Get a Packet Capture (WildFire API)
Use this resource to request a packet capture (PCAP) recorded during analysis of a particular sample. Use either the MD5 or SHA-256 hash of the sample file as a search query. You can optionally specify the platform of the desired PCAP to indicate which PCAP should be returned. PCAPs are available 90 days from the date of analysis for samples that have a malware WildFire verdict.
- Specify a valid dynamic analysis platform to avoid potential errors. If no platform is specified, the API tries to retrieve a PCAP from a session that yielded a verdict of Malware. If no PCAP is found, the API responds with a 404 error. To determine if a PCAP is available for a particular sample, Get a WildFire Analysis Report (WildFire API) and check to see if there is a<platform>field that supports PCAPs as shown in Request Parameters section, then check to see if the sample has a verdict of Malware:<malware>yes</malware>.
- Packet Captures are only available for file samples; attempting to retrieve a PCAP for a URL will result in a 404 response error.
Use the following form parameters when requesting a sample:
Required) API key
Required for Prisma Access and Prisma Cloud Compute-based WildFire public API keys) Designates the API key type
Required) MD5 or SHA-256 hash value of the sample
Target analysis environment (You cannot specify a platform on a WildFire appliance).
Use one of the following numbers, which represent different environments:
WildFire Private and Global Cloud
5is identically configured to platform
61, the latter analyzes samples using an enhanced custom hypervisor found only in the WildFire Global Cloud.
WildFire Global Cloud
Make a POST request to the
/get/pcapresource and include the API key, the MD5 or SHA-256 hash value of the sample, and optionally the platform. Include the
-JOoption to use ---the Content-Disposition filename as provided by the server, similar to the following cURL command:
curl -JO -F 'apikey=<API KEY>' -F 'hash=04f4f1c83f1e69b1f055202964536f13' -F 'platform=2' 'https://wildfire.paloaltonetworks.com/publicapi/get/pcap'
The response saves the packet capture file using the
Recommended For You
Recommended videos not found.