Subscription Options

• WildFire—The WildFire subscription provides protection from malware by forwarding samples to the Advanced WildFire cloud, where a series of analysis environments are used to detect and prevent unknown malware threats by generating protections that to block further instances of the threat. As part of your subscription, you get access to regular Advanced WildFire signature updates, advanced file type forwarding, as well as the ability to upload files using the WildFire API. If you are operating an environment that requires an on-prem solution, the WildFire subscription can be used to forward files to a local WildFire appliance.
• Advanced WildFire—(PAN-OS 10.0 and later) The Advanced WildFire subscription includes all of the features found in the standard WildFire subscription, and improves upon it by providing sample analysis through an advanced cloud-based detector. The advanced detection system analyzes samples using intelligent real-time runtime memory analysis, runtime DLL emulation, automated unpacking, family classification, stealth observation, and other techniques to target highly-evasive malware.
• Standalone WildFire API—Palo Alto Networks customers operating SOAR tools, custom security applications, and other threat assessment software can access the advanced file analysis capabilities of the WildFire cloud with a standalone subscription that provides API-only access. This allows you to leverage WildFire-based analytics without relying on the Palo Alto Networks firewall as a forwarding mechanism. The WildFire Standalone API subscription allows you to make direct queries to the WildFire cloud threat database for information about potentially malicious content, and submit files for analysis using the advanced threat analysis capabilities of WildFire, based on your organization’s specific requirements. The enhanced access limits of the subscription allow organizations of various sizes to customize their access limits according to their usage - this includes scalable licenses that allow a specific number of file/report queries, sample submissions (for Advanced WildFire analysis), or a combination of the two. For more information, refer to the WildFire API Reference.

• Real-Time Updates—(PAN-OS 10.0 and later) The firewall can retrieve Advanced WildFire signatures for newly-discovered malware as soon as the Advanced WildFire public cloud can generate them. Signatures that are downloaded during a sample check are saved in the firewall cache, and are available for fast (local) look-ups. In addition, to maximize coverage, the firewall also automatically downloads a signature package on a regular basis when real-time signatures is enabled. These supplemental signatures are added to the firewall cache and remain available until they become stale and are refreshed or are overwritten by new signatures. Using real-time Advanced WildFire updates is a recommended best practice setting.
  Select DeviceDynamic Updates and enable the firewall to get the latest Advanced WildFire signaturesin real-time.
• Five-Minute Updates—(All PAN-OS versions) The Advanced WildFire public cloud can generate and distribute Advanced WildFire signatures for newly-discovered malware every five minutes, and you can set the firewall to retrieve and install these signatures every minute (this allows the firewall to get the latest signatures within a minute of availability).
  If you are running PAN-OS 10.0 or later, it is a best practice to use real-time Advanced WildFire updates instead of scheduling recurring updates.
  Select DeviceDynamic Updates to enable the firewall to get the latest Advanced WildFire signatures. Depending on your Advanced WildFire deployment, you can set up one or both of the following signature package updates:
  • WildFire—Get the latest signatures from the WildFire public cloud.
  • WF-Private—Get the latest signatures from a WildFire appliance that is configured to locally generate signatures and URL categories.
• Advanced WildFire Inline ML—(PAN-OS 10.0 and later) Prevent malicious variants of portable executables, executable and linked format (ELF) files, and PowerShell scripts from entering your network in real-time using machine learning (ML) on the firewall dataplane. By utilizing Advanced WildFire Cloud analysis technology on the firewall, Advanced WildFire Inline ML dynamically detects malicious files of a specific type by evaluating various file details, including decoder fields and patterns, to formulate a high probability classification of a file. This protection extends to currently unknown as well as future variants of threats that match characteristics that Palo Alto Networks identified as malicious. Advanced WildFire inline ML complements your existing Antivirus profile protection configuration. Additionally, you can specify file hash exceptions to exclude any false-positives that you encounter, which enables you to create more granular rules in your profiles to support your specific security needs.
• File Type Support—In addition to PEs, forward advanced file types for Advanced WildFire analysis, including APKs, Flash files, PDFs, Microsoft Office files, Java Applets, Java files (.jar and .class), and HTTP/HTTPS email links contained in SMTP and POP3 email messages. (WildFire private cloud analysis does not support APK, Mac OS X, Linux (ELF), archive (RAR/7-Zip), and script (JS, BAT, VBS, Shell Script, PS1, and HTA) files).
• Advanced WildFire API—Access to the WildFire API, which enables direct programmatic access to the Advanced WildFire public cloud or a WildFire private cloud. Use the API to submit files for analysis and to retrieve the subsequent Advanced WildFire analysis reports. As part of the Advanced WildFire or WildFire subscription, you can submit up to 150 sample submissions and up to 1,050 sample queries a day. These daily sample submission limits can be extended, based on your organization’s specific needs. Please contact your Palo Alto Networks sales representative for more information.
• WildFire Private and Hybrid Cloud Support—Forward Files for Advanced WildFire Analysis. WildFire private cloud and WildFire hybrid cloud deployments both require the firewall to be able to submit samples to a WildFire appliance. Enabling a WildFire appliance requires only a support license.

• Intelligent Run-time Memory Analysis—Intelligent Run-time Memory Analysis is a cloud-based, advanced analysis engine that complements the static and dynamic analysis engines, to detect and prevent evasive malware threats. These evasive techniques used by advanced threats include, but are not limited to, malware using cloaking strategies, displaying signs of bespoke design / ephemeral behaviors, created using sophisticated tools, and exhibit fast-spreading qualities. By leveraging a cloud-based detection infrastructure, introspective analysis detectors operate a wide array of detection mechanisms that are updated and deployed automatically without requiring the user to download content update packages or run resource intensive, appliance-based analyzers. The cloud-based detection engines are continuously monitored and updated using based on ML-based datasets used to analyze Advanced WildFire samples, with additional support from Palo Alto Networks threat researchers, who provide human intervention for highly accurized detection enhancements.
  Intelligent Run-time Memory Analysis relies on the existing WildFire analysis profile settings and does not require any additional configuration; however, you must have an active Advanced WildFire license. Samples that display or otherwise indicate evasive and/or advanced malware qualities are automatically forwarded to the appropriate analysis environments.