I'm trying to get the file hash values for all submissions WildFire deems as malware. Is this possible? From what I've read you have to specify the hash value in the API call but I'd just like a list of all values.
Solved! Go to Solution.
I don't think you can. The idea of the API is to query for an Ad Hoc verdict not to pull the data for a separate or offline solution.
As @pulukas said, you can't do this with the WildFire API, but there are a couple other solutions:
1. The sha256 hashes are available on the Firewalls/Panorama. They can output via syslog or webhook as they happen, or you can query them via the PAN-OS API.
2. AutoFocus subscribers can get a list of hashes via the AutoFocus API. Here's an example request for hashes of all 'private' malware samples, which means all samples submitted by your organization to WildFire:
And an example result showing the sha256, md5, and sha1 hashes of one of the samples returned:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!