Submit Malware or Reports from the WildFire Appliance
Focus
Focus
Advanced WildFire

Submit Malware or Reports from the WildFire Appliance

Table of Contents

Submit Malware or Reports from the WildFire Appliance

Where Can I Use This?
What Do I Need?
  • WildFire Appliance
  • WildFire License
Enable the WildFire appliance cloud intelligence feature to automatically submit malware samples discovered in the WildFire private cloud to the WildFire public cloud. The WildFire public cloud further analyzes the malware and generates a signature to identify the sample. The signature is then added to WildFire signature updates, and distributed to global users to prevent future exposure to the threat. If you do not want to forward malware samples outside of your network, you can instead choose to submit only WildFire reports for the malware discovered on your network to contribute to WildFire statistics and threat intelligence.
  • Submit Malware to the WildFire Public Cloud
    Execute the following CLI command from the WildFire appliance to enable the appliance to automatically submit malware samples to the WildFire public cloud:
    admin@WF-500admin@WF-500#
    set deviceconfig setting wildfire cloud-intelligence submit-sample yes
    If the firewall that originally submitted the sample for WildFire private cloud analysis has packet captures (PCAPs) enabled, the PCAPs for the malware will also be forwarded to the WildFire public cloud.
  • Submit Malware Reports to the WildFire Public Cloud
    If the WildFire appliance is enabled to Submit Malware to the WildFire Public Cloud, you do not need to also enable the appliance to submit malware reports to the public cloud. When malware is submitted to the WildFire public cloud, the public cloud generates a new malware report for the sample.
    To enable the WildFire appliance to automatically submit malware reports to the WildFire public cloud (and not the malware sample), execute the following CLI command on the WildFire appliance:
    admin@WF-500#
    set deviceconfig setting wildfire cloud-intelligence submit-report yes
  • Verify Cloud Intelligence Settings
    Check to confirm that cloud intelligence is enabled to either submit malware or submit malware reports to the WildFire public cloud by running the following command:
    admin@WF-500>
    show wildfire status
    Refer to the
    Submit sample
    and
    Submitreport
    fields.

Recommended For You