View Blocked Files
- Verify that your firewall can forward files to WildFire.
- View blocked files and their WildFire analysis information.The firewall and the WildFire portal do not generate email alerts for blocked files.On the firewall, select MonitorLogsWildFire Submissions, and choose from the following options:
WildFire submissions prior to PAN-OS 8.0 display with the firewall action alert. Now, for files forwarded to WildFire after upgrading to PAN-OS 8.0, the action displayed is either allow or block. Log entries with the action allow are files that the firewall has allowed to pass through your network. They can be known files that are benign or files allowed by your security policies. Log entries with the action block are files that the firewall has blocked based on antivirus signatures.
- To check whether a file was allowed or blocked by the firewall, view the Action column.
Alternatively, view blocked files on the WildFire portal:
- To view only blocked files in the WildFire Submissions log, construct the filter (action eq block) and click Apply Filter. Refer to the complete workflow for filtering logs.
- To view the WildFire file analysis details for a blocked file, click the spyglass ( ) next to the log entry and view the WildFire Analysis Report tab.
- Log in to the WildFire portal (https://wildfire.paloaltonetworks.com) with your support account credentials.
- On the dashboard, choose one of the following actions:
- Select a Source to view a list of files uploaded to WildFire by a particular source.
- Click Reports to view all files uploaded to WildFire.
- Click report icon to view the WildFire analysis report for a file.
- Under Session Information, view the file Status to
check whether the file was allowed or blocked by the
firewall.The file Status is not available for files uploaded manually to the WildFire portal or with the WildFire API.
- Continue investigating blocked files.
- Use the SHA-256 hash (now provided for a blocked file that match antivirus signatures) to view artifacts associated with a blocked file in AutoFocus or VirusTotal.
- Use Globally Unique Threat IDs, found in the log entry for a blocked file, to search Threat Vault for the name of the signature that blocked the file.
WildFire Analysis of Blocked Files
WildFire Analysis of Blocked Files If you enabled WildFire forwarding on your firewall, the firewall now submits blocked files that match antivirus signatures for WildFire ...
About WildFire Logs and Reporting
About WildFire Logs and Reporting You can Monitor WildFire Activity on the firewall, with the WildFire portal, or with the WildFire API. For each sample ...
WildFire Changes PAN-OS® 8.0 has the following changes in default behavior for WildFire® features: Feature Change Logging If you previously enabled WildFire forwarding on your ...
Monitor WildFire Submissions and Analysis Reports
Monitor WildFire Submissions and Analysis Reports Samples that firewalls submit for WildFire analysis are displayed as entries in the WildFire Submissions log on the firewall ...
Verify File Forwarding
Verify File Forwarding After the firewall is set up to Forward Files for WildFire Analysis , use the following options to verify the connection between ...
Review WildFire Logs
Review WildFire Logs In addition to the Threat logs, use the victim IP address to filter though the WildFire Submissions logs. The WildFire Submissions logs ...
Enable Basic WildFire Forwarding
Enable Basic WildFire Forwarding WildFire is a cloud-based virtual environment that analyzes and executes unknown samples (files and email links) and determines the samples to ...
Forward Files for WildFire Analysis
Forward Files for WildFire Analysis Configure Palo Alto Networks firewalls to forward unknown files or email links and blocked files that match existing antivirus signatures ...
Get Started with WildFire
Get Started with WildFire The following steps provide a quick workflow to get started with WildFire™. If you’d like to learn more about WildFire before ...