I will add the splunk remote export and then combine them if there is interest (think i might be the only security guy here).
this will return the XML reports from paloalto for the hashes in the list. hashlist should be relative to the script, as well the reports will be written to the scriptd...