Configure a WildFire Analysis Data Pattern

The predefined data pattern service in Aperture uses WildFire analysis to detect known and unknown malware by file type. By default, Aperture automatically submits Windows executables, Microsoft Office files, and Portable Document Format (PDF) files to the WildFire service for analysis, classification and reporting as follows:
  • WildFire reports the file information, including the hash, file, type, and size.
  • WildFire static analysis leverages the machine learning capabilities of WildFire to display samples that contain characteristics of known malware.
  • WildFire Dynamic Analysis displays the details about the malicious host and network activity the file exhibited in the different WildFire sandbox environments.
You can configure the WildFire match criteria to select the cloud apps to scan and exposure settings in policy rules. For assets that match the WildFire analysis rule, you can Use the WildFire Report to Track Down Threats.
  1. Define the WildFire analysis data pattern match criteria settings.
    1. Select Policy and select the WildFire data pattern to view from the Rule Name column.
    2. Add the data pattern Match Criteria by Rule Type.
    3. Save your setting.
    po-add-wildfire-data-pattern-policy.png
  2. Enable or disable the WildFire analysis data pattern.
    By default, the WildFire analysis data pattern is always enabled. You can disable a WildFire analysis data pattern in Settings.
    1. Select SettingsWildFire Analysis.
    2. Enable the data pattern by clicking the on/off toggle.
      po-settings-on-off-toggle-switch.png
    3. Select the Files to Submit, such as Windows executables, Microsoft Office files, and Portable Document Format (PDF) files.
    4. Save your setting.
    po-configure-wildfire-analysis.png

Related Documentation