> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Report For File

Get malware report by file's MD5 or SHA-256 hash.

<Note>
  External Documentation

  To learn more, visit the [WildFire documentation](https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-api/get-wildfire-information-through-the-wildfire-api/get-a-wildfire-analysis-report-wildfire-api).
</Note>

## Basic Parameters

<div className="integrations-table">
  | Parameter | Description                                |
  | --------- | ------------------------------------------ |
  | Format    | The format of the report that is returned. |
  | Hash      | The MD5 or SHA-256 hash of the file.       |
</div>

## Advanced Parameters

<div className="integrations-table">
  | Parameter | Description                                                                         |
  | --------- | ----------------------------------------------------------------------------------- |
  | Agent     | Required for Prisma Access and Prisma Cloud Compute-based WildFire public API keys. |
</div>

## Example Output

```json theme={"dark"}
{
	"success": true,
	"result": {
		"detection_reasons": [],
		"iocs": [],
		"maec_packages": [
			{
				"id": "package--f4dc11a8-b803-437c-5f1f-de0a08ea5fe7",
				"maec_objects": [
					{
						"analysis_metadata": [
							{
								"analysis_type": "static",
								"conclusion": "no detection",
								"is_automated": true,
								"tool_refs": [
									"1"
								]
							}
						],
						"dynamic_features": {
							"action_refs": [
								"malware-action--cf4acb1f-d613-4ff3-472ac877418c3e15"
							],
							"behavior_refs": [
								"behavior--3a7cd04f-b867-4c06-e97e-911df668b4aa",
								"behavior--832fc6d9-d0d7-44ef-84d7-95015187f56f",
								"behavior--688b7e60-b8f3-482a-f40cb43121b9fe7d",
								"behavior--574cc6a8-2334-4abff11c-54c92e5749a6"
							]
						},
						"id": "malware-instance--bdae93df-8bb1-4521-696a-593eee2574fb",
						"instance_object_refs": [
							"0"
						],
						"type": "malware-instance"
					},
					{
						"description": "PDF contains an URI.",
						"id": "behavior--3a7cd04f-b867-4c06-e97e-911df668b4aa",
						"name": "pdf_sa_uri",
						"type": "behavior"
					},
					{
						"description": "PDF has only one page.",
						"id": "behavior--832fc6d9-d0d7-44ef-84d7-95015187f56f",
						"name": "pdf_sa_onepage",
						"type": "behavior"
					},
					{
						"description": "PDF document contains an canonicalized object key of Action",
						"id": "behavior--688b7e60-b8f3-482a-f40cb43121b9fe7d",
						"name": "pdf_ko_action",
						"type": "behavior"
					},
					{
						"description": "The action of containing network artifacts.",
						"id": "malware-action--cf4acb1f-d613-4ff3-472ac877418c3e15",
						"name": "network-artifacts",
						"output_object_refs": [
							"4",
							"2",
							"3"
						],
						"type": "malware-action"
					},
					{
						"action_refs": [
							"malware-action--cf4acb1f-d613-4ff3-472ac877418c3e15"
						],
						"description": "File contains one or more URL/domain name/IP address",
						"id": "behavior--574cc6a8-2334-4abff11c-54c92e5749a6",
						"name": "sa_url",
						"type": "behavior"
					}
				],
				"observable_objects": {
					"0": {
						"hashes": {
							"MD5": "3b695ce4b733069a1b8671c4e9ebe247",
							"SHA-1": "25fec390b4419edd0a08784bcb8960143443b347",
							"SHA-256": "ac1f40162a2435537171dbe29feaf3b75ce0d12c86db411259914ad75e689266"
						},
						"type": "file",
						"x-wf-file-type": "pdf"
					},
					"1": {
						"name": "PDF Static Analyzer",
						"type": "software"
					},
					"2": {
						"type": "url",
						"value": "2.2.2.2/"
					},
					"3": {
						"type": "url",
						"value": "portalbeta1.wildfire.paloaltonetworks.com/report/box/7521c97f1705211618f8db072b6d0d0e5c28d0d727ecde12344745974d07e068/2588767858"
					},
					"4": {
						"type": "url",
						"value": "2.2.2.2:1234/"
					}
				},
				"schema_version": "5.0",
				"type": "package"
			}
		],
		"primary_malware_instances": {
			"package--f4dc11a8-b803-437c-5f1f-de0a08ea5fe7": "malwareinstance--bdae93df-8bb1-4521-696a-593eee2574fb"
		},
		"sa_package": "package--f4dc11a8-b803-437c-5f1f-de0a08ea5fe7",
		"schema_version": "1.0",
		"sha256": "ac1f40162a2435537171dbe29feaf3b75ce0d12c86db411259914ad75e689266",
		"type": "wf-report",
		"verdict": "no detection"
	}
}
```

## Workflow Library Example

[Get Report for File with Wildfire and Send Results Via Email](https://library.blinkops.com/workflows/get-report-for-file-with-wildfire-and-send-results-via-email)

<div className="iframe-wrapper">
  <div className="iframe-media">
    <img src="https://mintcdn.com/blinkops-2/ojHYuDeYX5FWuN8a/img/Icons/play-box.svg?fit=max&auto=format&n=ojHYuDeYX5FWuN8a&q=85&s=b8af968e71438a9499c3223c9bd29fb2" alt="Workflow Library" width="16" height="16" data-path="img/Icons/play-box.svg" />

    Preview this Workflow on desktop
  </div>

  <iframe className="iframe" src="https://library.blinkops.com/workflows/get-report-for-file-with-wildfire-and-send-results-via-email/canvas" />
</div>
