Submit a Remote File to WildFire (API)
Table of Contents
Submit a Remote File to WildFire (API)
Submit a supported file type on
a website for WildFire analysis. Use this resource for files hosted
remotely and not website URLs.
- The /submit/url resource is not available on the WildFire appliance.
- When submitting supported script files, you must specify an accurate filename using the context parameter, otherwise WildFire is unable to parse the file and returns a 418 Unsupported File Type response.
Resource
/submit/url/
Request Parameters
Use the following form
parameters when you submit a single file for WildFire analysis:
Parameters | Description | Example |
|---|---|---|
| (Required for API key authentication) API key | Example:
|
| (Required for token-based authentication) HTTP request header for token-based authentication. To obtain an access token, create a WildFire API token in Strata Cloud Manager, then generate an access token from the authentication service. | Example:
|
| (Required for Prisma Access and Prisma
Cloud Compute-based WildFire public API keys) Designates the
API key type | Example:
Options
include:
|
| ( Required) Remote file URL path | Example:
|
| (Required for script, ASP/ASPX, and
XML/HTML filetype submissions) Specify the filename of the
sample. The following file types are supported:
|
Example:
Whereby eyJmaWxlbmFtZSI6ICJ0ZXN0LnNoIn0= is
decoded to the following JSON string: {"filename": "test.sh"} |
Example Request 1
Make a POST request to the /submit/url resource and include the URL file path to analyze. Authenticate using one of the following methods:
- API key authentication—Pass the API key as a form field:curl -F 'apikey=<API KEY>' -F 'url=http://www.pdf995.com/samples/pdf.pdf' 'https://wildfire.paloaltonetworks.com/publicapi/submit/url'Token-based authentication—Pass a Bearer token in the Authorization header:curl -F 'url=http://www.pdf995.com/samples/pdf.pdf' -H 'Authorization: Bearer <ACCESS_TOKEN>' 'https://wildfire.paloaltonetworks.com/publicapi/submit/url'The XML response contains the URL of the file along with the SHA256 and MD5 hash:<wildfire> <upload-file-info> <url>http://www.pdf995.com/samples/pdf.pdf</url> <filetype>Adobe PDF document</filetype> <filename></filename> <sha256>857b6bb4c61fc81eee716b4cada4902f0ad73b1daa9a1fb75e005b38e62800b4</sha256> <md5>a4b5f81544801fa2b6007bd5046f1d73</md5> <size>312819</size> </upload-file-info> </wildfire>
Example Request 2
Make a POST request to the /submit/url resource and include the API key, the URL script file path to analyze, as well as the context (the filename) in a base64 encoded json string format, as shown in the following cURL command:curl -F 'apikey=<API KEY>' -F 'url=https://www.testserver/test.sh’ -F context=’eyJmaWxlbmFtZSI6ICJ0ZXN0LnNoIn0=' https://wildfire.paloaltonetworks.com/publicapi/submit/urlThe XML response contains the URL of the file along with the SHA256 and MD5 hash:<wildfire> <upload-file-info> <url>https://testserver/test.sh</url> <filetype>Shell</filetype> <filename></filename> <sha256>dbc2aa04c02e06e61f3acdba528bb1536ccbb1758a29dc8d25438c2d3ce07e7d</sha256> <md5>b0cfc14687e42e2236db247f5c7d861a</md5> <size>10740</size> </upload-file-info> </wildfire>Example Request (Token-Based Authentication)
Alternatively, you can authenticate using a Bearer token instead of an API key. Make the same POST request to the /submit/url resource, but replace the apikey form field with an Authorization header containing your access token:curl -F 'url=http://www.pdf995.com/samples/pdf.pdf' -H 'Authorization: Bearer <ACCESS_TOKEN>' 'https://wildfire.paloaltonetworks.com/publicapi/submit/url'
