For Prisma Access, this is usually included
with your Prisma Access license.
When Advanced WildFire analyzes a previously unknown sample in
one of the Palo Alto Networks-hosted Advanced WildFire public clouds
or a locally-hosted WildFire private cloud, a verdict is produced
to identify samples as malicious, unwanted (grayware is considered
obtrusive but not malicious), phishing, or benign:
—The sample is safe and does not exhibit
—The sample does not pose a direct security
threat, but might display otherwise obtrusive behavior. Grayware typically
includes adware, spyware, and Browser Helper Objects (BHOs).
—The link directs users to a phishing site
and poses a security threat. Phishing sites are sites that attackers disguise
as legitimate websites with the aim to steal user information, especially
corporate passwords that unlock access to your network. The WildFire
appliance does not support the phishing verdict and continues to
classify these types of links as malicious.
—The sample is malware and poses a security
threat. Malware can include viruses, worms, Trojans, Remote Access
Tools (RATs), rootkits, and botnets. For files identified as malware,
signatures are generated and distributed to prevent against future exposure
to the threat.
Each Advanced WildFire cloud—global (U.S.) and regional, and
the WildFire private cloud—analyzes samples and generates WildFire
verdicts independently of the other WildFire cloud options. With
the exception of WildFire private cloud verdicts, verdicts are shared
globally, enabling Advanced WildFire users to access a worldwide
database of threat data.
Verdicts that you suspect are either false positives or
false negatives can be submitted to the Palo Alto Networks threat
team for additional analysis. You can also manually change verdicts
of samples submitted to WildFire appliances.