Request Threat Signature Metadata (All types)
The API Reference information for retrieving threat signature metadata (in batch mode) can be found here.
Overview
The Threat Vault API can be used to request threat signature metadata. Consider the following examples:
Keep a few things in mind when formatting your API query:
- All the query strings in Get requests must be a URL-Encoded parameter string. If you use a space in the URL-Encoded request, you must include either a plus sign (+) or %20 to replace the space.
- You can specify the content type of the request body and response by specifying the Content-Type header. Some responses generate an HTTP response in addition to a JSON object.
- Do not embed API keys in code or application source tree files. This can inadvertently expose the API key. Instead, consider storing the API key in environmental variables or files that are excluded from your application source tree files.
Example 1: Request information about threat signature IDs in batch mode
curl -X POST -d '{"id": [280392504, 91144208, 92515295, 91865991]}' 'https://api.threatvault.
paloaltonetworks.com/service/v1/threats' \
-H 'X-API-KEY: API_KEY' \
-H 'Content-Type: application/json'
A successful API call returns, within the contents section, status="success"
along with the threat signature details for each signature ID.
{
"success": true,
"link": {
"next": null,
"previous": null
},
"count": 4,
"data": {
"antivirus": [
{
"name": "Trojan/Win32.trojan-gen.fn",
"severity": "medium",
"type": "0",
"subtype": "virus",
"description": "This signature detected Trojan/Win32.trojan-gen.fn",
"action": "",
"id": "91144208",
"create_time": "2009-11-09T02:59:38Z",
"status": "active",
"related_sha256_hashes": [],
"release": {
"antivirus": {
"first_release_version": "31",
"first_release_time": "2009-11-10T15:10:02Z",
"last_release_version": "140",
"last_release_time": "2010-02-20T15:05:09Z"
}
}
},
{
"name": "Trojan/Win32.trojan-pws.acs",
"severity": "medium",
"type": "0",
"subtype": "virus",
"description": "This signature detected Trojan/Win32.trojan-pws.acs",
"action": "",
"id": "91865991",
"create_time": "2010-02-04T14:20:48Z",
"status": "active",
"related_sha256_hashes": [
"e0c60e7748eabefd99a26ef5ba52704e109514c63074489a57e8d88ff725d3c6"
],
"release": {
"antivirus": {
"first_release_version": "125",
"first_release_time": "2010-02-06T15:03:06Z",
"last_release_version": "809",
"last_release_time": "2012-08-07T17:02:26Z"
}
}
},
{
"name": "Trojan/Win32.trojan-pws.axp",
"severity": "medium",
"type": "0",
"subtype": "virus",
"description": "This signature detected Trojan/Win32.trojan-pws.axp",
"action": "",
"id": "92515295",
"create_time": "2010-05-05T13:43:16Z",
"status": "active",
"related_sha256_hashes": [
"daec920b17fdb797c1303e17e07f39453f2122a844df03c734ecf41e6896ac01"
],
"release": {
"antivirus": {
"first_release_version": "206",
"first_release_time": "2010-05-06T17:02:43Z",
"last_release_version": "206",
"last_release_time": "2010-05-06T17:02:43Z"
}
}
},
{
"name": "trojan/Win32 DLL.razy.slo",
"severity": "medium",
"type": "0",
"subtype": "virus",
"description": "This signature detected trojan/Win32 DLL.razy.slo",
"action": "",
"id": "280392504",
"create_time": "2019-06-19T17:06:12Z",
"status": "active",
"related_sha256_hashes": [
"0b66779d8910e365c8de5ea030f9827ee32b418bc303c26e3252a4843b86118d",
"3b3d767226aa796013b075fd7d6baa432e3f2bf380c55655dedaa8ead038829e",
"b8cbc5c1b01ae17dec42eca0f4b448407a2d5b9f85580e0e122c1854f4f80e37",
"47e3da7e179b755a1ccc8fe8fc506a2fb15baff2c124b15cf2f5e29038f3d1ac",
"5cd3e058f6049a31a42c292ebb091a1b5ea4bd9c7bc6fed5ac8a33c5fc89924a",
"4a2b514a753611b464e7583ba512310cd58c8066f19b631134012ebe05cd0e5f",
"616c1d49dace7e984dcf02f94d81273db7f1eb06961cb60d5200ca89dbe640ac",
"b6976b2aca5d70d7f011ef72a8649a370f449811d11a488a46dc8b82ba0f2f2a",
"00710c2c75549989c1bc8374e9f04c3d9b529e2ec6e2ad3945ce89cf27e25bd4",
"3e7fcd52c9f88fef74427aa78240125417326297c07577eb98fa98f4e793ca0e"
],
"release": {
"antivirus": {
"first_release_version": "3017",
"first_release_time": "2019-06-21T13:37:09Z",
"last_release_version": "4179",
"last_release_time": "2022-08-18T11:01:05Z"
},
"wildfire": {
"first_release_version": "359199",
"first_release_time": "2019-06-19T17:06:35Z",
"last_release_version": "691144",
"last_release_time": "2022-08-19T02:02:15Z"
}
}
}
]
},
"message": "Successful"
}
Example 2: Request information about file samples in batch mode
curl -X POST -d '{"sha256": ["eb70fce0ec5835305695ed0e0b79978dcd4e63253ff69749fd250825fabe50df",
"b303ad3456df4d9ad3597654c847214f00759e07305e1b82a16ae6dc41b013cd",
"7be32e7c1eeebe01519e3ae704d0fac0c7682b6e5e945734f5aceab1f7fb73aa"]}' \
-H 'X-API-KEY: API_KEY' \
-H 'Content-Type: application/json' \
'https://api.threatvault.paloaltonetworks.com/service/v1/threats'
A successful API call returns, within the contents section, status="success"
along with the threat signature metadata details for each referenced SHA256 entry, of which there are three.
{
"success": true,
"link": {
"next": null,
"previous": null
},
"count": 3,
"data": {
"fileinfo": [
{
"filetype": "PE32",
"sha256": "b303ad3456df4d9ad3597654c847214f00759e07305e1b82a16ae6dc41b013cd",
"sha1": "f8e96347a8bcb116760d86a1673d84ee43de3ccd",
"md5": "7144806d2254cb9345d85c359769877a",
"size": 0,
"type": "Virus",
"family": "WGeneric",
"platform": "Win32",
"wildfire_verdict": "malicious",
"create_time": "2021-05-17T04:48:31Z",
"signatures": {
"antivirus": [
{
"name": "Trojan/Win32.trojan-gen.dln",
"severity": "medium",
"type": "0",
"subtype": "virus",
"description": "This signature detected Trojan/Win32.trojan-gen.dln",
"action": "",
"id": "93069498",
"create_time": "2010-08-10T09:23:50Z",
"status": "active",
"related_sha256_hashes": [
"b409345a23b6537a6bfeaafd06845df573122f48f8cc161437e756e97f73adee",
"0bfb2a3b6616dd3a0bfcdbfd649a86a5998a3a5db074cddf9ab41d3807eb3c98",
"b4519ab84e845422c496eaa8726ca56c2251c3e138bf9d19d3131de7e298192e",
"b303ad3456df4d9ad3597654c847214f00759e07305e1b82a16ae6dc41b013cd",
"616883cfe50b1f60fbbfb1c7aa2ea29318941a11ce2c9c134e6487725b8ca1a0",
"479ec60dd3f51233708bd6364d7730d42145ab36ba2c9775e7d4cdb7e3504451",
"8334163c91e1b0963286d62de21010976ac6b17c0e42153e44573813bab09c02"
],
"release": {
"antivirus": {
"first_release_version": "277",
"first_release_time": "2010-08-11T17:46:47Z",
"last_release_version": "4159",
"last_release_time": "2022-07-29T11:04:31Z"
},
"wildfire": {
"first_release_version": "559278",
"first_release_time": "2021-05-17T04:51:16Z",
"last_release_version": "691143",
"last_release_time": "2022-08-19T01:57:08Z"
}
}
}
]
}
},
{
"filetype": "PE32",
"sha256": "7be32e7c1eeebe01519e3ae704d0fac0c7682b6e5e945734f5aceab1f7fb73aa",
"sha1": "70607d8b2cbf3bf92fc5923c1d1a7068b5e848b6",
"md5": "0fb26f308567bd5c916cc5eea25abfd8",
"size": "163171",
"type": "Virus",
"family": "WGeneric",
"platform": "Win32",
"wildfire_verdict": "malicious",
"create_time": "2020-08-24T11:25:17Z",
"signatures": {
"antivirus": [
{
"name": "Trojan/Win32.Packed.ec",
"severity": "medium",
"type": "0",
"subtype": "virus",
"description": "This signature detected Trojan/Win32.Packed.ec",
"action": "",
"id": "89085094",
"create_time": "2009-10-01T00:00:00Z",
"status": "inactive",
"related_sha256_hashes": [
"112591b523f596f99a7453233b189989c6eb7207b1f9df577f2fc8223ec4eaa3",
"3980e07d5b8e6f5b0d6828f778480409f7952a988390870f86aea96e5a21ae2e",
"342284999339e7cfd6b2f331e1972978b6469dd60944d0e620c2a354e8ab0c81",
"7be32e7c1eeebe01519e3ae704d0fac0c7682b6e5e945734f5aceab1f7fb73aa",
"6468974543cb60e3fcbfbbb9ab92d6af45659760e89ac838c8abad6dce690a14",
"ceab53344864dac8e20a93583e71db40fb04d7c49ebecd95d11cc4633bd2f3a4",
"2e4a6939baeabd2e8c75a1f78ef778d02b4a338307d04490859e783cb4b11612",
"1b2364e31cb953aa87c1621cca16332d31153a4180f3ba67842352ad315d43d9",
"79dbc04e2345134e0733b29006a89f12e2a5cab27adcb0d65b90dfc31a5e5f3a",
"eadce83f41a01062007cd245b9a6360df575bb329aab950bf5fa434dc92ad1ab"
],
"release": {}
},
{
"name": "Trojan/Win32.trojan-pws.glk",
"severity": "medium",
"type": "0",
"subtype": "virus",
"description": "This signature detected Trojan/Win32.trojan-pws.glk",
"action": "",
"id": "118540810",
"create_time": "2016-02-15T21:50:23Z",
"status": "active",
"related_sha256_hashes": [
"3980e07d5b8e6f5b0d6828f778480409f7952a988390870f86aea96e5a21ae2e",
"342284999339e7cfd6b2f331e1972978b6469dd60944d0e620c2a354e8ab0c81",
"7be32e7c1eeebe01519e3ae704d0fac0c7682b6e5e945734f5aceab1f7fb73aa",
"1b2364e31cb953aa87c1621cca16332d31153a4180f3ba67842352ad315d43d9",
"194ad58bb2dbd9021624fb3920dc529ad2683d0ba659a07b293841ec023e3051"
],
"release": {
"antivirus": {
"first_release_version": "1787",
"first_release_time": "2016-02-17T17:15:56Z",
"last_release_version": "3514",
"last_release_time": "2020-10-26T13:35:17Z"
},
"wildfire": {
"first_release_version": "11232",
"first_release_time": "2016-02-15T21:52:31Z",
"last_release_version": "491391",
"last_release_time": "2020-09-21T20:36:31Z"
}
}
}
]
}
},
{
"filetype": "PE32",
"sha256": "eb70fce0ec5835305695ed0e0b79978dcd4e63253ff69749fd250825fabe50df",
"sha1": null,
"md5": "D766A30F269F40150BE9196E0A99CBA4",
"size": null,
"type": "Trojan",
"family": "startpage",
"platform": "Win32",
"wildfire_verdict": "malicious",
"create_time": "2011-07-18T10:28:12Z",
"signatures": {
"antivirus": [
{
"name": "Trojan/Win32.trojan-gen.cfl",
"severity": "medium",
"type": "0",
"subtype": "virus",
"description": "This signature detected Trojan/Win32.trojan-gen.cfl",
"action": "",
"id": "92510911",
"create_time": "2010-05-04T07:18:29Z",
"status": "active",
"related_sha256_hashes": [
"e6d7d20827d232ce35fc39bd66818ccc8c95c628f7ece63ad4fd89c3b1ccb3a0",
"2e03b4071945402f43e6623904a07bca197b7ee91c27b2ec0246cb09415f9d29",
"eb70fce0ec5835305695ed0e0b79978dcd4e63253ff69749fd250825fabe50df",
"d81bfecc3d8fa61bba3a15881ff160534ba4832fb134f9e2086c2b322cd27658",
"cf03bfb677aa00155efc3ef86692f5871d16d6d37f3f6e20a8505fe31a72130b",
"dab57e0eb1ab69fbc5c72612536b2c46561a343c43ecc27f39db6dda9cbd2331",
"8b577e978e5c01fa8aeb1aadae5230cce1626ce3a0a3a5e33a9bb1e60fa4d276",
"f523486a23bb05202fda343f31297b768da8b9f8c362557ec1f50b3b4dc311b5",
"67f84e89818d0b4ac335ee1076583112fa0fd62c902ff075090c11fccacf4949",
"155636928016464bb54eaae6737114ea9017618f2dc9ae5160cb66a1bc1d2c3d"
],
"release": {
"antivirus": {
"first_release_version": "205",
"first_release_time": "2010-05-05T17:02:41Z",
"last_release_version": "3493",
"last_release_time": "2020-10-05T13:34:42Z"
},
"wildfire": {
"first_release_version": "487280",
"first_release_time": "2020-09-07T14:01:21Z",
"last_release_version": "487280",
"last_release_time": "2020-09-07T14:01:21Z"
}
}
}
]
}
}
]
},
"message": "Successful"
}