Skip to main content

Detonate File From URL - WildFire v2

This Playbook is part of the WildFire by Palo Alto Networks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.10.0 and later.

Detonate one or more files using the Wildfire v2 integration. This playbook returns relevant reports to the War Room and file reputations to the context data. The detonation supports the following file types - APK, JAR, DOC, DOCX, RTF, XLS, XLSX, PPT, PPTX, XML, PE32, PDF, DMG, PKG, RAR, 7Z.


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • Palo_Alto_Networks_WildFire_v2


This playbook does not use any scripts.


  • wildfire-upload-file-url
  • wildfire-report

Playbook Inputs#

NameDescriptionDefault ValueRequired
FileURLURL of the web file to detonate. The FileUrl is taken from the context.FileURLOptional
IntervalDuration for executing the pooling (in minutes).1Optional
TimeoutThe duration after which to stop pooling and to resume the playbook (in minutes).8Optional
ReportFileTypeThe resource type to download. Default is pdf. XML is also possible.Optional

Playbook Outputs#

DBotScoreThe DBotScore object.unknown
DBotScore.ScoreThe actual score.number
File.SizeFile size.number
File.MD5MD5 hash of the file.string
File.SHA1SHA1 hash of the file.string
File.TypeFile type, e.g., "PE".string
File.SHA256SHA256 hash of the file.string
File.EntryIDThe Entry ID of the sample.string
File.Malicious.VendorFor malicious files, the vendor that made the decision.string
File.Malicious.DescriptionFor malicious files, the reason the vendor made the decision.string
DBotScore.IndicatorThe indicator tested.string
DBotScore.TypeThe type of the indicator.string
DBotScore.VendorVendor used to calculate the score.string
IP.AddressIPs relevant to the sample.string
FileThe file object.unknown
InfoFileThe report file object.unknown
InfoFile.EntryIDThe EntryID of the report file.string
InfoFile.ExtensionThe extension of the report file.string
InfoFile.NameThe name of the report file.string
InfoFile.InfoThe info of the report file.string
InfoFile.SizeThe size of the report file.number
InfoFile.TypeThe type of the report file.string
File.MaliciousThe malicious object.unknown
WildFire.ReportThe submission object.unknown
WildFire.Report.MD5MD5 of the submission.string
WildFire.Report.SHA256SHA256 of the submission.string
WildFire.Report.FileTypeThe type of the submission.string
WildFire.Report.StatusThe status of the submission.string
WildFire.Report.SizeThe size of the submission.number
WildFire.Report.ExtractedURL.URLThe extracted URL.string
WildFire.Report.ExtractedURL.VerdictThe extracted verdict.number

Playbook Image#

Detonate File From URL - WildFire v2