1. What are the WildFire API query/upload daily limits?
For NGFW customers, each attached WildFire subscription customer receives an API key with the following daily limits*.
* WildFire API limits attached to WildFire subscription are subject to change.2.
My WildFire API key limits are insufficient, can I increase them?You can purchase a separate standalone WildFire API subscription and choose the required volume of daily submissions and queries in volumes of 2,500 submissions and 17,500 queries. This standalone WildFire subscription does not require the purchase of an NGFW. Contact your account or sales engineering team for more information.
3.
What happens when you reach the daily upload limit?When the API limit for the daily uploads/queries is reached, future uploads/queries are blocked respectively. WildFire API will respond to requests with "Quota Exceeded" error message.
4.
Do unused limits get carried over to the next day?No. The limits reset every day at 0:00 UTC.
5.
Is there any email notification when an API key upload/query limit is about to be reached?No, at this moment such functionality is not supported by WildFire.
6.
When integrating the WildFire API key with a 3rd party integration (such as VMware’s Carbon Black), do these uploads count against the daily upload limit?Yes, all interactions from external 3rd party integrations are counted against these limits, including Proofpoint.
7.
When integrating WildFire API key with Proofpoint, do these uploads count against the daily upload limit?Effective February 1, 2023, Proofpoint uploads count against the daily limit.
8.
Does the Palo Alto Networks Next-Generation Firewall (NGFW) communication (uploads/queries) with WildFire count against the WildFire API key usage?No, the communication between the NGFW and WildFire is not counted against the daily WildFire API key limits.
9.
How are manual uploads accounted for?Each manual upload to the WildFire Portal counts against the WildFire API key upload limit.
10.
What does "manual upload limit:5" in the WildFire Portal mean?Palo Alto Networks Customer Support Portal users without a valid WildFire license are limited to 5 manual uploads to the WildFire Portal per day.
11.
How is the daily limit consumed?The daily limit is consumed when requests are made using WildFire API. The limit is counted on a per-request basis, meaning that if the same request is made multiple times by using API, the number of requests will be consumed and be deducted from the limit. This happens even if there's no valid response for the request. For example, an API key is consumed even if a query is made for a hash unknown to the WildFire cloud. In the same manner, if you attempt to upload an unsupported file to the cloud, the file will not be uploaded but the API key count will be consumed.
12.
How is the WildFire API key generated?WildFire API key is generated per the company’s account (not per NGFW nor per WildFire subscription). Initially, only one WildFire API key is created per customer account.
When a WildFire subscription is activated for the first time, the API key will be generated immediately and automatically. If an NGFW is transferred from one account to another and if the NGFW l has a WildFire subscription then the WildFire API key will NOT be generated automatically. In this case, customers can
contact Palo Alto Networks support and request to generate a new WildFire API key.
13.
How is the WildFire API Key expiration date updated?When there is more than one NGFW with WildFire subscriptions in a customer account, the latest expiration date among all WildFire subscriptions is used and reflected as the WildFire API key expiration date. When the WildFire subscription is renewed, the WildFire API key expiration date is updated accordingly on the existing key.
** Please note that VMs with Wildfire feature subscription, are not included to the validity of WildFire API Key expiration.
If an NGFW is transferred from one account to another, the WildFire API key expiration date will NOT be updated. In this case, customers can contact Palo Alto Networks support and request to update the WildFire API key expiration date.
14.
Why is my Cortex XDR API key not visible in the WildFire portal?This is expected and default WildFire behavior. The WildFire API key for Cortex XDR is not visible in the WildFire Portal -> Account view.
15.
I can obtain the Wildfire Analysis report of the sample that I am not owning with my Wildfire API key. But I can't download the pcap data of the sample and the sample itself with Wildfire API key. Is this expected ?Yes, this is expected. This is current behavior, that we allow any customer to use valid WildFire api key to view and download report. For sample download and pcap download, we indeed check if the customer is the sample owner or not; but for report download, we do not have this ownership check.