URL Analysis
Focus
Focus
Advanced WildFire

URL Analysis

Table of Contents

URL Analysis

Where Can I Use This?
What Do I Need?
  • Prisma Access (Cloud Management)
  • Prisma Access (Panorama Managed)
  • NGFW (Cloud Managed)
  • NGFW (PAN-OS or Panorama Managed)
  • VM-Series
  • CN-Series
  • Advanced WildFire License
    For
    Prisma Access
    , this is usually included with your
    Prisma Access
    license.
The Advanced WildFire global cloud (U.S.) and regional clouds can analyze URLs, and by extension, email links, to provide standardized verdicts and reports through the WildFire API. By aggregating threat analysis details from all Palo Alto Networks services, including PAN-DB, Advanced WildFire is able to generate a more accurate verdict and provide consistent URL analysis data.
The URL analyzers operating in the Advanced WildFire global cloud processes URL feeds, correlated URL sources (such as email links), NRD (newly registered domain) lists, PAN-DB content, and manually uploaded URLs, to provide all Advanced WildFire clouds with the improved capabilities, without affecting GDPR compliance. After a URL has been processed, you can retrieve the URL analysis report, which includes the verdict, detection reasons with evidence, screenshots, and analysis data generated for the web request. You can also retrieve web page artifacts (downloaded files and screenshots) seen during URL analysis to further investigate anomalous activity.
No additional configuration is necessary to take advantage of this feature, however, if you want to automatically submit email links for analysis (which are now analyzed through this service), you must Forward Files for Advanced WildFire Analysis.
Verdicts that you suspect are either false positives or false negatives can be submitted to the Palo Alto Networks threat team for additional analysis.

Recommended For You