Get Report For File
Get malware report by file's MD5 or SHA-256 hash.
External Documentation
To learn more, visit the WildFire documentation.
Basic Parameters
| Parameter | Description |
|---|---|
| Format | The format of the report that is returned. |
| Hash | The MD5 or SHA-256 hash of the file. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Agent | Required for Prisma Access and Prisma Cloud Compute-based WildFire public API keys. |
Example Output
{
"success": true,
"result": {
"detection_reasons": [],
"iocs": [],
"maec_packages": [
{
"id": "package--f4dc11a8-b803-437c-5f1f-de0a08ea5fe7",
"maec_objects": [
{
"analysis_metadata": [
{
"analysis_type": "static",
"conclusion": "no detection",
"is_automated": true,
"tool_refs": [
"1"
]
}
],
"dynamic_features": {
"action_refs": [
"malware-action--cf4acb1f-d613-4ff3-472ac877418c3e15"
],
"behavior_refs": [
"behavior--3a7cd04f-b867-4c06-e97e-911df668b4aa",
"behavior--832fc6d9-d0d7-44ef-84d7-95015187f56f",
"behavior--688b7e60-b8f3-482a-f40cb43121b9fe7d",
"behavior--574cc6a8-2334-4abff11c-54c92e5749a6"
]
},
"id": "malware-instance--bdae93df-8bb1-4521-696a-593eee2574fb",
"instance_object_refs": [
"0"
],
"type": "malware-instance"
},
{
"description": "PDF contains an URI.",
"id": "behavior--3a7cd04f-b867-4c06-e97e-911df668b4aa",
"name": "pdf_sa_uri",
"type": "behavior"
},
{
"description": "PDF has only one page.",
"id": "behavior--832fc6d9-d0d7-44ef-84d7-95015187f56f",
"name": "pdf_sa_onepage",
"type": "behavior"
},
{
"description": "PDF document contains an canonicalized object key of Action",
"id": "behavior--688b7e60-b8f3-482a-f40cb43121b9fe7d",
"name": "pdf_ko_action",
"type": "behavior"
},
{
"description": "The action of containing network artifacts.",
"id": "malware-action--cf4acb1f-d613-4ff3-472ac877418c3e15",
"name": "network-artifacts",
"output_object_refs": [
"4",
"2",
"3"
],
"type": "malware-action"
},
{
"action_refs": [
"malware-action--cf4acb1f-d613-4ff3-472ac877418c3e15"
],
"description": "File contains one or more URL/domain name/IP address",
"id": "behavior--574cc6a8-2334-4abff11c-54c92e5749a6",
"name": "sa_url",
"type": "behavior"
}
],
"observable_objects": {
"0": {
"hashes": {
"MD5": "3b695ce4b733069a1b8671c4e9ebe247",
"SHA-1": "25fec390b4419edd0a08784bcb8960143443b347",
"SHA-256": "ac1f40162a2435537171dbe29feaf3b75ce0d12c86db411259914ad75e689266"
},
"type": "file",
"x-wf-file-type": "pdf"
},
"1": {
"name": "PDF Static Analyzer",
"type": "software"
},
"2": {
"type": "url",
"value": "2.2.2.2/"
},
"3": {
"type": "url",
"value": "portalbeta1.wildfire.paloaltonetworks.com/report/box/7521c97f1705211618f8db072b6d0d0e5c28d0d727ecde12344745974d07e068/2588767858"
},
"4": {
"type": "url",
"value": "2.2.2.2:1234/"
}
},
"schema_version": "5.0",
"type": "package"
}
],
"primary_malware_instances": {
"package--f4dc11a8-b803-437c-5f1f-de0a08ea5fe7": "malwareinstance--bdae93df-8bb1-4521-696a-593eee2574fb"
},
"sa_package": "package--f4dc11a8-b803-437c-5f1f-de0a08ea5fe7",
"schema_version": "1.0",
"sha256": "ac1f40162a2435537171dbe29feaf3b75ce0d12c86db411259914ad75e689266",
"type": "wf-report",
"verdict": "no detection"
}
}
Workflow Library Example
Get Report for File with Wildfire and Send Results Via Email
Preview this Workflow on desktop