Palo Alto Networks Wildfire

palo alto wildfire the palo alto networks wildfire connector enables automated threat detection and analysis by providing tools to submit and retrieve file and url data for security assessment palo alto networks wildfire is a cutting edge threat analysis service that identifies and evaluates unknown threats this connector enables swimlane turbine users to automate the submission and retrieval of file and url data for analysis, providing detailed reports and verdicts on potential threats by integrating with wildfire, users can enhance their security posture with rapid, code free analysis of suspicious files and urls, directly within their security workflows this empowers teams to quickly identify and respond to threats, minimizing the window of risk and improving overall cyber resilience prerequisites to effectively utilize the palo alto networks wildfire connector within swimlane turbine, ensure you have the following prerequisites api key authentication with the following parameters url the base endpoint url for the wildfire api services api key your unique key to authenticate requests to the wildfire api capabilities the palo alto wildfire connector has the following capabilities get file report get file verdict get a sample get url report get url verdict submit file url submit local file submit urls configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required apikey api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get file report retrieve detailed reports for files analyzed by palo alto networks wildfire using a specified data body endpoint url publicapi/get/report method post input argument name type required description data body object required data body data body hash string required md5 or sha 256 hash value of the sample input example {"data body" {"hash" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase wildfire object output field wildfire wildfire version string output field wildfire version wildfire file info object output field wildfire file info wildfire file info file signer string output field wildfire file info file signer wildfire file info malware string output field wildfire file info malware wildfire file info sha1 object output field wildfire file info sha1 wildfire file info filetype string type of the resource wildfire file info sha256 string output field wildfire file info sha256 wildfire file info md5 string output field wildfire file info md5 wildfire file info size string output field wildfire file info size wildfire task info object output field wildfire task info wildfire task info report object output field wildfire task info report wildfire task info report version string output field wildfire task info report version wildfire task info report platform string output field wildfire task info report platform wildfire task info report software string output field wildfire task info report software wildfire task info report sha256 string output field wildfire task info report sha256 wildfire task info report md5 string output field wildfire task info report md5 wildfire task info report malware string output field wildfire task info report malware wildfire task info report summary object output field wildfire task info report summary output example {"wildfire" {"version" "string","file info" {"file signer" "string","malware" "string","sha1" {},"filetype" "string","sha256" "string","md5" "string","size" "string"},"task info" {"report" {}}}} get file verdict retrieve the verdict for a file from palo alto networks wildfire using a data body input endpoint url publicapi/get/verdict method post input argument name type required description data body object required data body data body hash string required md5 or sha 256 hash value of the sample input example {"data body" {"hash" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase wildfire object output field wildfire wildfire get verdict info object output field wildfire get verdict info wildfire get verdict info sha256 string output field wildfire get verdict info sha256 wildfire get verdict info verdict string output field wildfire get verdict info verdict wildfire get verdict info md5 string output field wildfire get verdict info md5 output example {"wildfire" {"get verdict info" {"sha256" "string","verdict" "string","md5" "string"}}} get a sample retrieve a specific malware sample from palo alto networks wildfire using the provided data body endpoint url publicapi/get/sample method post input argument name type required description data body object required data body data body hash string required md5 or sha 256 hash value of the sample input example {"data body" {"hash" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"response text" "string"} get url report retrieve detailed reports for urls from palo alto networks wildfire using a specified data body endpoint url publicapi/get/report method post input argument name type required description data body object required data body data body url string required the url of the web page input example {"data body" {"url" "https //example com/api/resource"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful result object result of the operation result analysis time string result of the operation result report string result of the operation result url type string url endpoint for the request output example {"success"\ true,"result" {"analysis time" "string","report" "string","url type" "string"}} get url verdict retrieve the verdict for a url from palo alto networks wildfire, requiring a data body input endpoint url publicapi/get/verdict method post input argument name type required description data body object required data body data body url string required the url of the web page input example {"data body" {"url" "https //example com/api/resource"}} output parameter type description status code number http status code of the response reason string response reason phrase wildfire object output field wildfire wildfire get verdict info object output field wildfire get verdict info wildfire get verdict info url string url endpoint for the request wildfire get verdict info verdict string output field wildfire get verdict info verdict wildfire get verdict info analysis time string time value wildfire get verdict info valid string unique identifier output example {"wildfire" {"get verdict info" {"url" "https //example com/api/resource","verdict" "string","analysis time" "string","valid" "string"}}} submit file url submit a file url to palo alto networks wildfire for remote file analysis and receive a report on potential threats endpoint url publicapi/submit/url method post input argument name type required description data body object required data body data body url string required remote file url path input example {"data body" {"url" "https //example com/api/resource"}} output parameter type description status code number http status code of the response reason string response reason phrase wildfire object output field wildfire wildfire upload file info object output field wildfire upload file info wildfire upload file info url string url endpoint for the request wildfire upload file info filetype string type of the resource wildfire upload file info filename object name of the resource wildfire upload file info sha256 string output field wildfire upload file info sha256 wildfire upload file info md5 string output field wildfire upload file info md5 wildfire upload file info size string output field wildfire upload file info size output example {"wildfire" {"upload file info" {"url" "https //example com/api/resource","filetype" "string","filename" {},"sha256" "string","md5" "string","size" "string"}}} submit local file submit a local file to palo alto networks wildfire for malware analysis requires an attachment endpoint url publicapi/submit/file method post input argument name type required description attachments array required file to be submitted attachments file string optional parameter for submit local file attachments file name string optional name of the resource input example {"attachments" \[{"file" "string","file name" "example name"}]} output parameter type description status code number http status code of the response reason string response reason phrase wildfire object output field wildfire wildfire upload file info object output field wildfire upload file info wildfire upload file info url string url endpoint for the request wildfire upload file info filetype string type of the resource wildfire upload file info filename string name of the resource wildfire upload file info sha256 string output field wildfire upload file info sha256 wildfire upload file info md5 string output field wildfire upload file info md5 wildfire upload file info size string output field wildfire upload file info size output example {"wildfire" {"upload file info" {"url" "https //example com/api/resource","filetype" "string","filename" "example name","sha256" "string","md5" "string","size" "string"}}} submit urls submit up to 1000 urls for analysis to palo alto networks wildfire, requiring a data body input endpoint url publicapi/submit/links method post input argument name type required description data body object required data body data body urls array required list of urls to submit input example {"data body" {"urls" \["string"]}} output parameter type description status code number http status code of the response reason string response reason phrase wildfire object output field wildfire wildfire submit link info array output field wildfire submit link info wildfire submit link info url string url endpoint for the request wildfire submit link info sha256 string output field wildfire submit link info sha256 wildfire submit link info md5 string output field wildfire submit link info md5 output example {"wildfire" {"submit link info" \[{}]}} response headers header description example connection http response header connection content length the length of the response body in bytes content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt server information about the software used by the origin server transfer encoding http response header transfer encoding x envoy upstream service time http response header x envoy upstream service time