Submit a Remote File to WildFire (API)

Submit a supported file type on a website for WildFire analysis. Use this resource for files hosted remotely and not website URLs.
  • The
    /submit/url
    resource is not available on the WildFire appliance.
  • When submitting supported script files, you must specify an accurate filename using the
    context
    parameter, otherwise WildFire is unable to parse the file and returns a 418 Unsupported File Type response.

Resource

/submit/url/

Request Parameters

Use the following form parameters when you submit a single file for WildFire analysis:
Parameters
Description
Example
apikey
(
Required
) API key
Example:
apikey=<API KEY>
url
(
Required
) Remote file URL path
Example:
url=http://www.pdf995.com/samples/pdf.pdf
context
(
Required for script filetype submissions
) Specify the filename of the sample.
The following script file types are supported:
  • JScript
  • VBScript
  • PowerShell
  • Shell Script
  • Perl Script
  • Batch files
context=<base64 encoded json string>
Example:
context=eyJmaWxlbmFtZSI6ICJ0ZXN0LnNoIn0=
Whereby
eyJmaWxlbmFtZSI6ICJ0ZXN0LnNoIn0=
is decoded to the following JSON string: {"filename": "test.sh"}

Example Request 1

Make a POST request to the /submit/url resource and include the API key along with the URL file path to analyze, as shown in the following cURL command:
curl -F 'apikey=<API KEY>' -F 'url=http://www.pdf995.com/samples/pdf.pdf' 'https://wildfire.paloaltonetworks.com/publicapi/submit/url'
The XML response contains the URL of the file along with the SHA256 and MD5 hash:
<wildfire> <upload-file-info> <url>http://www.pdf995.com/samples/pdf.pdf</url> <filetype>Adobe PDF document</filetype> <filename></filename> <sha256>857b6bb4c61fc81eee716b4cada4902f0ad73b1daa9a1fb75e005b38e62800b4</sha256> <md5>a4b5f81544801fa2b6007bd5046f1d73</md5> <size>312819</size> </upload-file-info> </wildfire>

Example Request 2

Make a POST request to the /submit/url resource and include the API key, the URL script file path to analyze, as well as the context (the filename) in a base64 encoded json string format, as shown in the following cURL command:
curl -F 'apikey=<API KEY>' -F 'url=https://www.testserver/test.sh’ -F context=’eyJmaWxlbmFtZSI6ICJ0ZXN0LnNoIn0=' https://wildfire.paloaltonetworks.com/publicapi/submit/url
The XML response contains the URL of the file along with the SHA256 and MD5 hash:
<wildfire> <upload-file-info> <url>https://testserver/test.sh</url> <filetype>Shell</filetype> <filename></filename> <sha256>dbc2aa04c02e06e61f3acdba528bb1536ccbb1758a29dc8d25438c2d3ce07e7d</sha256> <md5>b0cfc14687e42e2236db247f5c7d861a</md5> <size>10740</size> </upload-file-info> </wildfire>

Recommended For You