Interpreting verdict request response codes from PAN Wildfire Appliance, WF-500

Interpreting verdict request response codes from PAN Wildfire Appliance, WF-500

3985
Created On 04/30/20 04:51 AM - Last Modified 02/05/25 21:14 PM


Symptom


The WF-500 provides a numerical response when sending a verdict request to a WF-500.  Interpreting the WF-500 response codes to verdict requests.

Environment


WF-500 
API requests
PAN-OS

Cause


The resulting response code from the WF-500 does not clearly state if the verdict is Malware, Benign, Grayware or Phishing but instead gives a numerical value.

Resolution


The numerical responses below mean the following:  

   
  •     0: Benign
  •     1: Malware
  •     2: Grayware
  •     4: Phishing

Error Codes:

  •     -100: pending, the sample exists, but there is currently no verdict
  •     -101: error
  •     -102: unknown, cannot find sample record in the database
  •     -103: invalid hash value

Additional Information


WF-500 appliance verdict change request

  • Get Verdict

$ curl -F 'apikey=<api_key>' -F hash=<sha256> -k https://<wf_500>/publicapi/get/verdict
 

  • Get verdict for list of hashes

$ curl -F 'apikey=<api_key>' -F 'file=@c:\hashlist.txt' –k https://<wf_500>/publicapi/get/verdicts

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPrwCAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail