Dear PA community members, I've done the research but could not find any info bout the Wildfire limitations nor any issues which could explain why in some cases the WildFire Report arrives with delays. As per WildFire Analysis Concepts: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/endpoint-security-profiles/add-malware-security-profile/wildfire-analysis-concepts.html , *the only limitation mentioned in the documentation is: "Cortex XDR sends unknown samples for in-depth analysis to WildFire. WildFire accepts up to 1,000,000 sample uploads per day and up to 1,000,000 verdict queries per day from each Cortex XDR tenant. The daily limit resets at 23:59:00 UTC. Uploads that exceed the sample limit are queued for analysis after the limit resets. WildFire also limits sample sizes to 100MB. " Based on the documentation WF should be able to deliver a verdict within 10-15 min after uploading the file (PE), which seems to be happening for most of the cases. Unfortunately but for some files, sent for Wildfire analysis after being Prevented (Blocked) on the XDR agent, the Cortex receives the verdict hours (sometimes days) later. The thing is, as per my understanding the wildfire should be able to take just seconds to run the analysis and to generate the report, but for any reason, the Cortex has received it only the next day. Also, I know that as for the Next-Generation Firewalls the signatures will be updated and shared within the next Content Updates, but it's not what I will expect for Cortex / Taps. *Am I missing something here, or it's something for the Palo Alto TAC to check? As additional info, I've noticed that the recent files impacted by this issue have been first prevented (blocked), and on the next day WildFire changed the verdict from "Unknown" to "Benign". Did anyone have similar issues in the past with WF? Could you please advise and point me in the correct documentation? I will appreciate your help to understand this issue. Thank you in advance and kind regards.
... View more