WildFire API Best Practices
Expand all | Collapse all
WildFire API Best Practices
Palo Alto Networks recommends adhering
to the following best practices when using the WildFire API:
Do not distribute or share the API key to users that
do not require access to WildFire API functions.
Do not embed API keys in code or application source tree
files. This can inadvertently expose the API key. Instead, consider
storing the API key in environmental variables or files that are
excluded from your application source tree files.
WildFire API sample submissions are processed using the following
interaction flow:
The API response
resolution time varies based on several factors; consider the following:
After submitting a sample for analysis, wait at least 30
seconds before querying for response(s).
Samples that undergo full dynamic analysis can take up to
5 minutes.
Perform hash lookups before submitting files—Client
applications should calculate the sample hash locally and use the
GetVerdict API to first check whether a WildFire result is known
for a given sample or not. If the verdict response from WildFire
indicates an unknown verdict (-100), then the client application
should submit the unknown sample for analysis.
Return WildFire response codes in logs to improve troubleshooting—Custom
error codes can cause confusion if assistance is needed while troubleshooting.
For information about the response codes, refer to
WildFire API Error Codes.
WildFire API cloud configuration
Palo
Alto Networks maintains a high level of WildFire availability but
it does have scheduled downtimes for upgrades and maintenance. Auto
switch to a secondary
WildFire API cloud if
the primary does not respond after 10 minutes to avoid service disruption.
Downtimes are published on the
Palo Alto Networks Status Page.
When configuring your primary and secondary WildFire API
cloud selections, be sure to select an instance that meets your
data residency requirements.
Do not enable in-line synchronous analysis—There are
scenarios when it might seem like a good idea to directly integrate
file upload flow in a client application with WildFire. However,
given the asynchronous nature of the WildFire analysis process,
as well as the overall time that it can take to analyze one sample
(time can vary from seconds to minutes based on the attributes of
the sample), Palo Alto Networks does not recommend blocking client
application end-users in the WildFire scanning stage. Letting WildFire
perform sample analysis in the background provides a better client
application user experience.