URL Analysis
Where Can I Use
This? | What Do I Need? |
-
Prisma Access (Managed by Strata Cloud Manager)
-
Prisma Access (Managed by Panorama)
-
NGFW (Managed by Strata Cloud Manager)
-
NGFW (Managed by PAN-OS or Panorama)
-
VM-Series
-
CN-Series
|
-
Advanced WildFire License
For Prisma Access, this is usually included with your
Prisma Access license.
|
The Advanced WildFire global cloud (U.S.) and
regional clouds can analyze URLs, and by extension, email links,
to provide standardized verdicts and reports through the
WildFire API. By aggregating
threat analysis details from all Palo Alto Networks services, including
PAN-DB, Advanced WildFire is able to generate a more accurate verdict
and provide consistent URL analysis data.
The URL analyzers operating in the Advanced WildFire
global cloud processes URL feeds, correlated URL sources (such as
email links), NRD (newly registered domain) lists, PAN-DB content,
and manually uploaded URLs, to provide all Advanced WildFire clouds
with the improved capabilities, without affecting GDPR compliance.
After a URL has been processed, you can retrieve the URL analysis
report, which includes the verdict, detection reasons with evidence,
screenshots, and analysis data generated for the web request. You
can also retrieve web page artifacts (downloaded files and screenshots)
seen during URL analysis to further investigate anomalous activity.
No additional configuration is necessary to take advantage of
this feature, however, if you want to automatically submit email
links for analysis (which are now analyzed through this service),
you must
Forward Files for Advanced WildFire Analysis.