>
    Cloud Management
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced WildFire
    3. Configure Advanced WildFire Analysis
    4. Enable Advanced WildFire Inline ML
    5. Cloud Management
    Download PDF
    Advanced WildFire

    Prisma Access

    Table of Contents

    Cloud Management

    If you’re using Panorama to manage
    Prisma Access
    :
    Toggle over to the
    PAN-OS
     tab and follow the guidance there.
    If you’re using
    Prisma Access
     Cloud Management, continue here.
    1. To take advantage of WildFire Inline ML, you must have an active WildFire subscription as part of your
      Prisma Access
       subscription.
    2. Create a new or update your existing
      WildFire and Antivirus
       security profile to use the real-time WildFire inline ML models.
      1. Select an existing
        WildFire and Antivirus
         security profile or create a new one (select
        Manage
        Configuration
        NGFW and
        Prisma Access
        Security Services
        WildFire and Antivirus
         and
        Add Profile
        .
      2. Configure your WildFire and Antivirus profile to forward samples for analysis.
      3. Select
        WildFire Inline Machine Learning Models
         and apply an
        Action Setting
         for each WildFire Inline ML model. This enforces the WildFire Inline ML Actions settings configured for each protocol on a per model basis.
        The following classification engines available:
        • Windows Executables
        • PowerShell Scripts 1
        • PowerShell Scripts 2
        • Executable Linked Format
        • MSOffice
        • Shell Scripts
        • enable
          —WildFire inspects traffic according to your selections in the WildFire Inline ML Action column in the decoders section of the
          Action
           tab.
        • enable(alert-only)
          —WildFire inspects traffic according to your selections in the WildFire Inline ML Action column in the decoders section of the
          Action
           tab and overrides any action with a severity level higher than
          alert
           (
          drop
          ,
          reset-client
          ,
          reset-server
          ,
          reset-both
          )
          alert
          , which allows traffic to pass while still generating and saving an alert in the threat logs.
        • disable
          —WildFire allows traffic to pass without any policy action.
    3. (Optional)
       Add file exceptions to your WildFire and Antivirus security profile if you encounter false-positives. This is typically done for users who are not forwarding files to WildFire for analysis. You can add the file exception details directly to the exception list or by specifying a file from the threat logs.
      If your WildFire Analysis security profile is configured to forward the filetypes analyzed using WildFire inline ML, false-positives are automatically corrected as they are received. If you continue to see ml-virus alerts for files that have been classified as benign by WildFire Analysis, please contact Palo Alto Networks Support.
      • Add file exceptions directly to the exception list.
        1. Select
          Advanced Settings
           and
          Add Exception
           in the
          File Exceptions
           pane.
        2. Add the hash, filename, and description of the file that you want to exclude from enforcement.
        3. When finished,
          Save
           your file exceptions.
    4. Save
       your WildFire and Antivirus profile configuration and push configuration changes.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.