WildFire® generates signatures to identify
newly-discovered malware and distributes these signatures to Palo
Alto Networks® firewalls. The firewalls compare incoming traffic against
WildFire signatures to protect against known malware. Now, when
viewing details for a specific sample in AutoFocus™, you can find
the WildFire signatures that the sample triggers. You can check
signature coverage to assess the level of protection in place for
Select a specific sample hash to view sample details
and then select
Review the signatures that match the sample:
on the sample, all or some of the following signature types provide
WildFire AV Signatures
antivirus signatures identify malicious files. Examples of malware
for which antivirus signatures provide protection include viruses, worms,
Trojans, and spyware downloads.
—Command and control (C2) domain signatures
identify malicious domains that the sample attempted to resolve
to when executed in the WildFire analysis environment.
—Download domain signatures identify
domains that host malware (and from which the sample was downloaded).
the sample visited when executed in the WildFire analysis environment,
and the PAN-DB categorization for
Signature Dates and Content
—WildFire antivirus, C2 domain, and download
domain signatures also include the following information:
—The date WildFire created the signatures (depending
on the WildFire updates schedule configured on the firewall, the
firewall could have retrieved this signature within 5 minutes of
the creation date).
—Signatures are packaged
in content updates and made
available for Palo Alto Networks firewalls to automatically download and
install. The available content updates and the frequency the firewall
can get the latest updates depend on the subscriptions you have.
Check the content versions which included the signature. The
content versions vary depending on whether the signature was distributed
as part of a
For example, if the firewall retrieves WildFire signatures as
part of the daily Antivirus content updates, select
see the content version that included the signature. If the firewall
has a WildFire license and gets WildFire 5-minute updates, select
to view the content version that included the signature.
content version that
included the signature, and the
version to include an update to the signature.
Check whether the signature is included in the most