Advanced WildFire Powered by Precision AI™
Analysis Environment
Table of Contents
Expand All
|
Collapse All
Advanced WildFire
-
-
- Forward Files for Advanced WildFire Analysis
- Manually Upload Files to the WildFire Portal
- Forward Decrypted SSL Traffic for Advanced WildFire Analysis
- Enable Advanced WildFire Inline Cloud Analysis
- Enable Advanced WildFire Inline ML
- Enable Hold Mode for Real-Time Signature Lookup
- Configure the Content Cloud FQDN Settings
- Sample Removal Request
- Firewall File-Forwarding Capacity by Model
-
-
-
- set deviceconfig cluster
- set deviceconfig high-availability
- set deviceconfig setting management
- set deviceconfig setting wildfire
- set deviceconfig system eth2
- set deviceconfig system eth3
- set deviceconfig system panorama local-panorama panorama-server
- set deviceconfig system panorama local-panorama panorama-server-2
- set deviceconfig system update-schedule
- set deviceconfig system vm-interface
-
- clear high-availability
- create wildfire api-key
- delete high-availability-key
- delete wildfire api-key
- delete wildfire-metadata
- disable wildfire
- edit wildfire api-key
- load wildfire api-key
- request cluster decommission
- request cluster reboot-local-node
- request high-availability state
- request high-availability sync-to-remote
- request system raid
- request wildfire sample redistribution
- request system wildfire-vm-image
- request wf-content
- save wildfire api-key
- set wildfire portal-admin
- show cluster all-peers
- show cluster controller
- show cluster data migration status
- show cluster membership
- show cluster task
- show high-availability all
- show high-availability control-link
- show high-availability state
- show high-availability transitions
- show system raid
- submit wildfire local-verdict-change
- show wildfire
- show wildfire global
- show wildfire local
- test wildfire registration
Analysis Environment
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Advanced WildFire reproduces a variety of analysis environments,
including the operating system, to identify malicious behaviors
within samples. Depending on the characteristics and features of
the sample, multiple analysis environments may be used to determine
the nature of the file. Advanced WildFire uses static analysis with
machine learning to initially determine if known and variants of
known samples are malicious. Based on the initial verdict of the
submission, Advanced WildFire sends the unknown samples to analysis
environment(s) to inspect the file in greater detail by extracting
additional information and indicators from dynamic analysis. If
the file has been obfuscated using custom or open source methods, the
Advanced WildFire cloud decompresses and decrypts the file in-memory
within the dynamic analysis environment before analyzing it using
static analysis. During dynamic analysis, Advanced WildFire observes
the file as it would behave when executed within client systems
and looks for various signs of malicious activities, such as changes
to browser security settings, injection of code into other processes,
modification of files in operating system folders, or attempts by
the sample to access malicious domains. Additionally, PCAPs generated
during dynamic analysis in the Advanced WildFire cloud undergo deep
inspection and are used to create network activity profiles. Network
traffic profiles can detect known malware and previously unknown
malware using a one-to-many profile match.
Advanced WildFire can analyze files using the following methods,
based on sample characteristics:
- Static Analysis—Detects known threats by analyzing the characteristics of samples prior to execution.
- Machine Learning—Identifies variants of known threats by comparing malware feature sets against a dynamically updated classification systems.
- Dynamic Unpacking (Advanced WildFire global cloud only)—Identifies and unpacks files that have been encrypted using custom/open source methods and prepares it for static analysis.
- Dynamic Analysis—A custom built, evasion resistant virtual environment in which previously unknown submissions are detonated to determine real-world effects and behavior.
- Intelligent Run-time Memory Analysis (Advanced WildFire License | Advanced WildFire global cloud only — requires PAN-OS 10.0 and later on NGFWs)—A cloud-based analysis environment operating advanced detectors used to analyze modern threats utilizing a multitude of evasion techniques.
Advanced WildFire operates analysis environments that replicate
the following operating systems:
- Microsoft Windows XP 32-bit (Supported as an option for the WildFire private cloud only)
- Microsoft Windows 7 64-bit
- Microsoft Windows 7 32-bit (Supported as an option for WildFire private cloud only)
- Microsoft Windows 10 64-bit (Supported as an option for the Advanced WildFire public cloud and WildFire private cloud running PAN-OS 10.0 or later)
- Mac OS X (Advanced WildFire public cloud only)
- Android (Advanced WildFire public cloud only)
- Linux (Advanced WildFire public cloud only)
The Advanced WildFire public cloud also analyzes files using
multiple versions of software to accurately identify malware that
target specific versions of client applications. The WildFire private
cloud does not support multi-version analysis, and does not analyze
application-specific files across multiple versions.