WildFire is a cloud-based virtual environment
that analyzes and executes unknown samples (files and email links)
and determines the samples to be malicious, phishing, grayware,
or benign. With WildFire enabled, a Palo Alto Networks firewall
can forward unknown samples to WildFire for analysis. For newly-discovered
malware, WildFire generates a signature to detect the malware and
distributes it to all firewalls with active WildFire subscription
within minutes. This enables all Palo Alto next-generation firewalls worldwide
to detect and prevent malware found by a single firewall. Malware
signatures often match multiple variants of the same malware family,
and as such, block new malware variants that the firewall has never
seen before. The Palo Alto Networks threat research team uses the
threat intelligence gathered from malware variants to block malicious
IP addresses, domains, and URLs.
A basic WildFire service
is included as part of the Palo Alto Networks next-generation firewall
and does not require a WildFire subscription. With the basic WildFire
service, you can enable the firewall to forward portable executable
(PE) files. Additionally, if you do not have a WildFire subscription,
but you do have a Threat Prevention subscription, you can receive signatures
for malware WildFire identifies every 24- 48 hours (as part of the
Antivirus updates).
Get the latest WildFire
signatures within a minute of availability—new signatures are released
every five minutes.
Forward advanced file types and email links for analysis.
Use the WildFire API.
Use a WildFire appliance to host a WildFire private cloud
or a WildFire hybrid cloud.
If you have a WildFire
subscription, go ahead and
get started with WildFire to
get the most out of your subscription. Otherwise, take the following
steps to enable basic WildFire forwarding: