Palo Alto Networks · JSON Structure

Wildfire Api Sandbox Report Structure

Analysis results from a single sandbox execution environment.

Type: object Properties: 6
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

SandboxReport is a JSON Structure definition published by Palo Alto Networks, describing 6 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

platform software version summary network process_list

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/wildfire-api-sandbox-report-structure.json",
  "name": "SandboxReport",
  "description": "Analysis results from a single sandbox execution environment.",
  "type": "object",
  "properties": {
    "platform": {
      "type": "string",
      "description": "Platform identifier (e.g., 100 for Windows XP SP3)."
    },
    "software": {
      "type": "string",
      "description": "Sandbox software environment."
    },
    "version": {
      "type": "string"
    },
    "summary": {
      "type": "object",
      "properties": {
        "@verdict": {
          "type": "string",
          "enum": [
            "benign",
            "malware",
            "grayware",
            "phishing"
          ]
        }
      }
    },
    "network": {
      "type": "object",
      "properties": {
        "dns": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "@query": {
                "type": "string"
              },
              "@response": {
                "type": "string"
              }
            }
          }
        },
        "tcp": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "@ip": {
                "type": "string"
              },
              "@port": {
                "type": "int32"
              },
              "@country": {
                "type": "string"
              }
            }
          }
        },
        "http": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "@request": {
                "type": "string"
              },
              "@response": {
                "type": "string"
              }
            }
          }
        }
      }
    },
    "process_list": {
      "type": "object",
      "properties": {
        "process": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "@name": {
                "type": "string"
              },
              "@pid": {
                "type": "string"
              },
              "@text": {
                "type": "string"
              }
            }
          }
        }
      }
    }
  }
}