End-of-Life (EoL)
Review WildFire Logs
In addition to the Threat logs, use the victim IP address
to filter though the WildFire Submissions logs. The WildFire Submissions
logs contain information on files uploaded to the WildFire service
for analysis. Because spyware typically embeds itself covertly,
reviewing the WildFire Submissions logs tells you whether the victim
recently downloaded a suspicious file. The WildFire forensics report
displays information on the URL from which the file or .exe was
obtained, and the behavior of the content. It informs you if the
file is malicious, if it modified registry keys, read/wrote into
files, created new files, opened network communication channels,
caused application crashes, spawned processes, downloaded files,
or exhibited other malicious behavior. Use this information to determine
whether to block the application that caused the infection (web-browsing,
SMTP, FTP), make more stringent URL Filtering rules, or restrict some
applications/actions (for example, file downloads to specific user
groups).
Access to the WildFire logs from Panorama
requires the following: a WildFire subscription, a File Blocking
profile that is attached to a Security rule, and Threat log forwarding
to Panorama.
If Panorama will manage firewalls running software
versions earlier than PAN-OS 7.0, specify a WildFire server from
which Panorama can gather analysis information for WildFire samples
that those firewalls submit. Panorama uses the information to complete
WildFire Submissions logs that are missing field values introduced
in PAN-OS 7.0. Firewalls running earlier releases won’t populate
those fields. To specify the server, select ,
edit the General Settings, and enter the
Panorama
Setup
WildFire
WildFire Private
Cloud
name. The default is wildfire-public-cloud
,
which is the WildFire cloud hosted in the United States.If WildFire determines that a file is malicious, a new antivirus
signature is created within 24-48 hours and made available to you.
If you have a WildFire subscription, the signature is made available
within 30-60 minutes as part of the next WildFire signature update.
As soon as the Palo Alto Networks next-generation firewall has received
a signature for it, if your configuration is configured to block
malware, the file will be blocked and the information on the blocked
file will be visible in your threat logs. This process is tightly integrated
to protect you from this threat and stems the spread of malware
on your network.
Recommended For You
Recommended Videos
Recommended videos not found.