PaloAltoWildFire#
README
WildFire® is the industry's largest, most integrated cloud malware protection engine that utilizes patented machine learning models for real-time detection of previously unseen, targeted malware and advanced persistent threats, keeping your organization protected.
When you submit observables to WildFire, they are analyzed in a sandboxed environment using multiple techniques: * Dynamic analysis observes the files as they execute * Machine learning extracts unique feathres form each file * Static analysis provides instant identification of malware variants * Uses a custom hypervisor to prevent malware evasion techniques
This analyzer supports "file", "url", and "hash" observables to be submitted to WildFire and produces a nicely formatted report in TheHive with all the pertinent information.
Product website: https://www.paloaltonetworks.com/network-security/wildfire
PaloAltoWildFire#
Author: Ignacio Rodriguez Paez, Joe Lazaro
License: AGPL-V3
Version: 1.0
Supported observables types:
- file
- url
- hash
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://www.paloaltonetworks.com/network-security/wildfire
Description#
Run Palo Alto WildFire analysis on a file, hash, or URL
Configuration#
| api_host | You can send requests to the WildFire global cloud (U.S., default option) or to the WildFire regional clouds that Palo Alto Networks owns and maintains. See the WildFire Public Cloud documentation for a list of valid servers. |
|---|---|
| Default value if not configured | wildfire.paloaltonetworks.com |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| key | API key for WildFire |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| polling_interval | Define time interval between two requests attempts for the report |
|---|---|
| Default value if not configured | 60 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
