Submit a Sample Verdict Change (API)
Changes the WildFire verdict applied to a sample. Verdict changes apply only to those samples submitted to the WildFire appliance, and the verdict for the same sample remains unchanged in the WildFire global cloud. Use this resource to update incorrect verdicts generated by local WildFire analysis.
The WildFire private cloud content package is updated to reflect any verdict changes that you make (on the firewall, select
to enable WildFire private cloud content updates). When you change a sample verdict to malicious, the WildFire appliance generates a new signature to detect the malware and adds that signature to the WildFire private cloud content package. When you change a sample verdict to benign, the WildFire appliance removes the signature from the WildFire private cloud content package.
Use the following parameters when changing a WildFire appliance verdict for a sample:
Required) API key
Required) SHA-256 hash value of the sample
Required) A description of the change request in quotes, with a maximum length of 2,048 characters.
Required) The new verdict to be applied to the sample
verdictvalue can have one of the following:
Make a POST request to the /submit/local-verdict-change resource and include the API key, the SHA-256 hash value of the sample, the desired verdict for the sample, and a comment with a description of the change.
In the request, include the API key, the hash value of the sample, and the new verdict for the sample:
curl -k -F ‘apikey=<API KEY>’ -F ‘hash=afe6b95ad95bc689c356f34ec8d9094c495e4af57c932ac413b65ef132063acc’ -F ‘verdict=1’ -F ‘comment=changing verdict from benign to malicious’ ‘https://10.1.1.1/publicapi/submit/local-verdict-change’
The XML response verifies a successful verdict change. Example:
<wildfire> <body>verdict is changed (old verdict: 0, new verdict:1)</body> <headers/> </wildfire>
Recommended For You
Recommended videos not found.