View WildFire Analysis Environment Utilization

Where Can I Use This?
What Do I Need?
  • WildFire Appliance
  • WildFire License
The WildFire appliance uses various analysis environments to detect malicious behavior within samples. You can view which analysis environments are being utilized, how many are available, as well as how many files are queued for analysis. If the utilization for a particular analysis environment is always at (or near) maximum workload capacity, consider offloading analysis of less sensitive files to a Palo Alto Networks hosted WildFire public cloud, updating file forwarding policy, or redefining file forwarding limits (Palo Alto Networks recommends using the default file forwarding values for all file types).
  1. Access the CLI and one of the following commands based on the analysis environment for which you want to see utilization statistics for.
    • Portable Executable Analysis Environment Utilization—
      show wildfire wf-vm-pe-utilization
    • Document Analysis Environment Utilization—
      show wildfire wf-vm-doc-utilization
    • Email Link Analysis Environment Utilization—
      show wildfire wf-vm-elinkda-utilization
    • Archive Analysis Environment Utilization—
      show wildfire wf-vm-archive-utilization
    For a given analysis environment, the appliance indicates how many are in use and how many are available:
    { available: 2, in_use: 1, }
  2. View the number and breakdown of WildFire appliance samples that are waiting to be analyzed. Samples are processed as analysis environments become available.
    show wildfire wf-sample-queue-status
    { DW-ARCHIVE: 4, DW-DOC: 2, DW-ELINK: 0, DW-PE: 21, DW-URL_UPLOAD_FILE: 2, }

Recommended For You