View WildFire Logs and Analysis Reports
Where Can I Use
This? | What Do I Need? |
Prisma Access (Managed by Strata Cloud Manager) Prisma Access (Managed by Panorama) NGFW (Managed by Strata Cloud Manager) NGFW (Managed by PAN-OS or Panorama) VM-Series CN-Series
|
Advanced WildFire License For Prisma Access, this is usually included with your
Prisma Access license.
|
WildFire logs contain information on samples (files
and email links) uploaded to the WildFire cloud for analysis. It
includes artifacts, which are properties, activities, or behaviors
associated with the logged event, such as the application type or
the IP address of an attacker as well as WildFire-specific qualities,
such as high-level analysis results including categorization of
the sample as malware, phishing, grayware, or benign and details sample
information. Reviewing the WildFire Submissions logs can also indicate
whether a user in your networks downloaded a suspicious file. The WildFire
analysis report displays detailed sample information, as well as
information on targeted users, email header information (if enabled),
the application that delivered the file, and all URLs involved in
the command-and-control activity of the file. It informs you if
the file is malicious, if it modified registry keys, read/wrote
into files, created new files, opened network communication channels,
caused application crashes, spawned processes, downloaded files,
or exhibited other malicious behavior.
WildFire logs are displayed as WildFire submissions logs on NGFW firewalls, while on Cloud
Management platforms, you must first configure log forwarding to upload relevant logs to
Strata Logging Service, which will then show the WildFire logs as threat logs
(type WildFire).