Advanced WildFire Powered by Precision AI™
show wildfire local
Table of Contents
Expand All
|
Collapse All
Advanced WildFire
-
-
- Forward Files for Advanced WildFire Analysis
- Manually Upload Files to the WildFire Portal
- Forward Decrypted SSL Traffic for Advanced WildFire Analysis
- Enable Advanced WildFire Inline Cloud Analysis
- Enable Advanced WildFire Inline ML
- Enable Hold Mode for Real-Time Signature Lookup
- Configure the Content Cloud FQDN Settings
- Sample Removal Request
- Firewall File-Forwarding Capacity by Model
-
-
-
- set deviceconfig cluster
- set deviceconfig high-availability
- set deviceconfig setting management
- set deviceconfig setting wildfire
- set deviceconfig system eth2
- set deviceconfig system eth3
- set deviceconfig system panorama local-panorama panorama-server
- set deviceconfig system panorama local-panorama panorama-server-2
- set deviceconfig system update-schedule
- set deviceconfig system vm-interface
-
- clear high-availability
- create wildfire api-key
- delete high-availability-key
- delete wildfire api-key
- delete wildfire-metadata
- disable wildfire
- edit wildfire api-key
- load wildfire api-key
- request cluster decommission
- request cluster reboot-local-node
- request high-availability state
- request high-availability sync-to-remote
- request system raid
- request wildfire sample redistribution
- request system wildfire-vm-image
- request wf-content
- save wildfire api-key
- set wildfire portal-admin
- show cluster all-peers
- show cluster controller
- show cluster data migration status
- show cluster membership
- show cluster task
- show high-availability all
- show high-availability control-link
- show high-availability state
- show high-availability transitions
- show system raid
- submit wildfire local-verdict-change
- show wildfire
- show wildfire global
- show wildfire local
- test wildfire registration
show wildfire local
Description
Shows various information
about local devices and samples, activity, recent samples that the
appliance analyzed, and basic WildFire statistics.
Hierarchy Location
show wildfire local
Syntax
latest {
analysis {
filter malicious|benign;
sort-by SHA256|Submit Time|Start Time|Finish Time|Malicious|Status;
sort-direction asc|desc;
limit 1-20000;
days 1-7;
}
OR...
samples {
filter malicious|benign;
sort-by SHA256|Create Time|File Name|File Type|File Size|Malicious|Status;
sort-direction asc|desc;
limit 1-20000;
days 1-7;
}
sample-processed {
count 1-1000;
time {last-1-hr|last-12-hrs|last-15-minutes|last-24-hrs|last-30-days|last-7-days|last-calender-day|last-calender-month;
}
sample-status {
sha256 {
equal <value>;
}
}
statistics days <1-31> | hours <0-24> | minutes <0-60>;
} Options
> latest —
Show latest 30 activities, which include the last 30 analysis activities,
the last 30 files that were analyzed, network session information
on files that were analyzed and files that were uploaded to the
public cloud server.
> sample-processed —
Shows the number of samples processed locally within a specified
timespan or maximum number of samples.
> sample-status —
Show wildfire sample status. Enter the SHA256 value of the file
to view the current analysis status.
> statistics —
Display basic wildfire statistics.
Sample Output
The following shows the
output for this command.
admin@WF-500> show wildfire latest analysis Latest analysis information: +-------------+---------------------+---------------------+---------------------+ | SHA256 | Submit Time | Start Time | Finish Time | +-------------+---------------------+---------------------+---------------------+ | <HASH VALUE>| 2017-03-01 14:28:26 | 2017-03-01 14:28:26 | 2017-03-01 14:34:24 | | <HASH VALUE>| 2017-03-01 14:28:25 | 2017-03-01 14:28:25 | 2017-03-01 14:28:41 | | <HASH VALUE>| 2017-03-01 14:28:25 | 2017-03-01 14:28:25 | 2017-03-01 14:28:26 | +-------------+---------------------+---------------------+---------------------+ +------------+-----------------------------------------------------------+-----------+ | Malicious | VM Image | Status | +------------+-----------------------------------------------------------+-----------+ | Yes | Windows 7 x64 SP1, Adobe Reader 11, Flash 11, Office 2010 | completed | | No | Java/Jar Static Analyzer | completed | | Suspicious | Java/Jar Static Analyzer | completed | +------------+-----------------------------------------------------------+-----------+ admin@WF-500> show wildfire local latest samples Latest samples information: +--------------+---------------------+----------------+---------------+ | SHA256 | Create Time | File Name | File Type | +--------------+---------------------+----------------+---------------+ | <HASH VALUE> | 2017-03-01 14:28:25 | | JAVA Class | | <HASH VALUE> | 2017-03-01 14:28:25 | | JAVA Class | | <HASH VALUE> | 2017-03-01 14:28:25 | | PE | +--------------+---------------------+----------------+---------------+ +--------------+-----------+-------------------+ | File Size | Malicious | Status | +--------------+-----------+-------------------+ | 20,407 | No | analysis complete | | 1,584 | Yes | analysis complete | | 259,024 | No | analysis complete | +--------------+-----------+-------------------+ admin@WF-500> show wildfire local sample-processed count 2 Time Window: last-15-minutes Display Count: 2: +------------------------------------------------------------------+---------------------+-----------+------------+-----------+------------+-------------------+ | SHA256 | Create Time | File Name | File Type | File Size | Malicious | Status | +------------------------------------------------------------------+---------------------+-----------+------------+-----------+------------+-------------------+ | ce752b7b76ac2012bdff2b76b6c6af18e132ae8113172028b9e02c6647ee19bb | 2018-12-09 16:55:53 | | Email Link | 31,522 | | download complete | | 349e57e51e7407abcd6eccda81c8015298ff5d5ba4cedf09c7353c133ceaa74b | 2018-12-09 16:53:40 | | Email Link | 39,679 | | download complete | +------------------------------------------------------------------+---------------------+-----------+------------+-----------+------------+-------------------+ admin@WF-500> show wildfire local sample-status sha256 equal 0f2114010d00d7fa453177de93abca9643f4660457536114898c56149f819a9b Sample information: +---------------------+-----------+-----------------------------------+ | Create Time | File Name | File Type | +---------------------+-----------+-----------------------------------+ | 2017-03-01 22:28:24 | rmr.doc | Microsoft Word 97 - 2003 Document | +---------------------+-----------+-----------------------------------+ +-----------+-----------+-------------------+ | File Size | Malicious | Status | +-----------+-----------+-------------------+ | 133120 | Yes | analysis complete | +-----------+-----------+-------------------+ Analysis information: +---------------------+---------------------+---------------------+------------+ | Submit Time | Start Time | Finish Time | Malicious | +---------------------+---------------------+---------------------+------------+ | 2017-03-01 22:28:24 | 2017-03-01 22:28:24 | 2017-03-01 22:28:24 | Suspicious | | 2017-03-01 22:28:24 | 2017-03-01 22:28:24 | 2017-03-01 22:34:07 | Yes | +---------------------+---------------------+---------------------+------------+ +-----------------------------------------------------------+-----------+ | VM Image | Status | +-----------------------------------------------------------+-----------+ | DOC/CDF Static Analyzer | completed | | Windows 7 x64 SP1, Adobe Reader 11, Flash 11, Office 2010 | completed | +-----------------------------------------------------------+-----------+ admin@WF-500> show wildfire local statistics Current Time: 2017-03-01 17:44:31 Received After: 2017-02-28 17:44:31 Received Before: 2017-03-01 17:44:31 ------------------------------------------------------------------------------------- | Wildfire Stats | +-----------------------------------------------------------------------------------+ |+----------------------------------------------------------------------------------+| || Executable || |+---------------------------------------------------------------------------------+| || FileType | Submitted | Analyzed | Pending | Malware | Grayware | Benign | Error || |+---------------------------------------------------------------------------------+| || exe | 2 | 2 | 0 | 0 | 0 | 2 | 0 || |+---------------------------------------------------------------------------------+| || dll | 0 | 0 | 0 | 0 | 0 | 0 | 0 || |+---------------------------------------------------------------------------------+| Environment Analysis Summary for Executable: VM Utilization : 0/10 Files Analyzed : 2 +-----------------------------------------------------------------------------------+ || Non-Executable || |+---------------------------------------------------------------------------------+| || FileType | Submitted | Analyzed | Pending | Malware | Grayware | Benign | Error || |+---------------------------------------------------------------------------------+| || pdf | 0 | 0 | 0 | 0 | 0 | 0 | 0 || |+---------------------------------------------------------------------------------+| || jar | 0 | 0 | 0 | 0 | 0 | 0 | 0 || |+---------------------------------------------------------------------------------+| || doc | 1 | 1 | 0 | 1 | 0 | 0 | 0 || |+---------------------------------------------------------------------------------+| || ppt | 0 | 0 | 0 | 0 | 0 | 0 | 0 || |+---------------------------------------------------------------------------------+| || xls | 0 | 0 | 0 | 0 | 0 | 0 | 0 || |+---------------------------------------------------------------------------------+| || docx | 0 | 0 | 0 | 0 | 0 | 0 | 0 || |+---------------------------------------------------------------------------------+| || pptx | 0 | 0 | 0 | 0 | 0 | 0 | 0 || |+---------------------------------------------------------------------------------+| || xlsx | 0 | 0 | 0 | 0 | 0 | 0 | 0 || |+---------------------------------------------------------------------------------+| || rtf | 0 | 0 | 0 | 0 | 0 | 0 | 0 || |+---------------------------------------------------------------------------------+| || class | 2 | 2 | 0 | 1 | 0 | 1 | 0 || |+---------------------------------------------------------------------------------+| || swf | 1 | 1 | 0 | 0 | 0 | 1 | 0 || |+---------------------------------------------------------------------------------+| Environment Analysis Summary for Non-Executable: VM Utilization : 0/16 Files Analyzed : 4 +-----------------------------------------------------------------------------------+ || Links || |+---------------------------------------------------------------------------------+| || FileType | Submitted | Analyzed | Pending | Malware | Grayware | Benign | Error || |+---------------------------------------------------------------------------------+| || elink | 1 | 1 | 0 | 1 | 0 | 0 | 0 || |+---------------------------------------------------------------------------------+| Environment Analysis Summary for Links: Files Analyzed : 1 ---------------------------------------------------------- | General Stats | +--------------------------------------------------------+ Total Disk Usage: 67/1283(GB) (5%) ||+--------------------------+-----------+-+-----------+|| ||| Sample Queue ||| ||+-----------------+-------------------+--------------+|| ||| SUBMITTED | ANALYZED | PENDING ||| ||+--------------------------+-----------+-+-----------+|| ||| 7 | 7 | 0 ||| ||+--------------------------+-----------+-+----------+||| |+---------------------------+--------------------------+| ||| Verdicts ||| ||+--------------------------+-------------------------+|| ||| Malware | Grayware | Benign | Error ||| ||+-----------------------------+----------------------+|| ||| 3 | 0 | 4 | 0 ||| ||+--------------------------+-----------+-+----------+||| |+---------------------------+--------------------------+| ||| Session and Upload Count ||| ||+--------------------------+-------------------------+|| ||| Sessions | Uploads ||| ||+--------------------------+-------------------------+|| ||| 7 | 5 ||| ||+--------------------------+-------------------------+||
Required Privilege Level
superuser, superreader