WildFire by Palo Alto Networks

Details
Content
Dependencies
Version History

Perform malware dynamic analysis

Use the Palo Alto Networks Wildfire integration to automatically identify unknown threats and stop attackers in their tracks by performing malware dynamic analysis.

What does this pack do?

Send a File sample to WildFire.
Upload a file hosted on a website to WildFire.
Submit a webpage to WildFire.
Get a report regarding the sent samples using file hash.
Get sample file from WildFire.
Get verdict regarding multiple hashes (up to 500) using the wildfire-get-verdicts command.

The content pack contains 4 playbooks

WildFire - Detonate File / Detonate File From URL - WildFire - Detonate one or more files using the Wildfire integration. This playbook returns relevant reports to the War Room and file reputations to the context data.
Detonate URL - WildFire v2.1 / Detonate URL - WildFire-v2 - Detonate a webpage or remote file using the WildFire integration. This playbook returns relevant reports to the War Room and file reputations to the context data.

Create an integration instance

To create an instance of the integration, you need the WildFire API key
This API key is used in the API Key field in the integration configuration.

Navigate to and log into your WildFire Account.
Select the Account tab from the menu.
Copy the API key.

Note: If your API key comes from integrations such as Prisma Cloud or Prisma Access ensure that the API source is set in the instance config.

WildFire Server URLs

Use the appropriate server URL in the Server base URL parameter based on your region or cloud environment:

Server URL	Region
https://wildfire.paloaltonetworks.com	Global (default)
https://pubsec-cloud.wildfire.paloaltonetworks.com	US Gov Cloud / FedRAMP Moderate
https://gov-cloud.wildfire.paloaltonetworks.com	US Gov Cloud / FedRAMP High
https://eu.wildfire.paloaltonetworks.com	EU
https://jp.wildfire.paloaltonetworks.com	Japan

Pack Contributors:

Eric Partington

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Use the Palo Alto Networks Wildfire integration to automatically identify unknown threats and stop attackers in their tracks by performing malware dynamic analysis.

What does this pack do?

Send a File sample to WildFire.
Upload a file hosted on a website to WildFire.
Submit a webpage to WildFire.
Get a report regarding the sent samples using file hash.
Get sample file from WildFire.
Get verdict regarding multiple hashes (up to 500) using the wildfire-get-verdicts command.

The content pack contains 4 playbooks

WildFire - Detonate File / Detonate File From URL - WildFire - Detonate one or more files using the Wildfire integration. This playbook returns relevant reports to the War Room and file reputations to the context data.
Detonate URL - WildFire v2.1 / Detonate URL - WildFire-v2 - Detonate a webpage or remote file using the WildFire integration. This playbook returns relevant reports to the War Room and file reputations to the context data.

Create an integration instance

To create an instance of the integration, you need the WildFire API key
This API key is used in the API Key field in the integration configuration.

Navigate to and log into your WildFire Account.
Select the Account tab from the menu.
Copy the API key.

Note: If your API key comes from integrations such as Prisma Cloud or Prisma Access ensure that the API source is set in the instance config.

WildFire Server URLs

Use the appropriate server URL in the Server base URL parameter based on your region or cloud environment:

Server URL	Region
https://wildfire.paloaltonetworks.com	Global (default)
https://pubsec-cloud.wildfire.paloaltonetworks.com	US Gov Cloud / FedRAMP Moderate
https://gov-cloud.wildfire.paloaltonetworks.com	US Gov Cloud / FedRAMP High
https://eu.wildfire.paloaltonetworks.com	EU
https://jp.wildfire.paloaltonetworks.com	Japan

Pack Contributors:

Eric Partington

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Integrations

Name	Description
Palo Alto Networks WildFire Reports	Generates a Palo Alto Networks WildFire PDF report. For internal use with the TIM Sample Analysis feature.
Palo Alto Networks WildFire v2	Perform malware dynamic analysis.

Playbooks

Name	Description
Wildfire Detonate and Analyze File	This playbook uploads, detonates, and analyzes files for the Wildfire sandbox.
Detonate URL - WildFire v2.1	Deprecated. Use Detonate URL - WildFire v2.2 instead.
WildFire - Detonate file	Deprecated. Use WildFire - Detonate file v2 instead.
Detonate File From URL - WildFire v2	Detonate one or more files using the Wildfire v2 integration. This playbook returns relevant reports to the War Room and file reputations to the context data. The detonation supports the following file types - APK, JAR, DOC, DOCX, RTF, XLS, XLSX, PPT, PPTX, XML, PE32, PDF, DMG, PKG, RAR, 7Z.
WildFire - Detonate file v2	Detonate one or more files using the Wildfire v2 integration. This playbook returns relevant reports to the War Room and file reputations to the context data. The detonation supports the following file types - APK, JAR, DOC, DOCX, RTF, XLS, XLSX, PPT, PPTX, OOXML, PE32, PE, PDF, DMG, PKG, RAR, 7Z, JS, ELF, HTA, LNK, VBS, PS1, PERL, PYTHON, SHELL. Note: Base64 encoded files are currently not supported.
Detonate URL - WildFire-v2	Deprecated. Use Detonate URL - WildFire v2.2 instead.
Detonate File From URL - WildFire	Deprecated. Use Detonate File From URL - WildFire v2 instead.
Detonate URL - WildFire v2.2	Detonate a webpage or remote file using the WildFire v2 integration. This playbook returns relevant reports to the War Room and file reputations to the context data. The detonation supports the following file types: APK, JAR, DOC, DOCX, RTF, OOXLS, XLSX, PPT, PPTX, XML, PE32, PDF, DMG, PKG, RAR, 7Z, JS.

Integrations

Name	Description
Palo Alto Networks WildFire v2	Perform malware dynamic analysis.
Palo Alto Networks WildFire Reports	Generates a Palo Alto Networks WildFire PDF report. For internal use with the TIM Sample Analysis feature.

Playbooks

Name	Description
Detonate URL - WildFire v2.2	Detonate a webpage or remote file using the WildFire v2 integration. This playbook returns relevant reports to the War Room and file reputations to the context data. The detonation supports the following file types: APK, JAR, DOC, DOCX, RTF, OOXLS, XLSX, PPT, PPTX, XML, PE32, PDF, DMG, PKG, RAR, 7Z, JS.
Detonate File From URL - WildFire v2	Detonate one or more files using the Wildfire v2 integration. This playbook returns relevant reports to the War Room and file reputations to the context data. The detonation supports the following file types - APK, JAR, DOC, DOCX, RTF, XLS, XLSX, PPT, PPTX, XML, PE32, PDF, DMG, PKG, RAR, 7Z.
Wildfire Detonate and Analyze File	This playbook uploads, detonates, and analyzes files for the Wildfire sandbox.
WildFire - Detonate file	Deprecated. Use WildFire - Detonate file v2 instead.
Detonate URL - WildFire v2.1	Deprecated. Use Detonate URL - WildFire v2.2 instead.
WildFire - Detonate file v2	Detonate one or more files using the Wildfire v2 integration. This playbook returns relevant reports to the War Room and file reputations to the context data. The detonation supports the following file types - APK, JAR, DOC, DOCX, RTF, XLS, XLSX, PPT, PPTX, OOXML, PE32, PE, PDF, DMG, PKG, RAR, 7Z, JS, ELF, HTA, LNK, VBS, PS1, PERL, PYTHON, SHELL. Note: Base64 encoded files are currently not supported.
Detonate URL - WildFire-v2	Deprecated. Use Detonate URL - WildFire v2.2 instead.
Detonate File From URL - WildFire	Deprecated. Use Detonate File From URL - WildFire v2 instead.

Required Content Packs (4)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (7)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR

2.1.71 - 7576188 (March 11, 2026)

Integrations

Palo Alto Networks WildFire v2

Added a list of available WildFire server URLs by region to the documentation, including Global, US Gov Cloud (FedRAMP Moderate and High), EU, and Japan endpoints.
Updated the Docker image to: demisto/python3:3.12.13.7444307.

Related pull requests:
- 43422

Download

2.1.70 - 7188558 (February 17, 2026)

WildFire by Palo Alto Networks

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 43146

Download

2.1.69 - 6580350 (January 6, 2026)

WildFire by Palo Alto Networks

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 42564

Download

2.1.68 - 6025169 (November 26, 2025)

Integrations

Palo Alto Networks WildFire v2

Updated the integrationReliability parameter to optional instead of required.

Related pull requests:
- 42021

Download

2.1.67 - 5949376 (November 20, 2025)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue in the wildfire-get-sample command where benign samples were not handled correctly.
Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 41965

Download

2.1.66 - 5717993 (November 3, 2025)

Integrations

Palo Alto Networks WildFire Reports

Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 41760

Download

2.1.65 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

2.1.64 - 5538136 (October 23, 2025)

WildFire by Palo Alto Networks

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 41627

Download

2.1.63 - R5469292 (October 20, 2025)

WildFire by Palo Alto Networks

Documentation and Metadata improvements.

Related pull requests:
- 40577

Download

2.1.62 - 4121830 (July 10, 2025)

Playbooks

Wildfire Detonate and Analyze File

Documentation and metadata improvements.

WildFire - Detonate file v2

Documentation and metadata improvements.

Detonate File From URL - WildFire

Documentation and metadata improvements.

Detonate URL - WildFire v2.2

Documentation and metadata improvements.

WildFire - Detonate file

Documentation and metadata improvements.

Detonate URL - WildFire-v2

Documentation and metadata improvements.

Detonate URL - WildFire v2.1

Documentation and metadata improvements.

Detonate File From URL - WildFire v2

Documentation and metadata improvements.

Related pull requests:
- 40523

Download

2.1.61 - 4049458 (July 3, 2025)

WildFire by Palo Alto Networks

Documentation and metadata improvements.

Related pull requests:
- 40478

Download

2.1.60 - 3849419 (June 18, 2025)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40221

Download

2.1.59 - 3526238 (May 25, 2025)

Integrations

Palo Alto Networks WildFire Reports

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 39931

Download

2.1.58 - R3444919 (May 18, 2025)

Integrations

Palo Alto Networks WildFire v2

Metadata and documentation improvements.

Palo Alto Networks WildFire Reports

Metadata and documentation improvements.

Related pull requests:
- 39088

Download

2.1.57 - R2989425 (March 26, 2025)

WildFire by Palo Alto Networks

Documentation and metadata improvements.

Related pull requests:
- 38999

Download

2.1.56 - 2040490 (January 22, 2025)

WildFire by Palo Alto Networks

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 38251

Download

2.1.55 - 1867101 (December 24, 2024)

Playbooks

WildFire - Detonate file

Documentation and metadata improvements.

WildFire - Detonate file v2

Documentation and metadata improvements.

Related pull requests:
- 37687

Download

2.1.54 - 1859794 (December 23, 2024)

Integrations

Palo Alto Networks WildFire v2

Added support for general exception handling in the file command.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 37655

Download

2.1.53 - R1709192 (November 26, 2024)

Integrations

Palo Alto Networks WildFire Reports

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37147
- 37137
- 37136
- 37140
- 37138
- 37139

Download

2.1.52 - 1602991 (November 6, 2024)

Integrations

Palo Alto Networks WildFire Reports

Updated the Docker image to: demisto/python3:3.11.10.113941.

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.11.10.113941.

Related pull requests:
- 37006
- 36995
- 36994
- 36998
- 36993
- 36992
- 36997

Download

2.1.51 - 1533081 (October 21, 2024)

Playbooks

WildFire - Detonate file v2

Changed the default values of the playbook inputs Interval, Timeout from minutes to equivalent seconds.

Related pull requests:
- 36747

Download

2.1.50 - 1294770 (August 21, 2024)

Playbooks

Detonate File From URL - WildFire v2

Documentation and metadata improvements.

WildFire - Detonate file v2

Documentation and metadata improvements.

Related pull requests:
- 35956

Download

2.1.49 - R1230534 (July 31, 2024)

Playbooks

Detonate URL - WildFire v2.2

Added ReportFileType input to return a report task.
Added transformer to support encoded URLs.

Related pull requests:
- 35636

Download

2.1.48 - 1142826 (July 2, 2024)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.14.99865.

Related pull requests:
- 35045

Download

2.1.47 - 1082615 (June 10, 2024)

WildFire by Palo Alto Networks

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 34804

Download

2.1.46 - 998827 (May 6, 2024)

WildFire by Palo Alto Networks

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 34212

Download

2.1.45 - 995825 (May 5, 2024)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue in the file command where a wrong DbotScore was returned for files with a grayware verdict.
Updated the Docker image to: demisto/python3:3.10.14.92207.

Related pull requests:
- 34190

Download

2.1.44 - R991362 (May 3, 2024)

Integrations

Palo Alto Networks WildFire Reports

Improved integration description

Related pull requests:
- 33864

Download

2.1.43 - 927547 (April 1, 2024)

Integrations

Palo Alto Networks WildFire v2

Documentation and metadata improvements.

Related pull requests:
- 33695

Download

2.1.42 - R904622 (March 20, 2024)

Integrations

Palo Alto Networks WildFire v2

Added support for Tim License for xsoar 6.5.0 and above.
Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32710

Download

2.1.41 - 801540 (February 2, 2024)

Playbooks

Detonate URL - WildFire v2.2

Fixed an issue where playbook inputs Interval and Timeout should have been specified in seconds, rather then minutes.

Related pull requests:
- 32609

Download

2.1.40 - 778227 (January 22, 2024)

WildFire by Palo Alto Networks

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 32331

Download

2.1.39 - 7254058 (December 24, 2023)

Integrations

Palo Alto Networks WildFire v2

Deprecated the format argument for wildfire-upload-url and wildfire-upload-file-url commands.
Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31700

Download

2.1.38 - 6965450 (November 22, 2023)

Playbooks

Detonate File From URL - WildFire

Deprecated. Use Detonate File From URL - WildFire v2 instead.

New: Detonate File From URL - WildFire v2

New: Detonate one or more files using the Wildfire v2 integration. This playbook returns relevant reports to the War Room and file reputations to the context data.
The detonation supports the following file types -
APK, JAR, DOC, DOCX, RTF, XLS, XLSX, PPT, PPTX, XML, PE32, PDF, DMG, PKG, RAR, 7Z.
v2 playbook features polling at the integration level, instead of using the GenericPolling playbook.

Detonate URL - WildFire v2.1

Deprecated. Use Detonate URL - WildFire v2.2 instead.

New: Detonate URL - WildFire v2.2

New: Detonate a webpage or remote file using the WildFire v2 integration. This playbook returns relevant reports to the War Room and file reputations to the context data.
The detonation supports the following file types:
APK, JAR, DOC, DOCX, RTF, OOXLS, XLSX, PPT, PPTX, XML, PE32, PDF, DMG, PKG, RAR, 7Z, JS.
v2.2 playbook features polling at the integration level, instead of using the GenericPolling playbook.

Detonate URL - WildFire-v2

Deprecated. Use Detonate URL - WildFire v2.2 instead.

WildFire - Detonate file

Deprecated. Use WildFire - Detonate file v2 instead.

New: WildFire - Detonate file v2

New: Detonate one or more files using the Wildfire v2 integration. This playbook
returns relevant reports to the War Room and file reputations to the context data.
The detonation supports the following file types -
APK, JAR, DOC, DOCX, RTF, XLS, XLSX, PPT, PPTX, OOXML, PE32, PE, PDF, DMG, PKG, RAR, 7Z, JS, ELF, HTA, LNK, VBS, PS1, PERL, PYTHON, SHELL.
Note: Base64 encoded files are currently not supported.
v2 playbook features polling at the integration level, instead of using the GenericPolling playbook.

Related pull requests:
- 30929

Download

2.1.37 - 6960791 (November 22, 2023)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue with where token handling in XSIAM wasn't passing agent parameter to the integration.
Updated the Docker image to: demisto/python3:3.10.13.80593.

Related pull requests:
- 30855

Download

2.1.36 - 6499115 (October 3, 2023)

Integrations

Palo Alto Networks WildFire v2

Fixed a typo in the integration's configuration message.
Updated the Docker image to: demisto/python3:3.10.13.75921.

Related pull requests:
- 29975

Download

2.1.35 - R6449158 (September 28, 2023)

Integrations

Palo Alto Networks WildFire v2

Added the timeout_in_seconds argument in the wildfire-upload, wildfire-upload-url and wildfire-upload-file-url commands.
Updated the Docker image to: demisto/python3:3.10.13.74666.

Related pull requests:
- 29790

Download

2.1.34 - 6285754 (September 10, 2023)

Palo_Alto_Networks_WildFire

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 29466

Download

2.1.33 - 6143763 (August 24, 2023)

Integrations

Palo Alto Networks WildFire Reports

Updated the way we distinguish between running on XSOAR or XSIAM machines.
Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29155

Download

2.1.32 - 5976562 (August 7, 2023)

Integrations

Palo Alto Networks WildFire v2

Documentation and metadata improvements.

Related pull requests:
- 28700

Download

2.1.31 - 5969979 (August 6, 2023)

Palo_Alto_Networks_WildFire

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 28753

Download

2.1.30 - 5876761 (July 26, 2023)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.12.66339.

Related pull requests:
- 28510

Download

2.1.29 - R5866730 (July 25, 2023)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue that caused the file command to return data only for a single file.

Related pull requests:
- 28029

Download

2.1.28 - R5692327 (July 5, 2023)

Integrations

Palo Alto Networks WildFire Reports

Updated the Docker image to: demisto/python3:3.10.12.63474.

Palo Alto Networks WildFire v2

Updated the wildfire-get-report command to return a WildFire report in MAEC format as a valid JSON file.

Related pull requests:
- 27766
- 27455

Download

2.1.27 - 5567341 (June 19, 2023)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue where a default argument value was missing in some commands.

Related pull requests:
- 27443

Download

2.1.26 - 5564339 (June 19, 2023)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue in the wildfire-report command where in case there was no file report, the command would return unexpected results.
Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27547

Download

2.1.25 - 5485996 (June 9, 2023)

Playbooks

WildFire - Detonate file

Updated the playbook logic to exclude unsupported base64 encoded file types.

Related pull requests:
- 27105

Download

2.1.24 - R5450895 (June 5, 2023)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 27070

Download

2.1.23 - 5265019 (May 14, 2023)

Integrations

Palo Alto Networks WildFire v2

Clarified the description of the url argument for the wildfire-report command.
Updated the Docker image to: demisto/python3:3.10.11.58677.

Related pull requests:
- 26392

Download

2.1.22 - 5232355 (May 10, 2023)

Integrations

Palo Alto Networks WildFire v2

Improved the error message in the wildfire-report command.
Updated the Docker image to: demisto/python3:3.10.11.57293.

Related pull requests:
- 26366

Download

2.1.21 - R5170573 (May 2, 2023)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.11.55362.

Related pull requests:
- 26084

Download

2.1.20 - 5006477 (April 10, 2023)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.11.54132.
Improved the error message for wildfire-upload command when providing unsupported files.

Related pull requests:
- 25793

Download

2.1.19 - 4906551 (March 27, 2023)

Integrations

Palo Alto Networks WildFire v2

Integration will not be pre-configured in server startup.
Updated the Docker image to: demisto/python3:3.10.10.50695.

Related pull requests:
- 25512

Download

2.1.18 - 4872060 (March 22, 2023)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.10.49934.

Related pull requests:
- 25383

Download

2.1.17 - 4746941 (March 5, 2023)

Integrations

Palo Alto Networks WildFire Reports

Fixed an issue where the integration failed to send the right agent parameter when used by XSIAM users.
Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 25002

Download

2.1.16 - R4718798 (March 1, 2023)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24902

Download

2.1.15 - R4646022 (February 19, 2023)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue where the wildfire-get-verdict command has returned the integer 5 as a result of the c2 verdict.
Updated the Docker image to: demisto/python3:3.10.10.47713.

Related pull requests:
- 24525
- 24493

Download

2.1.14 - 4565113 (February 8, 2023)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.9.46807.

Related pull requests:
- 24461

Download

2.1.13 - 4462378 (January 24, 2023)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.9.45313.
Integration will be pre-configured in server startup.

Related pull requests:
- 23886
- 23888
- 23890
- 23580
- 23823
- 23805
- 23896
- 23894
- 23753
- 23857
- 23512
- 23897
- 23892
- 23915
- 23918
- 22992
- 23772
- 23903
- 23714
- 23305
- 23305
- 23714
- 23125
- 23913
- 23910
- 23900
- 23919
- 23914
- 23920
- 23931
- 23373
- 23932
- 23852
- 23745
- 23231
- 23938
- 23941
- 23895
- 23952
- 23946
- 23942
- 23771
- 23940
- 23775
- 23936
- 23933
- 23955
- 23937
- 23778
- 23958
- 23804
- 23961
- 23935
- 23867
- 23876
- 23885
- 23711
- 23813
- 23973
- 23943
- 23529
- 23978
- 23981
- 23922
- 23715
- 23934

Download

2.1.12 - 4401483 (January 15, 2023)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue where getting a pending file report resulted in an error.
Updated the Docker image to: demisto/python3:3.10.9.44472.

Related pull requests:
- 23262

Download

2.1.11 - 4380193 (January 12, 2023)

Integrations

Palo Alto Networks WildFire Reports

Fixed an issue where the integration failed to send the right agent parameter when used by XSIAM users.

Related pull requests:
- 23714

Download

2.1.10 - R4372591 (January 11, 2023)

Integrations

Palo Alto Networks WildFire Reports

Added support for sections infrastructure.

Palo Alto Networks WildFire v2

Added support for sections infrastructure.
Updated the Docker image to: demisto/python3:3.10.9.42476.

Related pull requests:
- 23680

Download

2.1.9 - R4361094 (January 9, 2023)

Integrations

Palo Alto Networks WildFire Reports

Added the API Key integration parameter to support credentials fetching object.
Updated the Docker image to: demisto/python3:3.10.9.42476.

Related pull requests:
- 23473

Download

2.1.8 - 4098099 (November 24, 2022)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.8.37753.

Related pull requests:
- 22457

Download

2.1.7 - 3901212 (October 23, 2022)

Integrations

Palo Alto Networks WildFire v2

Documentation and metadata improvements.
Updated wildfire-report to include the ability to pull down MAEC formatted reports
Updated integration to account for required agent parameter when working with API keys that are 64 characters long from XSOARTIM, Prisma Access and Prisma Cloud Compute WildFire
Updated wildfire-get-url-webartifacts to include screenshot_inline parameter to extract the screenshot image only inline to warroom

Related pull requests:
- 21788
- 21664

Download

2.1.6 - R3818129 (October 11, 2022)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.5.31928.

Related pull requests:
- 20088

Download

2.1.5 - 3158618 (June 26, 2022)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue where the integration tagged all file indicators with malware tag.
Updated the Docker image to: demisto/python3:3.10.4.30607.

Related pull requests:
- 19635

Download

2.1.4 - 3132323 (June 22, 2022)

Playbooks

Wildfire Detonate and Analyze File

Added PE64 and EXE as supported file type.

Related pull requests:
- 19624

Download

2.1.3 - 3002096 (May 29, 2022)

Playbooks

New: Wildfire Detonate and Analyze File

This playbook uploads, detonates, and analyzes files for the Wildfire sandbox (available from Cortex XSOAR 6.5.0).

Download

2.1.2 - 2912810 (May 12, 2022)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.4.29342.

Download

2.1.1 - 2823666 (April 26, 2022)

Integrations

Palo Alto Networks WildFire Reports

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.10.4.28442.

Download

2.1.0 - 2704575 (April 5, 2022)

Integrations

Palo Alto Networks WildFire v2

Fixed linter errors.

Download

2.0.10 - 2593688 (March 16, 2022)

Integrations

Palo Alto Networks WildFire Reports

Maintenance and stability enhancements.

Download

2.1.71 - 7576188 (March 11, 2026)

Integrations

Palo Alto Networks WildFire v2

Added a list of available WildFire server URLs by region to the documentation, including Global, US Gov Cloud (FedRAMP Moderate and High), EU, and Japan endpoints.
Updated the Docker image to: demisto/python3:3.12.13.7444307.

Related pull requests:
- 43422

Download

2.1.70 - 7188558 (February 17, 2026)

WildFire by Palo Alto Networks

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 43146

Download

2.1.69 - 6580350 (January 6, 2026)

WildFire by Palo Alto Networks

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 42564

Download

2.1.68 - 6025169 (November 26, 2025)

Integrations

Palo Alto Networks WildFire v2

Updated the integrationReliability parameter to optional instead of required.

Related pull requests:
- 42021

Download

2.1.67 - 5949376 (November 20, 2025)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue in the wildfire-get-sample command where benign samples were not handled correctly.
Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 41965

Download

2.1.66 - 5717993 (November 3, 2025)

Integrations

Palo Alto Networks WildFire Reports

Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 41760

Download

2.1.65 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

2.1.64 - 5538136 (October 23, 2025)

WildFire by Palo Alto Networks

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 41627

Download

2.1.63 - R5469292 (October 20, 2025)

WildFire by Palo Alto Networks

Documentation and Metadata improvements.

Related pull requests:
- 40577

Download

2.1.62 - 4118212 (July 9, 2025)

Playbooks

Wildfire Detonate and Analyze File

Documentation and metadata improvements.

WildFire - Detonate file v2

Documentation and metadata improvements.

Detonate File From URL - WildFire

Documentation and metadata improvements.

Detonate URL - WildFire v2.2

Documentation and metadata improvements.

WildFire - Detonate file

Documentation and metadata improvements.

Detonate URL - WildFire-v2

Documentation and metadata improvements.

Detonate URL - WildFire v2.1

Documentation and metadata improvements.

Detonate File From URL - WildFire v2

Documentation and metadata improvements.

Related pull requests:
- 40523

Download

2.1.61 - 4049458 (July 3, 2025)

WildFire by Palo Alto Networks

Documentation and metadata improvements.

Related pull requests:
- 40478

Download

2.1.60 - 3849419 (June 18, 2025)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40221

Download

2.1.59 - 3526238 (May 25, 2025)

Integrations

Palo Alto Networks WildFire Reports

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 39931

Download

2.1.58 - R3444919 (May 18, 2025)

Integrations

Palo Alto Networks WildFire v2

Metadata and documentation improvements.

Palo Alto Networks WildFire Reports

Metadata and documentation improvements.

Related pull requests:
- 39088

Download

2.1.57 - R2989425 (March 26, 2025)

WildFire by Palo Alto Networks

Documentation and metadata improvements.

Related pull requests:
- 38999

Download

2.1.56 - 2040490 (January 22, 2025)

WildFire by Palo Alto Networks

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 38251

Download

2.1.55 - 1867101 (December 24, 2024)

Playbooks

WildFire - Detonate file

Documentation and metadata improvements.

WildFire - Detonate file v2

Documentation and metadata improvements.

Related pull requests:
- 37687

Download

2.1.54 - 1859794 (December 23, 2024)

Integrations

Palo Alto Networks WildFire v2

Added support for general exception handling in the file command.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 37655

Download

2.1.53 - R1709192 (November 26, 2024)

Integrations

Palo Alto Networks WildFire Reports

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37147
- 37137
- 37136
- 37140
- 37138
- 37139

Download

2.1.52 - 1602991 (November 6, 2024)

Integrations

Palo Alto Networks WildFire Reports

Updated the Docker image to: demisto/python3:3.11.10.113941.

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.11.10.113941.

Related pull requests:
- 37006
- 36995
- 36994
- 36998
- 36993
- 36992
- 36997

Download

2.1.51 - 1533081 (October 21, 2024)

Playbooks

WildFire - Detonate file v2

Changed the default values of the playbook inputs Interval, Timeout from minutes to equivalent seconds.

Related pull requests:
- 36747

Download

2.1.50 - 1294770 (August 21, 2024)

Playbooks

Detonate File From URL - WildFire v2

Documentation and metadata improvements.

WildFire - Detonate file v2

Documentation and metadata improvements.

Related pull requests:
- 35956

Download

2.1.49 - R1230534 (July 31, 2024)

Playbooks

Detonate URL - WildFire v2.2

Added ReportFileType input to return a report task.
Added transformer to support encoded URLs.

Related pull requests:
- 35636

Download

2.1.48 - 1142826 (July 2, 2024)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.14.99865.

Related pull requests:
- 35045

Download

2.1.47 - 1082615 (June 10, 2024)

WildFire by Palo Alto Networks

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 34804

Download

2.1.46 - 998827 (May 6, 2024)

WildFire by Palo Alto Networks

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 34212

Download

2.1.45 - 995825 (May 5, 2024)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue in the file command where a wrong DbotScore was returned for files with a grayware verdict.
Updated the Docker image to: demisto/python3:3.10.14.92207.

Related pull requests:
- 34190

Download

2.1.44 - R991362 (May 3, 2024)

Integrations

Palo Alto Networks WildFire Reports

Improved integration description

Related pull requests:
- 33864

Download

2.1.43 - 927547 (April 1, 2024)

Integrations

Palo Alto Networks WildFire v2

Documentation and metadata improvements.

Related pull requests:
- 33695

Download

2.1.42 - R904622 (March 20, 2024)

Integrations

Palo Alto Networks WildFire v2

Added support for Tim License for xsoar 6.5.0 and above.
Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32710

Download

2.1.41 - 801540 (February 2, 2024)

Playbooks

Detonate URL - WildFire v2.2

Fixed an issue where playbook inputs Interval and Timeout should have been specified in seconds, rather then minutes.

Related pull requests:
- 32609

Download

2.1.40 - 778227 (January 22, 2024)

WildFire by Palo Alto Networks

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 32331

Download

2.1.39 - 7254058 (December 24, 2023)

Integrations

Palo Alto Networks WildFire v2

Deprecated the format argument for wildfire-upload-url and wildfire-upload-file-url commands.
Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31700

Download

2.1.38 - 6965450 (November 22, 2023)

Playbooks

Detonate File From URL - WildFire

Deprecated. Use Detonate File From URL - WildFire v2 instead.

New: Detonate File From URL - WildFire v2

New: Detonate one or more files using the Wildfire v2 integration. This playbook returns relevant reports to the War Room and file reputations to the context data.
The detonation supports the following file types -
APK, JAR, DOC, DOCX, RTF, XLS, XLSX, PPT, PPTX, XML, PE32, PDF, DMG, PKG, RAR, 7Z.
v2 playbook features polling at the integration level, instead of using the GenericPolling playbook.

Detonate URL - WildFire v2.1

Deprecated. Use Detonate URL - WildFire v2.2 instead.

New: Detonate URL - WildFire v2.2

New: Detonate a webpage or remote file using the WildFire v2 integration. This playbook returns relevant reports to the War Room and file reputations to the context data.
The detonation supports the following file types:
APK, JAR, DOC, DOCX, RTF, OOXLS, XLSX, PPT, PPTX, XML, PE32, PDF, DMG, PKG, RAR, 7Z, JS.
v2.2 playbook features polling at the integration level, instead of using the GenericPolling playbook.

Detonate URL - WildFire-v2

Deprecated. Use Detonate URL - WildFire v2.2 instead.

WildFire - Detonate file

Deprecated. Use WildFire - Detonate file v2 instead.

New: WildFire - Detonate file v2

New: Detonate one or more files using the Wildfire v2 integration. This playbook
returns relevant reports to the War Room and file reputations to the context data.
The detonation supports the following file types -
APK, JAR, DOC, DOCX, RTF, XLS, XLSX, PPT, PPTX, OOXML, PE32, PE, PDF, DMG, PKG, RAR, 7Z, JS, ELF, HTA, LNK, VBS, PS1, PERL, PYTHON, SHELL.
Note: Base64 encoded files are currently not supported.
v2 playbook features polling at the integration level, instead of using the GenericPolling playbook.

Related pull requests:
- 30929

Download

2.1.37 - 6960791 (November 22, 2023)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue with where token handling in XSIAM wasn't passing agent parameter to the integration.
Updated the Docker image to: demisto/python3:3.10.13.80593.

Related pull requests:
- 30855

Download

2.1.36 - 6499115 (October 3, 2023)

Integrations

Palo Alto Networks WildFire v2

Fixed a typo in the integration's configuration message.
Updated the Docker image to: demisto/python3:3.10.13.75921.

Related pull requests:
- 29975

Download

2.1.35 - R6449158 (September 28, 2023)

Integrations

Palo Alto Networks WildFire v2

Added the timeout_in_seconds argument in the wildfire-upload, wildfire-upload-url and wildfire-upload-file-url commands.
Updated the Docker image to: demisto/python3:3.10.13.74666.

Related pull requests:
- 29790

Download

2.1.34 - 6285754 (September 10, 2023)

Palo_Alto_Networks_WildFire

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 29466

Download

2.1.33 - 6143763 (August 24, 2023)

Integrations

Palo Alto Networks WildFire Reports

Updated the way we distinguish between running on XSOAR or XSIAM machines.
Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29155

Download

2.1.32 - 5976562 (August 7, 2023)

Integrations

Palo Alto Networks WildFire v2

Documentation and metadata improvements.

Related pull requests:
- 28700

Download

2.1.31 - 5969979 (August 6, 2023)

Palo_Alto_Networks_WildFire

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 28753

Download

2.1.30 - 5876761 (July 26, 2023)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.12.66339.

Related pull requests:
- 28510

Download

2.1.29 - R5866730 (July 25, 2023)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue that caused the file command to return data only for a single file.

Related pull requests:
- 28029

Download

2.1.28 - 5636258 (June 28, 2023)

Integrations

Palo Alto Networks WildFire Reports

Updated the Docker image to: demisto/python3:3.10.12.63474.

Palo Alto Networks WildFire v2

Updated the wildfire-get-report command to return a WildFire report in MAEC format as a valid JSON file.

Related pull requests:
- 27766
- 27455

Download

2.1.27 - 5570976 (June 20, 2023)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue where a default argument value was missing in some commands.

Related pull requests:
- 27443

Download

2.1.26 - 5564339 (June 19, 2023)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue in the wildfire-report command where in case there was no file report, the command would return unexpected results.
Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27547

Download

2.1.25 - 5485996 (June 9, 2023)

Playbooks

WildFire - Detonate file

Updated the playbook logic to exclude unsupported base64 encoded file types.

Related pull requests:
- 27105

Download

2.1.24 - 5410099 (May 31, 2023)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 27070

Download

2.1.23 - 5265019 (May 14, 2023)

Integrations

Palo Alto Networks WildFire v2

Clarified the description of the url argument for the wildfire-report command.
Updated the Docker image to: demisto/python3:3.10.11.58677.

Related pull requests:
- 26392

Download

2.1.22 - 5232355 (May 10, 2023)

Integrations

Palo Alto Networks WildFire v2

Improved the error message in the wildfire-report command.
Updated the Docker image to: demisto/python3:3.10.11.57293.

Related pull requests:
- 26366

Download

2.1.21 - R5170573 (May 2, 2023)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.11.55362.

Related pull requests:
- 26084

Download

2.1.20 - 5006477 (April 10, 2023)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.11.54132.
Improved the error message for wildfire-upload command when providing unsupported files.

Related pull requests:
- 25793

Download

2.1.19 - 4906551 (March 27, 2023)

Integrations

Palo Alto Networks WildFire v2

Integration will not be pre-configured in server startup.
Updated the Docker image to: demisto/python3:3.10.10.50695.

Related pull requests:
- 25512

Download

2.1.18 - 4872060 (March 22, 2023)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.10.49934.

Related pull requests:
- 25383

Download

2.1.17 - 4746941 (March 5, 2023)

Integrations

Palo Alto Networks WildFire Reports

Fixed an issue where the integration failed to send the right agent parameter when used by XSIAM users.
Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 25002

Download

2.1.16 - R4718798 (March 1, 2023)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24902

Download

2.1.15 - R4646022 (February 19, 2023)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue where the wildfire-get-verdict command has returned the integer 5 as a result of the c2 verdict.
Updated the Docker image to: demisto/python3:3.10.10.47713.

Related pull requests:
- 24525
- 24493

Download

2.1.14 - 4565113 (February 8, 2023)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.9.46807.

Related pull requests:
- 24461

Download

2.1.13 - 4462378 (January 24, 2023)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.9.45313.
Integration will be pre-configured in server startup.

2.1.12 - 4401483 (January 15, 2023)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue where getting a pending file report resulted in an error.
Updated the Docker image to: demisto/python3:3.10.9.44472.

Related pull requests:
- 23262

Download

2.1.11 - 4380193 (January 12, 2023)

Integrations

Palo Alto Networks WildFire Reports

Fixed an issue where the integration failed to send the right agent parameter when used by XSIAM users.

Related pull requests:
- 23714

Download

2.1.10 - 4376356 (January 11, 2023)

Integrations

Palo Alto Networks WildFire Reports

Added support for sections infrastructure.

Palo Alto Networks WildFire v2

Added support for sections infrastructure.
Updated the Docker image to: demisto/python3:3.10.9.42476.

Related pull requests:
- 23680

Download

2.1.9 - R4361094 (January 9, 2023)

Integrations

Palo Alto Networks WildFire Reports

Added the API Key integration parameter to support credentials fetching object.
Updated the Docker image to: demisto/python3:3.10.9.42476.

Related pull requests:
- 23473

Download

2.1.8 - 4098099 (November 24, 2022)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.8.37753.

Related pull requests:
- 22457

Download

2.1.7 - 3901212 (October 23, 2022)

Integrations

Palo Alto Networks WildFire v2

Documentation and metadata improvements.
Updated wildfire-report to include the ability to pull down MAEC formatted reports
Updated integration to account for required agent parameter when working with API keys that are 64 characters long from XSOARTIM, Prisma Access and Prisma Cloud Compute WildFire
Updated wildfire-get-url-webartifacts to include screenshot_inline parameter to extract the screenshot image only inline to warroom

Related pull requests:
- 21788
- 21664

Download

2.1.6 - R3818865 (October 11, 2022)

Integrations

Palo Alto Networks WildFire v2

Updated the Docker image to: demisto/python3:3.10.5.31928.

Related pull requests:
- 20088

Download

2.1.5 - 3158618 (June 26, 2022)

Integrations

Palo Alto Networks WildFire v2

Fixed an issue where the integration tagged all file indicators with malware tag.
Updated the Docker image to: demisto/python3:3.10.4.30607.

Related pull requests:
- 19635

Download

2.1.4 - 3132323 (June 22, 2022)

Playbooks

Wildfire Detonate and Analyze File

Added PE64 and EXE as supported file type.

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	June 30, 2020
Last Release	March 11, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.