Enable Local Signature and URL Category Generation
Where Can I Use
What Do I Need?
The WildFire appliance can generate signatures
locally based on the samples received from connected firewalls and
the WildFire API, as an alternative to sending malware to the public
cloud for signature generation. The appliance can generate the following
types of signatures for the firewalls to use to block malware and
any associated command and control traffic:
—Detect and block malicious files. WildFire adds these
signatures to WildFire and Antivirus content updates.
—Detect and block callback domains for
command and control traffic associated with malware. WildFire adds
these signatures to WildFire and Antivirus content updates.
—Categorizes callback domains as malware
and updates the URL category in PAN-DB.
the firewalls to retrieve the signatures generated by the WildFire
appliance as frequently as every five minutes. You can also send
the malware sample to the WildFire public cloud, in order to enable
the signature to be distributed globally through Palo Alto Networks
This allows the WildFire appliance to receive the latest
threat intelligence from Palo Alto Networks.
Enable signature and URL category generation.
Log in to the appliance and type
enter configuration mode.
Enable all threat prevention options:
deviceconfig setting wildfire signature-generation av yes dns yes
Commit the configuration:
can display the status of a signature for signatures generated in
the WildFire 8.0.1 or later environment using the command:
wildfire global signature-status sha256 equal
WildFire appliances cannot
display the status for signatures generated before the upgrade to
Set the schedule for connected firewalls to retrieve
the signatures and URL categories the WildFire appliance generates.
It is a best practice to configure
your firewalls to retrieve content updates from both the WildFire
public cloud and WildFire appliance. This ensures that your firewalls
receive signatures based on threats detected worldwide, in addition
to the signatures generated by the local appliance.