Skip to main content

Palo Alto Networks WildFire Reports

This Integration is part of the WildFire by Palo Alto Networks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

Generates a Palo Alto Networks WildFire PDF report.

This integration is set up by default on Cortex XSOAR versions 6.5+ with the Threat Intel Module (TIM). It is designed for internal use with the TIM Sample Analysis feature. To run ad hoc CLI commands to generate WildFire reports, use the Palo Alto Networks WildFire v2 integration instead.

This integration was created and tested with version 10.1 of WildFire.

Configure Palo Alto Networks WildFire Reports on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Palo Alto Networks WildFire Reports.

  3. Click Add instance to create and configure a new integration instance.

    Server base URL (e.g.,
    API KeyFalse
    Trust any certificate (not secure)Trust any certificate (not secure).False
    Use system proxy settingsUse system proxy settings.False
  4. Click Test to validate the URLs, token, and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Retrieves results for a file hash using WildFire.

Base Command#



Argument NameDescriptionRequired
sha256SHA256 hash to check.Required

Context Output#

There is no context output for this command.

Command Example#

!internal-wildfire-get-report sha256=abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890

Human Readable Output#