WildFire Subscription

The basic WildFire service is included as part of the Palo Alto Networks next generation firewall and does not require a WildFire subscription. With the basic WildFire service, the firewall can forward portable executable (PE) files for WildFire analysis, and can retrieve WildFire signatures only with antivirus and/or Threat Prevention updates which are made available every 24-48 hours.
A WildFire subscription unlocks the following WildFire features:
  • WildFire Real-Time Updates
    (PAN-OS 10.0 and later)
    The firewall can retrieve WildFire signatures for newly-discovered malware as soon as the WildFire public cloud can generate them. Signatures that are downloaded during a sample check are saved in the firewall cache, and are available for fast (local) look-ups. In addition, to maximize coverage, the firewall also automatically downloads a signature package on a regular basis when real-time signatures is enabled. These supplemental signatures are added to the firewall cache and remain available until they become stale and are refreshed or are overwritten by new signatures. Using real-time WildFire updates is a recommended best practice setting.
    Dynamic Updates
    and enable the firewall to get the latest WildFire signatures in real-time.
  • WildFire Five-Minute Updates
    (All PAN-OS versions)
    The WildFire public cloud and a WildFire private cloud can generate and distribute WildFire signatures for newly-discovered malware every five minutes, and you can set the firewall to retrieve and install these signatures every minute (this allows the firewall to get the latest signatures within a minute of availability).
    If you are running PAN-OS 10.0 or later, it is a best practice to use real-time WildFire updates instead of scheduling recurring updates.
    Dynamic Updates
    to enable the firewall to get the latest WildFire signatures. Depending on your WildFire deployment, you can set up one or both of the following signature package updates:
    • WildFire
      —Get the latest signatures from the WildFire public cloud.
    • WF-Private
      —Get the latest signatures from a WildFire appliance that is configured to locally generate signatures and URL categories (PAN-OS 9.1, 10.0, 10.1, 10.2).
  • WildFire Inline ML
    (PAN-OS 10.0 and later)
    Prevent malicious variants of portable executables, executable and linked format (ELF) files, and PowerShell scripts from entering your network in real-time using machine learning (ML) on the firewall dataplane. By utilizing WildFire® Cloud analysis technology on the firewall, WildFire Inline ML dynamically detects malicious files of a specific type by evaluating various file details, including decoder fields and patterns, to formulate a high probability classification of a file. This protection extends to currently unknown as well as future variants of threats that match characteristics that Palo Alto Networks identified as malicious. WildFire inline ML complements your existing Antivirus profile protection configuration. Additionally, you can specify file hash exceptions to exclude any false-positives that you encounter, which enables you to create more granular rules in your profiles to support your specific security needs.
  • WildFire Advanced File Type Support
    —In addition to PEs, forward advanced file types for WildFire analysis, including APKs, Flash files, PDFs, Microsoft Office files, Java Applets, Java files (.jar and .class), and HTTP/HTTPS email links contained in SMTP and POP3 email messages. (WildFire private cloud analysis does not support APK, Mac OS X, Linux (ELF), archive (RAR/7-Zip), and script (JS, BAT, VBS, Shell Script, PS1, and HTA) files).
  • WildFire API
    —Access to the , which enables direct programmatic access to the WildFire public cloud or a WildFire private cloud. Use the WildFire API to submit files for analysis and to retrieve the subsequent WildFire analysis reports. As part of the WildFire subscription, you can submit up to 150 sample submissions and up to 1,050 sample queries a day. These daily sample submission limits can be extended, based on your organization’s specific needs. Please contact your Palo Alto Networks sales representative for more information.
  • WildFire Private and Hybrid Cloud Support
    Forward Files to a WildFire Appliance
    (PAN-OS 9.1, 10.0, 10.1, 10.2). WildFire private cloud and WildFire hybrid cloud deployments both require the firewall to be able to submit samples to a WildFire appliance. Enabling a WildFire appliance requires only a support license.
If you have purchased a WildFire subscription, you must activate (PAN-OS 9.1, 10.0, 10.1, 10.2) it before you can take advantage of the subscription-only WildFire features.

Recommended For You