Skip to main content

Detonate URL - WildFire v2.1

This Playbook is part of the WildFire by Palo Alto Networks Pack.#

Deprecated

Use Detonate URL - WildFire v2.2 instead.

Detonate a webpage or remote file using the WildFire integration. This playbook returns relevant reports to the War Room and file reputations to the context data. The detonation supports the following file types: APK, JAR, DOC, DOCX, RTF, OOXLS, XLSX, PPT, PPTX, XML, PE32, PDF, DMG, PKG, RAR, 7Z, JS.

This playbook is deprecated. please use the Detonate URL - WildFire v2.2 instead.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

GenericPolling

Integrations#

Palo_Alto_Networks_WildFire_v2

Scripts#

This playbook does not use any scripts.

Commands#

  • wildfire-upload-file-url
  • wildfire-report
  • wildfire-upload-url

Playbook Inputs#


NameDescriptionDefault ValueRequired
URLURL of the webpage or file URL to detonate. The URL is taken from the context.URL.DataOptional
IntervalDuration for executing the polling (in minutes).1Optional
TimeoutThe duration after which to stop polling and to resume the playbook (in minutes).60Optional
ReportFileTypeThe resource type to download. Default is PDF. XML is also possible.Optional

Playbook Outputs#


PathDescriptionType
DBotScoreThe DBotScore object.unknown
DBotScore.ScoreThe actual score.number
File.SizeFile size.number
File.MD5MD5 hash.string
File.SHA1SHA1 hash.string
File.TypeFile type, e.g., "PE".string
File.SHA256SHA256 hash.string
File.EntryIDThe entry ID of the sample.string
File.Malicious.VendorFor malicious files, the vendor that determined that the file is malicious.string
File.NameFile.name.string
File.Malicious.DescriptionFor malicious files, the reason the vendor determined that the file is malicious.string
DBotScore.IndicatorThe indicator we tested.string
DBotScore.TypeThe type of indicator.string
DBotScore.VendorVendor used to calculate the score.string
IP.AddressIPs relevant to the sample.string
FileThe file object.unknown
InfoFileThe report file object.unknown
InfoFile.EntryIDThe EntryID of the report file.string
InfoFile.ExtensionThe extension of the report file.string
InfoFile.NameThe name of the report file.string
InfoFile.InfoThe info of the report file.string
InfoFile.SizeThe size of the report file.number
InfoFile.TypeThe type of the report file.string
File.MaliciousThe malicious object.unknown
WildFire.ReportThe submission object.unknown
WildFire.Report.MD5MD5 of the submission.string
WildFire.Report.SHA256SHA256 of the submission.string
WildFire.Report.FileTypeThe type of the submission.string
WildFire.Report.StatusThe status of the submission.string
WildFire.Report.SizeThe size of the submission.number
WildFire.Report.URLURL of the submission.string
WildFire.Report.detection_reasonsThe detection reasons object.unknown
WildFire.Report.detection_reasons.descriptionReason for the detection verdict.string
WildFire.Report.detection_reasons.nameName of the detection.string
WildFire.Report.detection_reasons.typeType of the detection.string
WildFire.Report.detection_reasons.verdictVerdict of the detection.string
WildFire.Report.detection_reasons.artifactsArtifacts for the detection reasons.string
WildFire.Report.iocsAssociated IOCs.string

Playbook Image#


Detonate_URL_WildFire-v2