Palo Alto Networks · Schema
AnalysisReport
Detailed WildFire analysis report including behavioral analysis, network activity, and system changes observed during sandbox execution.
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR
Properties
| Name | Type | Description |
|---|---|---|
| wildfire | object |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "AnalysisReport",
"description": "Detailed WildFire analysis report including behavioral analysis, network activity, and system changes observed during sandbox execution.",
"$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/wildfire-api-analysis-report-schema.json",
"type": "object",
"properties": {
"wildfire": {
"type": "object",
"properties": {
"version": {
"type": "string"
},
"file_info": {
"type": "object",
"properties": {
"file_stype": {
"type": "string"
},
"size": {
"type": "integer"
},
"md5": {
"type": "string"
},
"sha256": {
"type": "string"
},
"create_time": {
"type": "string",
"format": "date-time"
}
}
},
"task_info": {
"type": "object",
"properties": {
"report": {
"oneOf": [
{
"type": "object",
"description": "Analysis results from a single sandbox execution environment.",
"properties": {
"platform": {
"type": "string",
"description": "Platform identifier (e.g., 100 for Windows XP SP3)."
},
"software": {
"type": "string",
"description": "Sandbox software environment."
},
"version": {
"type": "string"
},
"summary": {
"type": "object",
"properties": {
"@verdict": {
"type": "string",
"enum": [
"benign",
"malware",
"grayware",
"phishing"
]
}
}
},
"network": {
"type": "object",
"properties": {
"dns": {
"type": "array",
"items": {
"type": "object",
"properties": {
"@query": {
"type": "string"
},
"@response": {
"type": "string"
}
}
}
},
"tcp": {
"type": "array",
"items": {
"type": "object",
"properties": {
"@ip": {
"type": "string"
},
"@port": {
"type": "integer"
},
"@country": {
"type": "string"
}
}
}
},
"http": {
"type": "array",
"items": {
"type": "object",
"properties": {
"@request": {
"type": "string"
},
"@response": {
"type": "string"
}
}
}
}
}
},
"process_list": {
"type": "object",
"properties": {
"process": {
"type": "array",
"items": {
"type": "object",
"properties": {
"@name": {
"type": "string"
},
"@pid": {
"type": "string"
},
"@text": {
"type": "string"
}
}
}
}
}
}
}
},
{
"type": "array",
"items": {
"type": "object",
"description": "Analysis results from a single sandbox execution environment.",
"properties": {
"platform": {
"type": "string",
"description": "Platform identifier (e.g., 100 for Windows XP SP3)."
},
"software": {
"type": "string",
"description": "Sandbox software environment."
},
"version": {
"type": "string"
},
"summary": {
"type": "object",
"properties": {
"@verdict": {
"type": "string",
"enum": [
"benign",
"malware",
"grayware",
"phishing"
]
}
}
},
"network": {
"type": "object",
"properties": {
"dns": {
"type": "array",
"items": {
"type": "object",
"properties": {
"@query": {
"type": "string"
},
"@response": {
"type": "string"
}
}
}
},
"tcp": {
"type": "array",
"items": {
"type": "object",
"properties": {
"@ip": {
"type": "string"
},
"@port": {
"type": "integer"
},
"@country": {
"type": "string"
}
}
}
},
"http": {
"type": "array",
"items": {
"type": "object",
"properties": {
"@request": {
"type": "string"
},
"@response": {
"type": "string"
}
}
}
}
}
},
"process_list": {
"type": "object",
"properties": {
"process": {
"type": "array",
"items": {
"type": "object",
"properties": {
"@name": {
"type": "string"
},
"@pid": {
"type": "string"
},
"@text": {
"type": "string"
}
}
}
}
}
}
}
}
}
]
}
}
}
}
}
}
}