If you enabled WildFire forwarding on your firewall,
the firewall now submits blocked files that match antivirus signatures
for WildFire analysis, in addition to unknown files. This allows
WildFire to extract valuable information from new malware variants.
Malware signatures often match multiple variants of the same malware
family, and as such, block new malware variants that the firewall
has never seen before. Sending these blocked malware samples for
WildFire analysis allows WildFire to analyze them for additional
URLs, domain names, and IP addresses that must be blocked. Since
all WildFire analysis data is also available on AutoFocus, you can
now use WildFire and AutoFocus to get a more complete perspective
of all threats targeting your network, including blocked threats;
this improves the efficacy of your security operations, incident
response, and threat analysis.
Because blocked files are now forwarded to WildFire for analysis,
you now have visibility into files that the firewall has successfully
blocked. On the firewall, you can now view WildFire Submissions
log details for blocked files, which include the threat log entry
for a file and the threat ID matched to a file (for more information,
refer to Globally Unique Threat IDs).
Both the firewall and the WildFire portal also provide access to
the WildFire analysis report for a blocked file so you can learn
about its behavior when it executed in a WildFire analysis environment.
The firewall forwards blocked files to the WildFire public cloud
based on your existing WildFire forwarding settings (
). The firewall
doesn’t forward files that are blocked based on your file blocking settings.