Wildfire Submission Logs on Prisma Access

Showing results for 
Show  only  | Search instead for 
Did you mean: 
L4 Transporter
No ratings

The following article walks through the steps to verify the WildFire submission logs for Prisma Access deployment via the Panorama and Explore application on the hub.




  1. To view samples submitted by a firewall to a WildFire public, private, or hybrid cloud, select Monitor  > Logs  >  WildFire Submissions
  2. Select the Device Group related to the Prisma Access tenant of interest.
  3. When WildFire analysis of a sample is complete, the results are accessible in the WildFire Submissions logs. The submission logs include details about a given sample, including the following information:
    • The Verdict column indicates whether the sample is benign, malicious, phishing, or grayware.
    • The Action column indicates whether the firewall allowed or blocked the sample.
    • The Severity column indicates how much of a threat a sample poses to an organization using the following values: critical, high, medium, low, and informational.

      Information on different kinds of verdicts can be found here.
  4. For an entry, select the Log Details icon to open a detailed log view for each entry:
  5. Log Info provides details around the wildfire that shared the suspicious file and triggered the wildfire submission
  6. For all samples, the WildFire analysis report displays file and session details. For malware samples, the WildFire analysis report is extended to include details on the file attributes and behavior that indicates the file was malicious.


Explore App

To access the explore app, one must login into the hub. The Explore app is available for free for all customers. A complete guide to the Explore app can be found here

The following are steps to see wildfire submission logs via Explore app. 

  1. Select the Explore app from the list of activated apps on the hub
  2. Select Threat logs from the log type selection
  3. Subtype wildfire represents the logs represent the results of WildFire analysis:

  4. Click on the ‘Details' view option to look into log details:
  5. The ‘Details’ view will provide information on the traffic and threat details. ‘General’ will provide traffic information and threat details10.jpg
  6. Click on the ‘Details’ tab to get the hash of the file that triggered the wildfire.

  7. Copy the file hash from the screen12.jpg
  8. Login into WildFire Portal and select Reports

  9. Search using the file hash

  10. Click on the ‘Details’ button to open the report in the new tab


Rate this article:
L1 Bithead

Which region will the WF cloud service sent by Prisma Access ?

Reports cannot be viewed on global portal configured with template
I was able to confirm this on another portal.

How do Prisma Access decide on a destination?


If you know, please let me know.

L0 Member

According to the PDF at the following URL, it is determined by the Compute Location of Prisma Access.


L1 Bithead

Thank you very much for helping me.

Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎11-22-2021 12:21 PM
Updated by: