WildFire
Version: 2.0.0
Palo Alto WildFire cloud-based threat analysis service is the industry's most advanced analysis and prevention engine for highly evasive zero-day exploits and malware.
Connect WildFire with LogicHub
- Navigate to Automations > Integrations.
- Search for WildFire.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- URL: URL to your WildFire instance (empty to use public API).
- API Key: The API key to connect to the WildFire.
- After you've entered all the details, click Connect.
Actions for WildFire
Filehash Check
Checks a filehash input from the table and returns the results from WildFire.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Column Name | Column name from the parent table to lookup value for. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
{
"has_error": true,
"error": "Input blank"
}
Upload Files
Submits local files to WildFire and returns a filehash reference for a verdict.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Column Name | Column name from parent table containing filenames separated by commas. | Required |
Get Verdict
Submit an uploaded file's filehash to retrieve a verdict for the file.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Column Name | Column name from parent table to lookup value for. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
{
"error": null,
"has_error": false,
"verdict": "Skipped",
"verdict_code": null,
"msg": "Input blank",
"input": ""
}
Release Notes
v2.0.0- Updated architecture to support IO via filesystemv1.1.9- Added documentation link in the automation library.
Updated about 1 year ago