Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Get malware report by file’s MD5 or SHA-256 hash.
External DocumentationTo learn more, visit the WildFire documentation.

Basic Parameters

ParameterDescription
FormatThe format of the report that is returned.
HashThe MD5 or SHA-256 hash of the file.

Advanced Parameters

ParameterDescription
AgentRequired for Prisma Access and Prisma Cloud Compute-based WildFire public API keys.

Example Output

{
	"success": true,
	"result": {
		"detection_reasons": [],
		"iocs": [],
		"maec_packages": [
			{
				"id": "package--f4dc11a8-b803-437c-5f1f-de0a08ea5fe7",
				"maec_objects": [
					{
						"analysis_metadata": [
							{
								"analysis_type": "static",
								"conclusion": "no detection",
								"is_automated": true,
								"tool_refs": [
									"1"
								]
							}
						],
						"dynamic_features": {
							"action_refs": [
								"malware-action--cf4acb1f-d613-4ff3-472ac877418c3e15"
							],
							"behavior_refs": [
								"behavior--3a7cd04f-b867-4c06-e97e-911df668b4aa",
								"behavior--832fc6d9-d0d7-44ef-84d7-95015187f56f",
								"behavior--688b7e60-b8f3-482a-f40cb43121b9fe7d",
								"behavior--574cc6a8-2334-4abff11c-54c92e5749a6"
							]
						},
						"id": "malware-instance--bdae93df-8bb1-4521-696a-593eee2574fb",
						"instance_object_refs": [
							"0"
						],
						"type": "malware-instance"
					},
					{
						"description": "PDF contains an URI.",
						"id": "behavior--3a7cd04f-b867-4c06-e97e-911df668b4aa",
						"name": "pdf_sa_uri",
						"type": "behavior"
					},
					{
						"description": "PDF has only one page.",
						"id": "behavior--832fc6d9-d0d7-44ef-84d7-95015187f56f",
						"name": "pdf_sa_onepage",
						"type": "behavior"
					},
					{
						"description": "PDF document contains an canonicalized object key of Action",
						"id": "behavior--688b7e60-b8f3-482a-f40cb43121b9fe7d",
						"name": "pdf_ko_action",
						"type": "behavior"
					},
					{
						"description": "The action of containing network artifacts.",
						"id": "malware-action--cf4acb1f-d613-4ff3-472ac877418c3e15",
						"name": "network-artifacts",
						"output_object_refs": [
							"4",
							"2",
							"3"
						],
						"type": "malware-action"
					},
					{
						"action_refs": [
							"malware-action--cf4acb1f-d613-4ff3-472ac877418c3e15"
						],
						"description": "File contains one or more URL/domain name/IP address",
						"id": "behavior--574cc6a8-2334-4abff11c-54c92e5749a6",
						"name": "sa_url",
						"type": "behavior"
					}
				],
				"observable_objects": {
					"0": {
						"hashes": {
							"MD5": "3b695ce4b733069a1b8671c4e9ebe247",
							"SHA-1": "25fec390b4419edd0a08784bcb8960143443b347",
							"SHA-256": "ac1f40162a2435537171dbe29feaf3b75ce0d12c86db411259914ad75e689266"
						},
						"type": "file",
						"x-wf-file-type": "pdf"
					},
					"1": {
						"name": "PDF Static Analyzer",
						"type": "software"
					},
					"2": {
						"type": "url",
						"value": "2.2.2.2/"
					},
					"3": {
						"type": "url",
						"value": "portalbeta1.wildfire.paloaltonetworks.com/report/box/7521c97f1705211618f8db072b6d0d0e5c28d0d727ecde12344745974d07e068/2588767858"
					},
					"4": {
						"type": "url",
						"value": "2.2.2.2:1234/"
					}
				},
				"schema_version": "5.0",
				"type": "package"
			}
		],
		"primary_malware_instances": {
			"package--f4dc11a8-b803-437c-5f1f-de0a08ea5fe7": "malwareinstance--bdae93df-8bb1-4521-696a-593eee2574fb"
		},
		"sa_package": "package--f4dc11a8-b803-437c-5f1f-de0a08ea5fe7",
		"schema_version": "1.0",
		"sha256": "ac1f40162a2435537171dbe29feaf3b75ce0d12c86db411259914ad75e689266",
		"type": "wf-report",
		"verdict": "no detection"
	}
}

Workflow Library Example

Get Report for File with Wildfire and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop