Palo Alto Networks Wildfire

palo alto wildfire the palo alto networks wildfire connector enables automated threat detection and analysis by providing tools to submit and retrieve file and url data for security assessment palo alto networks wildfire is a cutting edge threat analysis service that identifies and evaluates unknown threats this connector enables swimlane turbine users to automate the submission and retrieval of file and url data for analysis, providing detailed reports and verdicts on potential threats by integrating with wildfire, users can enhance their security posture with rapid, code free analysis of suspicious files and urls, directly within their security workflows this empowers teams to quickly identify and respond to threats, minimizing the window of risk and improving overall cyber resilience prerequisites to effectively utilize the palo alto networks wildfire connector within swimlane turbine, ensure you have the following prerequisites api key authentication with the following parameters url the base endpoint url for the wildfire api services api key your unique key to authenticate requests to the wildfire api capabilities the palo alto wildfire connector has the following capabilities get file report get file verdict get a sample get url report get url verdict submit file url submit local file submit urls configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required apikey api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get file report retrieve detailed reports for files analyzed by palo alto networks wildfire using a specified data body endpoint url publicapi/get/report method post input argument name type required description data body object required data body hash string required md5 or sha 256 hash value of the sample output parameter type description status code number http status code of the response reason string response reason phrase wildfire object output field wildfire version string output field version file info object output field file info file signer string output field file signer malware string output field malware sha1 object output field sha1 filetype string type of the resource sha256 string output field sha256 md5 string output field md5 size string output field size task info object output field task info report object output field report version string output field version platform string output field platform software string output field software sha256 string output field sha256 md5 string output field md5 malware string output field malware summary object output field summary example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "wildfire" {} } } ] get file verdict retrieve the verdict for a file from palo alto networks wildfire using a data body input endpoint url publicapi/get/verdict method post input argument name type required description data body object required data body hash string required md5 or sha 256 hash value of the sample output parameter type description status code number http status code of the response reason string response reason phrase wildfire object output field wildfire get verdict info object output field get verdict info sha256 string output field sha256 verdict string output field verdict md5 string output field md5 example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "wildfire" {} } } ] get a sample retrieve a specific malware sample from palo alto networks wildfire using the provided data body endpoint url publicapi/get/sample method post input argument name type required description data body object required data body hash string required md5 or sha 256 hash value of the sample output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "response text" "string" } ] get url report retrieve detailed reports for urls from palo alto networks wildfire using a specified data body endpoint url publicapi/get/report method post input argument name type required description data body object required data body url string required the url of the web page output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful result object result of the operation analysis time string time value report string output field report url type string url endpoint for the request example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "success" true, "result" {} } } ] get url verdict retrieve the verdict for a url from palo alto networks wildfire, requiring a data body input endpoint url publicapi/get/verdict method post input argument name type required description data body object required data body url string required the url of the web page output parameter type description status code number http status code of the response reason string response reason phrase wildfire object output field wildfire get verdict info object output field get verdict info url string url endpoint for the request verdict string output field verdict analysis time string time value valid string unique identifier example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "wildfire" {} } } ] submit file url submit a file url to palo alto networks wildfire for remote file analysis and receive a report on potential threats endpoint url publicapi/submit/url method post input argument name type required description data body object required data body url string required remote file url path output parameter type description status code number http status code of the response reason string response reason phrase wildfire object output field wildfire upload file info object output field upload file info url string url endpoint for the request filetype string type of the resource filename object name of the resource sha256 string output field sha256 md5 string output field md5 size string output field size example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "wildfire" {} } } ] submit local file submit a local file to palo alto networks wildfire for malware analysis requires an attachment endpoint url publicapi/submit/file method post input argument name type required description attachments array required file to be submitted file string optional parameter for submit local file file name string optional name of the resource output parameter type description status code number http status code of the response reason string response reason phrase wildfire object output field wildfire upload file info object output field upload file info url string url endpoint for the request filetype string type of the resource filename string name of the resource sha256 string output field sha256 md5 string output field md5 size string output field size example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "wildfire" {} } } ] submit urls submit up to 1000 urls for analysis to palo alto networks wildfire, requiring a data body input endpoint url publicapi/submit/links method post input argument name type required description data body object required data body urls array required list of urls to submit output parameter type description status code number http status code of the response reason string response reason phrase wildfire object output field wildfire submit link info array output field submit link info url string url endpoint for the request sha256 string output field sha256 md5 string output field md5 example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "wildfire" {} } } ] response headers header description example connection http response header connection content length the length of the response body in bytes content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt server information about the software used by the origin server transfer encoding http response header transfer encoding x envoy upstream service time http response header x envoy upstream service time