This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

WildFire API Malware Hashes

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

WildFire API Malware Hashes

Go to solution
jt1025
L2 Linker

‎05-29-2018 01:02 PM

I'm trying to get the file hash values for all submissions WildFire deems as malware.  Is this possible?  From what I've read you have to specify the hash value in the API call but I'd just like a list of all values.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
btorresgil
L4 Transporter
In response to pulukas

‎06-06-2018 08:10 PM

As @pulukas said, you can't do this with the WildFire API, but there are a couple other solutions:

 

1. The sha256 hashes are available on the Firewalls/Panorama.  They can output via syslog or webhook as they happen, or you can query them via the PAN-OS API.

https://www.paloaltonetworks.com/documentation/81/pan-os/xml-api/pan-os-xml-api-request-types/retrie...

 

2. AutoFocus subscribers can get a list of hashes via the AutoFocus API.  Here's an example request for hashes of all 'private' malware samples, which means all samples submitted by your organization to WildFire:

https://www.paloaltonetworks.com/documentation/autofocus/autofocus/autofocus_api/perform-autofocus-s...

 

And an example result showing the sha256, md5, and sha1 hashes of one of the samples returned:

https://www.paloaltonetworks.com/documentation/autofocus/autofocus/autofocus_api/perform-autofocus-s...

View solution in original post

0 Likes Likes
3 REPLIES 3

Go to solution
pulukas
L7 Applicator

‎06-02-2018 07:00 AM

I don't think you can.  The idea of the API is to query for an Ad Hoc verdict not to pull the data for a separate or offline solution.

 

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes

Go to solution
btorresgil
L4 Transporter
In response to pulukas

‎06-06-2018 08:10 PM

As @pulukas said, you can't do this with the WildFire API, but there are a couple other solutions:

 

1. The sha256 hashes are available on the Firewalls/Panorama.  They can output via syslog or webhook as they happen, or you can query them via the PAN-OS API.

https://www.paloaltonetworks.com/documentation/81/pan-os/xml-api/pan-os-xml-api-request-types/retrie...

 

2. AutoFocus subscribers can get a list of hashes via the AutoFocus API.  Here's an example request for hashes of all 'private' malware samples, which means all samples submitted by your organization to WildFire:

https://www.paloaltonetworks.com/documentation/autofocus/autofocus/autofocus_api/perform-autofocus-s...

 

And an example result showing the sha256, md5, and sha1 hashes of one of the samples returned:

https://www.paloaltonetworks.com/documentation/autofocus/autofocus/autofocus_api/perform-autofocus-s...

0 Likes Likes

Go to solution
jt1025
L2 Linker

‎06-07-2018 08:45 AM

Thanks for the options.  I forgot about API and will go that route as we're still on 7.1 and not yet an AutoFocus subscriber.

0 Likes Likes
  • 1 accepted solution
  • 3824 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks