{ "$schema": "https://json-structure.org/meta/core/v0/#", "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/wildfire-api-analysis-report-structure.json", "name": "AnalysisReport", "description": "Detailed WildFire analysis report including behavioral analysis, network activity, and system changes observed during sandbox execution.", "type": "object", "properties": { "wildfire": { "type": "object", "properties": { "version": { "type": "string" }, "file_info": { "type": "object", "properties": { "file_stype": { "type": "string" }, "size": { "type": "int32" }, "md5": { "type": "string" }, "sha256": { "type": "string" }, "create_time": { "type": "datetime" } } }, "task_info": { "type": "object", "properties": { "report": { "oneOf": [ { "type": "object", "description": "Analysis results from a single sandbox execution environment.", "properties": { "platform": { "type": "string", "description": "Platform identifier (e.g., 100 for Windows XP SP3)." }, "software": { "type": "string", "description": "Sandbox software environment." }, "version": { "type": "string" }, "summary": { "type": "object", "properties": { "@verdict": { "type": "string", "enum": [ "benign", "malware", "grayware", "phishing" ] } } }, "network": { "type": "object", "properties": { "dns": { "type": "array", "items": { "type": "object", "properties": { "@query": { "type": "string" }, "@response": { "type": "string" } } } }, "tcp": { "type": "array", "items": { "type": "object", "properties": { "@ip": { "type": "string" }, "@port": { "type": "int32" }, "@country": { "type": "string" } } } }, "http": { "type": "array", "items": { "type": "object", "properties": { "@request": { "type": "string" }, "@response": { "type": "string" } } } } } }, "process_list": { "type": "object", "properties": { "process": { "type": "array", "items": { "type": "object", "properties": { "@name": { "type": "string" }, "@pid": { "type": "string" }, "@text": { "type": "string" } } } } } } } }, { "type": "array", "items": { "type": "object", "description": "Analysis results from a single sandbox execution environment.", "properties": { "platform": { "type": "string", "description": "Platform identifier (e.g., 100 for Windows XP SP3)." }, "software": { "type": "string", "description": "Sandbox software environment." }, "version": { "type": "string" }, "summary": { "type": "object", "properties": { "@verdict": { "type": "string", "enum": [ "benign", "malware", "grayware", "phishing" ] } } }, "network": { "type": "object", "properties": { "dns": { "type": "array", "items": { "type": "object", "properties": { "@query": { "type": "string" }, "@response": { "type": "string" } } } }, "tcp": { "type": "array", "items": { "type": "object", "properties": { "@ip": { "type": "string" }, "@port": { "type": "int32" }, "@country": { "type": "string" } } } }, "http": { "type": "array", "items": { "type": "object", "properties": { "@request": { "type": "string" }, "@response": { "type": "string" } } } } } }, "process_list": { "type": "object", "properties": { "process": { "type": "array", "items": { "type": "object", "properties": { "@name": { "type": "string" }, "@pid": { "type": "string" }, "@text": { "type": "string" } } } } } } } } } ] } } } } } } }