Palo Alto Networks · JSON Structure
Wildfire Api Analysis Report Structure
Detailed WildFire analysis report including behavioral analysis, network activity, and system changes observed during sandbox execution.
Type: object
Properties: 1
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR
AnalysisReport is a JSON Structure definition published by Palo Alto Networks, describing 1 property. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.
Properties
wildfire
Meta-schema: https://json-structure.org/meta/core/v0/#
JSON Structure
{
"$schema": "https://json-structure.org/meta/core/v0/#",
"$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/wildfire-api-analysis-report-structure.json",
"name": "AnalysisReport",
"description": "Detailed WildFire analysis report including behavioral analysis, network activity, and system changes observed during sandbox execution.",
"type": "object",
"properties": {
"wildfire": {
"type": "object",
"properties": {
"version": {
"type": "string"
},
"file_info": {
"type": "object",
"properties": {
"file_stype": {
"type": "string"
},
"size": {
"type": "int32"
},
"md5": {
"type": "string"
},
"sha256": {
"type": "string"
},
"create_time": {
"type": "datetime"
}
}
},
"task_info": {
"type": "object",
"properties": {
"report": {
"oneOf": [
{
"type": "object",
"description": "Analysis results from a single sandbox execution environment.",
"properties": {
"platform": {
"type": "string",
"description": "Platform identifier (e.g., 100 for Windows XP SP3)."
},
"software": {
"type": "string",
"description": "Sandbox software environment."
},
"version": {
"type": "string"
},
"summary": {
"type": "object",
"properties": {
"@verdict": {
"type": "string",
"enum": [
"benign",
"malware",
"grayware",
"phishing"
]
}
}
},
"network": {
"type": "object",
"properties": {
"dns": {
"type": "array",
"items": {
"type": "object",
"properties": {
"@query": {
"type": "string"
},
"@response": {
"type": "string"
}
}
}
},
"tcp": {
"type": "array",
"items": {
"type": "object",
"properties": {
"@ip": {
"type": "string"
},
"@port": {
"type": "int32"
},
"@country": {
"type": "string"
}
}
}
},
"http": {
"type": "array",
"items": {
"type": "object",
"properties": {
"@request": {
"type": "string"
},
"@response": {
"type": "string"
}
}
}
}
}
},
"process_list": {
"type": "object",
"properties": {
"process": {
"type": "array",
"items": {
"type": "object",
"properties": {
"@name": {
"type": "string"
},
"@pid": {
"type": "string"
},
"@text": {
"type": "string"
}
}
}
}
}
}
}
},
{
"type": "array",
"items": {
"type": "object",
"description": "Analysis results from a single sandbox execution environment.",
"properties": {
"platform": {
"type": "string",
"description": "Platform identifier (e.g., 100 for Windows XP SP3)."
},
"software": {
"type": "string",
"description": "Sandbox software environment."
},
"version": {
"type": "string"
},
"summary": {
"type": "object",
"properties": {
"@verdict": {
"type": "string",
"enum": [
"benign",
"malware",
"grayware",
"phishing"
]
}
}
},
"network": {
"type": "object",
"properties": {
"dns": {
"type": "array",
"items": {
"type": "object",
"properties": {
"@query": {
"type": "string"
},
"@response": {
"type": "string"
}
}
}
},
"tcp": {
"type": "array",
"items": {
"type": "object",
"properties": {
"@ip": {
"type": "string"
},
"@port": {
"type": "int32"
},
"@country": {
"type": "string"
}
}
}
},
"http": {
"type": "array",
"items": {
"type": "object",
"properties": {
"@request": {
"type": "string"
},
"@response": {
"type": "string"
}
}
}
}
}
},
"process_list": {
"type": "object",
"properties": {
"process": {
"type": "array",
"items": {
"type": "object",
"properties": {
"@name": {
"type": "string"
},
"@pid": {
"type": "string"
},
"@text": {
"type": "string"
}
}
}
}
}
}
}
}
}
]
}
}
}
}
}
}
}