be issued:

curl -F agent=prismaaccessapi 'hash=dca86121cc7427e375fd24fe5871d727'
-F 'apikey=<API KEY>' -F 'format=xml' 'https://wildfire.paloaltonetworks.com/publicapi/get/report'

If you are using a Prisma Cloud Compute based WildFire public API key, the following query would be issued:

curl -F agent=pcc 'hash=dca86121cc7427e375fd24fe5871d727'
-F 'apikey=<API KEY>' -F 'format=xml' 'https://wildfire.paloaltonetworks.com/publicapi/get/report'

The response includes detailed information with sections such as file_info and task_info:

<?xml version="1.0" encoding="UTF-8"?> 
<wildfire> 
    <version>2.0</version> 
    <file_info> 
        <malware>yes</malware> 
        <sha1></sha1> 
        <filetype>Microsoft Excel 97 - 2003 Document</filetype> 
        <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> 
        <md5>dca86121cc7427e375fd24fe5871d727</md5> 
        <size>13825</size> 
    </file_info> 
    <task_info> 
        <report> 
            <version>2.0</version> 
            <platform>101</platform> 
            <software>DOC/CDF Static Analyzer</software> 
            <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> 
            <md5>dca86121cc7427e375fd24fe5871d727</md5> 
            <malware>suspicious</malware> 
            <summary> 
                <entry>CDF document has abnormal file attributes</entry> 
                <entry>CDF document has no Last Modified time</entry> 
            </summary> 
        </report> 
        <report> 
            <version>2.0</version> 
            <platform>2</platform> 
            <software>Windows XP, Adobe Reader 9.4.0, Flash 10, Office 2007</software> 
            <sha256>175aee5f236d464b3b825edc8cb71b47828f248356c36759a641d7da0db95323</sha256> 
            <md5>dca86121cc7427e375fd24fe5871d727</md5> 
            <size>13825</size> 
            <malware>yes</malware> 
<!-- truncated --> 
</report> 
</task_info>  
</wildfire> 

Next Steps...

Submit Files and Links through the WildFire API
Get WildFire Information through the WildFire API

When making a cURL request to the WildFire private cloud, ensure that you use the

-k

option to specify an insecure connection. The WildFire appliance has a private certificate that will not match the certificate authority database. Example:

curl
-k -F apikey=<API KEY> -F hash=dca86121cc7427e375fd24fe5871d727
https://11.129.70.17/publicapi/get/report