WildFire logs contain information on samples (files
and email links) uploaded to the WildFire cloud for analysis. It
includes artifacts, which are properties, activities, or behaviors
associated with the logged event, such as the application type or
the IP address of an attacker as well as WildFire-specific qualities,
such as high-level analysis results including categorization of
the sample as malware, phishing, grayware, or benign and details sample
information. Reviewing the WildFire Submissions logs can also indicate
whether a user in your networks downloaded a suspicious file. The WildFire
analysis report displays detailed sample information, as well as
information on targeted users, email header information (if enabled),
the application that delivered the file, and all URLs involved in
the command-and-control activity of the file. It informs you if
the file is malicious, if it modified registry keys, read/wrote
into files, created new files, opened network communication channels,
caused application crashes, spawned processes, downloaded files,
or exhibited other malicious behavior.
WildFire logs are displayed as WildFire submissions logs on NGFW
firewalls, while on Cloud Management platforms, you must first configure
log forwarding to upload relevant logs to CDL (Cortex Data Lake),
which will then show the WildFire logs as threat logs (type WildFire).