Skip to main content

Detonate URL - WildFire-v2

This Playbook is part of the WildFire by Palo Alto Networks Pack.#


Use Detonate URL - WildFire v2.2 instead.

Detonates a webpage or a remote file using the WildFire integration. This playbook returns relevant reports to the War Room and file reputations to the context data.

The detonation supports the following file types: APK, JAR, DOC, DOCX, RTF, OOXLS, XLSX, PPT, PPTX, XML, PE32, PDF, DMG, PKG, RAR, 7Z.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • GenericPolling


  • WildFire-v2


This playbook does not use any scripts.


  • wildfire-report
  • wildfire-upload-file-url
  • wildfire-upload-url

Playbook Inputs#

NameDescriptionDefault ValueSourceRequired
URLThe URL of the webpage or the file URL to detonate. The URL is taken from the context.DataURLOptional
IntervalThe duration for executing the pooling (in minutes).1-Optional
TimeoutThe duration after which to stop pooling and to resume the playbook (in minutes).15-Optional
ReportFileTypeThe resource type to download. The default is pdf. XML is also possible.--Optional

Playbook Outputs#

DBotScoreThe DBotScore object.unknown
DBotScore.ScoreThe actual score.number
File.SizeThe file size.number
File.MD5The MD5 hash of the file.string
File.SHA1The SHA1 hash of the file.string
File.TypeThe file type. For example, "PE".string
File.SHA256Thas SHA256 hash of the file.string
File.EntryIDThe entry ID of the sample.string
File.Malicious.VendorThe vendor that made the decision that the file is malicious.string
File.NameThe filenamestring
File.Malicious.DescriptionThe reason for the vendor to make the decision that the file is malicious.string
DBotScore.IndicatorThe indicator that was tested.string
DBotScore.TypeThe type of the indicator.string
DBotScore.VendorThe vendor used to calculate the score.string
IP.AddressThe IP addresses's relevant to the sample.string
FileThe file object.unknown
InfoFileThe report file object.unknown
InfoFile.EntryIDThe EntryID of the report file.string
InfoFile.ExtensionThe extension of the report file.string
InfoFile.NameThe name of the report file.string
InfoFile.InfoThe info of the report file.string
InfoFile.SizeThe size of the report file.number
InfoFile.TypeThe type of the report file.string
File.MaliciousThe malicious object.unknown
WildFire.ReportThe submission object.unknown
WildFire.Report.MD5The MD5 hash of the submission.string
WildFire.Report.SHA256The SHA256 hash of the submission.string
WildFire.Report.FileTypeThe type of the submission.string
WildFire.Report.StatusThe status of the submission.string
WildFire.Report.SizeThe size of the submission.number
WildFire.Report.detection_reasonsThe detection reasons object.unknown
WildFire.Report.detection_reasons.descriptionReason for the detection verdict.string
WildFire.Report.detection_reasons.nameName of the detection.string
WildFire.Report.detection_reasons.typeType of the detection.string
WildFire.Report.detection_reasons.verdictVerdict of the detection.string
WildFire.Report.detection_reasons.artifactsArtifacts for the detection.string
WildFire.Report.iocsAssociated IOCs.string

Playbook Image#