WildFire API Best Practices
Expand all | Collapse all
WildFire API Best Practices
Palo Alto Networks recommends adhering
to the following best practices when using the WildFire API:
Do not distribute or share the API key to users that
do not require access to WildFire API functions.
Do not embed API keys in code or application source tree
files. This can inadvertently expose the API key. Instead, consider
storing the API key in environmental variables or files that are
excluded from your application source tree files.
WildFire API sample submissions are processed using the following
interaction flow:
The API response
resolution time varies based on several factors; consider the following:
After submitting a sample for analysis, wait at least 5 minutes before querying for
response(s).
Samples that undergo full dynamic analysis can take up to 15 minutes.
Perform hash lookups before submitting files—Client applications should calculate the
sample hash locally and use the GetVerdict API to first check whether a WildFire
result is known for a given sample or not. If the
verdict response from WildFire indicates an
unknown verdict (-102), then the client application should submit the
unknown sample for analysis.
Return WildFire response codes in logs to improve troubleshooting—Custom
error codes can cause confusion if assistance is needed while troubleshooting.
For information about the response codes, refer to
WildFire API Error Codes.
WildFire API cloud configuration
Palo Alto Networks maintains a high level of WildFire availability but it does have scheduled
downtimes for upgrades and maintenance. Auto switch to a secondary
WildFire API cloud
if the primary does not respond after 15 minutes to avoid service
disruption. Downtimes are published on the
Palo Alto Networks Status Page.
When configuring your primary and secondary WildFire API
cloud selections, be sure to select an instance that meets your
data residency requirements.
Do not enable in-line synchronous analysis—There are
scenarios when it might seem like a good idea to directly integrate
file upload flow in a client application with WildFire. However,
given the asynchronous nature of the WildFire analysis process,
as well as the overall time that it can take to analyze one sample
(time can vary from seconds to minutes based on the attributes of
the sample), Palo Alto Networks does not recommend blocking client
application end-users in the WildFire scanning stage. Letting WildFire
perform sample analysis in the background provides a better client
application user experience.