WildFire

Palo Alto WildFire cloud-based threat analysis service is the industry's most advanced analysis and prevention engine for highly evasive zero-day exploits and malware.

Integration with LogicHub

Connecting with WildFire

To connect to WildFire following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • URL: URL to your WildFire instance (empty to use public API).
  • API Key: The API key to connect to the WildFire.

Actions with WildFire

Filehash Check

Checks a filehash input from the table and returns the results from WildFire.

Inputs to this Action

  • Connections: Choose a connection that you have created.
  • Column Name: Column name from the parent table to lookup value for.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "Input blank"
}

Upload Files

Submits local files to WildFire and returns a filehash reference for a verdict.

Inputs to this Action

  • Connections: Choose a connection that you have created.
  • Column Name: Column name from parent table containing filenames separated by commas.

Get Verdict

Submit an uploaded file's filehash to retrieve a verdict for the file.

Inputs to this Action

  • Connections: Choose a connection that you have created.
  • Column Name: Column name from parent table to lookup value for.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
{
   "error": null,
   "has_error": false,
   "verdict": "Skipped",
   "verdict_code": null,
   "msg": "Input blank",
   "input": ""
}

Did this page help you?