For each file, Cortex XDR receives a file verdict and
the WildFire Analysis Report detailing additional information you
can use to assess the nature of a file.
a file verdict and the WildFire Analysis Report.
This report contains the detailed sample information and behavior
analysis in different sandbox environments, leading to the WildFire
verdict. You can use the report to assess whether the file poses
a real threat on an endpoint. The details in the WildFire analysis
report for each event vary depending on the file type and the behavior
of the file.
Drill down into the WildFire Analysis Details.
WildFire analysis details are available for files that
receive a WildFire verdict. The Analysis Reports section includes
the WildFire analysis for each testing environment based on the
observed behavior for the file.
Open the WildFire report.
If you are analyzing an incident, right-click the incident
. From the Key Artifacts
involved in the incident, select the file for which you want to
view the WildFire report and open (
if you are analyzing an alert, right-click the alert and
You can open (
WildFire report of any file included in the alert Causality
XDR displays the preview of WildFire reports that were generated
within the last couple of years only. To view a report that was
generated more than two years ago, you can Download
the WildFire report.
Analyze the WildFire report.
On the left side of the report you can see all the environments
in which the Wildfire service tested the sample. If a file is low
risk and WildFire can easily determine that it is safe, only static
analysis is performed on the file. Select the testing environment
on the left, for example
If you want to download the WildFire report as it was generated
by the WildFire service, click (
report is downloaded in PDF format.
an incorrect verdict to Palo Alto Networks.
If you know the WildFire verdict is incorrect, for example
WildFire assigned a Malware verdict to a file you wrote and know
to be Benign, you can report an incorrect verdict to Palo Alto Networks
to request the verdict change.
Review the report information and verify
the verdict that you are reporting.
verdict to Palo Alto Networks.
Suggest a different
Enter any details that may help us to better understand
why you disagree with the verdict.
Enter an email address to receive an email notification
after Palo Alto Networks completes the additional analysis.
After you enter all the details, click
From this point on, the threat team will perform further
analysis on the sample to determine if it should be reclassified.
If a malware sample is determined to be safe, the signature for
the file is disabled in an upcoming antivirus signature update or
if a benign file is determined to be malicious, a new signature
is generated. After the investigation is complete, you will receive
an email describing the action that was taken.