Skip to content

PaloAltoWildFire#

README

WildFire® is the industry's largest, most integrated cloud malware protection engine that utilizes patented machine learning models for real-time detection of previously unseen, targeted malware and advanced persistent threats, keeping your organization protected.

When you submit observables to WildFire, they are analyzed in a sandboxed environment using multiple techniques: * Dynamic analysis observes the files as they execute * Machine learning extracts unique feathres form each file * Static analysis provides instant identification of malware variants * Uses a custom hypervisor to prevent malware evasion techniques

This analyzer supports "file", "url", and "hash" observables to be submitted to WildFire and produces a nicely formatted report in TheHive with all the pertinent information.

Product website: https://www.paloaltonetworks.com/network-security/wildfire

PaloAltoWildFire#

Author: Ignacio Rodriguez Paez, Joe Lazaro
License: AGPL-V3
Version: 1.0
Supported observables types:
- file
- url
- hash
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://www.paloaltonetworks.com/network-security/wildfire

Description#

Run Palo Alto WildFire analysis on a file, hash, or URL

Configuration#

api_host You can send requests to the WildFire global cloud (U.S., default option) or to the WildFire regional clouds that Palo Alto Networks owns and maintains. See the WildFire Public Cloud documentation for a list of valid servers.
Default value if not configured wildfire.paloaltonetworks.com
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
key API key for WildFire
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
polling_interval Define time interval between two requests attempts for the report
Default value if not configured 60
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

WildFire file analysis long report sample

WildFire URL analysis long report sample


Last update: October 21, 2022 15:12:21