Search the Community

I will add the splunk remote export and then combine them if there is interest (think i might be the only security guy here). this will return the XML reports from paloalto for the hashes in the list. hashlist should be relative to the script, as well the reports will be written to the scriptdir. ;curl test #include<file.au3> local $aHashes $curldir = "C:\Users\curluser\Desktop\CURL\" ; with trailing backslash $sApiKey = "This is where the API Key Goes" _FileReadToArray("hashlist.csv" , $aHashes , 0) ; This is a list of SHA-256, one per line. As mine was exported from Splunk the first row is the table name.... For $i = 1 to ubound($aHashes) - 1 ; ...so its skipped here by starting on 1 instead of 0 $iPid = run($curldir & "curl -k -F hash=" & $aHashes[$i] & " -F format=xml -F apikey=" & $sApiKey & " https://wildfire.paloaltonetworks.com/publicapi/get/report", "", @SW_HIDE , $stdout_child) $sOutput = "" While 1 $sOutput &= StdoutRead($iPID) If @error Then ExitLoop EndIf WEnd filewrite($aHashes[$i] & ".xml" , $sOutput) next