Login to Panorama and click Objects
> WildFire Analysis. The WildFire
Analysis profile window appears.
Select the device group from the drop-down menu where you want to create
the profile.
Click Add.
Enter a Name for the WildFire profile and click
Add.
Enter a descriptive Name for any rules you add to
the profile.
In the application section, click Add to select the
application from the list of applications that you wish to allow access
through your WildFire profile.
Click FileTypes to select the file types you wish to
allow.
Click Direction to allow download or upload or both
options.
Select the Destination for traffic to be forwarded
for analysis: Select public cloud if you wish that
all traffic matched to the rule is forwarded to the WildFire public cloud
for analysis.
Select private cloud if you wish that all traffic
matched to the rule is forwarded to the WildFire appliance for
analysis.
Click OK.
Define Security Rules
Log in to Panorama, and click policy rules.
Choose the required Device Group and click the preconfigured security rule
(pre-rule or post-rule) or create a new rule.
Click Actions.
In the profile setting, select Profiles under the
profile type.
Select the WildFire profile you wish to choose in the WildFire
Analysis drop-down.
Click OK.
Commit and push the device group to the Cloud NGFW resources.
After you create the Log Analytics Workspace, update the log settings under the
firewall and start sending the traffic. Once the traffic is sent, you can view
the logs as described in the steps below:
Click the Log Analytics Workspace for which you need
to view the logs.
Click Logs.
Click Custom Logs in the query window and
Run a query you have created.
You can create a customized query with parameters such as number of
logs, time range and so on. For example - A simple Query
fluentbit_CL
| limit 10
Click the desired query result item for which you would want to view the
detailed logs.
View Logs in Panorama
On Panorama, you can view the logs on the device group using Monitor >
Threats.
