Threat Indicator Overview
The threat indicator summary provides a
breakdown of the properties, behaviors, and activities reported
by various Palo Alto Networks analytics services. URL entries can
include additional context provided by analysis data derived from
the improved URL analysis capabilities found in the WildFire global
cloud. This content is categorized into three categories: Summary,
Evidence, and Analyst. The summary provides a high level overview
of the URL, including PAN-DB categorization details, detection reasons
with verdict, Whois information, accompanied by a screenshot. Evidence
shows details regarding why and how the verdict was reached. Analyst
describes various insights into the operational details of the web
page, including network traffic and file transfers. For all other
indicators, the threat indicator summary provides a breakdown of
the general properties, behaviors, and activities reported by various
Palo Alto Networks analytics services.The following list shows some
of the threat data that can populate the threat indicator overview.
WildFire Verdict—The verdict of the sample based on the WildFire
analysis of the file or email link.
Tags—Lists the tags or tag groups associated with the threat
Upload Source—Lists which of your connected Palo Alto Networks
services or appliances uploaded the threat indicator.
First/Last Seen Date—Displays when the threat indicator was
first and last sent to WildFire for analysis.
WHOIS—Shows general domain information.
PAN-DB Categorization—View URLs associated with the domain,
URL, or IP address through PAN-DB
and the PAN-DB category
WildFire DNS History—View a log of domain to IP address mappings
based on all samples that launched a request to connect to a domain
during Wildfire Analysis.
DNS Security Results— Domains that have been analyzed by
DNS Security are listed here.
Passive DNS History—View a passive history of domain to IP
address mappings that contain matches to the artifact your searched for.
Active DNS History—View active domain to IP address mappings
that contain matches to the artifact your searched for.