Network Security
Configure a WildFire Analysis Profile (Strata Cloud Manager)
Table of Contents
Expand All
|
Collapse All
Network Security Docs
Configure a WildFire Analysis Profile (Strata Cloud Manager)
Use a WildFire Analysis profile to specify for WildFire file analysis to be performed
locally on the WF-500 appliance or in the WildFire cloud.
Follow these steps to configure a WildFire analysis and get started with Advanced
WildFire™ analysis in your network deployment. You can set up a configuration to
automatically forward unknown files to the Advanced WildFire public cloud or a
WildFire private cloud, and you can also manually submit files for analysis using
the Advanced WildFire portal. Samples submitted for analysis receive a verdict of
benign, grayware, malicious, or phishing, and a detailed analysis report is
generated for each sample.
- Go to ManageConfigurationNGFW and Prisma AccessSecurity ServicesWildfire and Antivirus.Add Profile.Give your profile a Name that tells other administrators what it does.Give a Description of the purpose of this profile for easy reference and reuse later.Save your configuration.A WildFire Analysis profile is only active when it’s included in a profile group that a Security policy rule references. Follow the steps to activate a WildFire Analysis profile (and any Security profile).Once you've saved your initial configuration, consider carrying out these tasks:
- Forward Files for Advanced WildFire
AnalysisForward unknown files or email links and blocked files that match existing antivirus signatures for analysis. Use the WildFire Analysis profile to define files to forward to one of the Advanced WildFire public cloud options and then attach the profile to a security rule to trigger inspection for zero-day malware.
- Forward Decrypted SSL Traffic for
Advanced WildFire AnalysisTraffic that your configuration decrypts is evaluated against Security rules; if it matches the WildFire Analysis profile attached to the security rule, the decrypted traffic is forwarded for analysis before the firewall re-encrypts it.
- Enable Advanced WildFire Inline
MLPrevent malicious variants of Portable Executables and PowerShell scripts from entering your network in real-time using machine learning (ML) based analytics on the firewall dataplane. By utilizing WildFire® Cloud analysis technology on your security platform, Advanced WildFire Inline ML dynamically detects malicious files of a specific type by evaluating various file details, including decoder fields and patterns, to formulate a high probability classification of a file.
- Manually Upload Files to the WildFire
PortalAll Palo Alto Networks customers with a support account can use the Palo Alto Networks WildFire portal to manually submit up to five samples a day for analysis.