If the file is detected as malicious by by Palo Alto an incident will be created in ThreatConnect and any relevant indicators will be saved and associated to the Incident. Additionally, the Playbook will download and associate the PDF version of the report as a Document.
- Active Palo Alto Wildfire API Subscription
- Manually submit a binary file stored in the ThreatConnect malware vault for analysis with Palo Alto Wildfire with a User Action trigger.
- Swap the User Action trigger with others to create an automated analysis workflow.
This playbook expects the following organization variables:
Wildfire API Key
Variables Declared in the Playbook
The following variables are declared in this playbook:
Wildfire Verdict = Malicious
Wildfire Verdict = Benign