WildFire Submissions Logs
The firewall forwards samples (files and emails links) to the WildFire cloud for analysis based on WildFire Analysis profiles settings (ObjectsSecurity ProfilesWildFire Analysis). The firewall generates WildFire Submissions log entries for each sample it forwards after WildFire completes static and dynamic analysis of the sample. WildFire Submissions log entries include the firewall Action for the sample (allow or block), the WildFire verdict for the submitted sample, and the severity level of the sample.
The following table summarizes the WildFire verdicts:
Indicates that the entry received a WildFire analysis verdict of benign. Files categorized as benign are safe and do not exhibit malicious behavior.
Indicates that the entry received a WildFire analysis verdict of grayware. Files categorized as grayware do not pose a direct security threat, but might display otherwise obtrusive behavior. Grayware can include, adware, spyware, and Browser Helper Objects (BHOs).
Indicates that WildFire assigned a link an analysis verdict of phishing. A phishing verdict indicates that the site to which the link directs users displayed credential phishing activity.
Indicates that the entry received a WildFire analysis verdict of malicious. Samples categorized as malicious are can pose a security threat. Malware can include viruses, worms, Trojans, Remote Access Tools (RATs), rootkits, and botnets. For samples that are identified as malware, the WildFire cloud generates and distributes a signature to prevent against future exposure.
Monitor WildFire Submissions and Analysis Reports
Monitor WildFire Submissions and Analysis Reports Samples that firewalls submit for WildFire analysis are displayed as entries in the WildFire Submissions log on the firewall ...
Verify File Forwarding
Verify File Forwarding After the firewall is set up to Forward Files for WildFire Analysis , use the following options to verify the connection between ...
About WildFire Logs and Reporting
About WildFire Logs and Reporting You can Monitor WildFire Activity on the firewall, with the WildFire portal, or with the WildFire API. For each sample ...
Enable Basic WildFire Forwarding
Enable Basic WildFire Forwarding WildFire is a cloud-based virtual environment that analyzes and executes unknown samples (files and email links) and determines the samples to ...
Verdicts When WildFire analyzes a previously unknown sample in the Palo Alto Networks-hosted WildFire global cloud or a locally-hosted WildFire private cloud, a verdict is ...
Monitor WildFire Activity
Monitor WildFire Activity Depending on your WildFire™ deployment—public, private, or hybrid—you can view samples submitted to WildFire and analysis results for each sample using the ...
Submit Files for WildFire Analysis
Submit Files for WildFire Analysis The following topics describe how to submit files for WildFire™ analysis. You can set up Palo Alto Networks firewalls to ...
Use the Firewall to Monitor Malware
Use the Firewall to Monitor Malware Samples forwarded by the firewall are added as entries to the WildFire Submissions logs. A detailed WildFire analysis report ...
Email Link Analysis
Email Link Analysis A Palo Alto Networks firewall can extract HTTP/HTTPS links contained in SMTP and POP3 email messages and forward the links for WildFire ...