Skip to main content

Detonate File From URL - WildFire

This Playbook is part of the WildFire by Palo Alto Networks Pack.#


Use Detonate File From URL - WildFire v2 instead.

Detonates one or more files using the Wildfire integration. This playbook returns relevant reports to the War Room and file reputations to the context data.

The detonation supports the following file types: APK, JAR, DOC, DOCX, RTF, XLS, XLSX, PPT, PPTX, XML, PE32, PDF, DMG, PKG, RAR, 7Z.

This playbook is deprecated. please use the Detonate File From URL - WildFire v2 instead.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • GenericPolling


This playbook does not use any integrations.


This playbook does not use any scripts.


  • wildfire-upload-file-url
  • wildfire-report

Playbook Inputs#

NameDescriptionDefault ValueSourceRequired
FileURLThe URL of the web file to detonate. The FileUrl is taken from the context.NoneFileURLOptional
IntervalThe duration for executing the pooling (in minutes).1-Optional
TimeoutThe duration after which to stop pooling and to resume the playbook (in minutes).15-Optional
ReportFileTypeThe resource type to download. The default is "pdf". XML is also possible.--Optional

Playbook Outputs#

DBotScoreThe DBotScore object.unknown
DBotScore.ScoreThe actual score.number
File.SizeThe file size.number
File.MD5The MD5 hash of the file.string
File.SHA1The SHA1 hash of the file.string
File.TypeThe file type. For example, "PE".string
File.SHA256The SHA256 hash of the file.string
File.EntryIDThe entry ID of the sample.string
File.Malicious.VendorThe vendor that made the decision that the file is malicious.string
File.NameThe filename.string
File.Malicious.DescriptionThe reason for the vendor to make the decision that the file is malicious.string
DBotScore.IndicatorThe indicator that was tested.string
DBotScore.TypeThe type of the indicator.string
DBotScore.VendorThe vendor used to calculate the score.string
IP.AddressThe IP address's relevant to the sample.string
FileThe fle object.unknown
InfoFileThe report file object.unknown
InfoFile.EntryIDThe EntryID of the report file.string
InfoFile.ExtensionThe extension of the report file.string
InfoFile.NameThe name of the report file.string
InfoFile.InfoThe info of the report file.string
InfoFile.SizeThe size of the report file.number
InfoFile.TypeThe type of the report file.string
File.MaliciousThe malicious object.unknown
WildFire.ReportThe submission object.unknown
WildFire.Report.MD5The MD5 hash of the submission.string
WildFire.Report.SHA256The SHA256 hash of the submission.string
WildFire.Report.FileTypeThe type of the submission.string
WildFire.Report.StatusThe status of the submission.string
WildFire.Report.SizeThe size of the submission.number

Playbook Image#