Hello aojea. The wildfire subscription service stores the wildfire log summary info on the PA device. The data can be extracted and analysed, summarized and exported into any data analysis product you may have. The Subscription service also provides you the ability to use the API to access the data in the cloud console in a more flexible manner. API reference document can be found here: https://live.paloaltonetworks.com/docs/DOC-4198 Phil
... View more
When file is blocked the session is destroyed and this can happen before the file is being downloaded or during download (if for example the AV triggers). What wildfire does is that it takes a copy of the file which is allowed for the client. However im not sure if this is done by first copy to mgmtplane and then upload the file or if the stream is copied like a span-port towards wildfire while the download occurs, perhaps someone from PA could enlighten us? I mean is it: 1) User downloads a large file, at the same time this file is being buffered in the mgmtplane. When download is complete the mgmtplane will upload the file to wildfire (which will also handle the case if the upload didnt succeed - it can then just retry again). or 2) User downloads a large file, at the same time this file is being streamed towards wildfire (which gives that no space at mgmtplane will be used as buffer - but also means that if the wildfire upload didnt succeed the upload cannot retry again unless some client downloads the same file again etc).
... View more