Review WildFire Logs
In addition to the Threat logs, use the victim IP address
to filter though the WildFire Submissions logs. The WildFire Submissions
logs contain information on files uploaded to the WildFire service
for analysis. Because spyware typically embeds itself covertly,
reviewing the WildFire Submissions logs tells you whether the victim
recently downloaded a suspicious file. The WildFire forensics report
displays information on the URL from which the file or .exe was
obtained, and the behavior of the content. It informs you if the
file is malicious, if it modified registry keys, read/wrote into
files, created new files, opened network communication channels,
caused application crashes, spawned processes, downloaded files,
or exhibited other malicious behavior. Use this information to determine
whether to block the application that caused the infection (web-browsing,
SMTP, FTP), make more stringent URL Filtering rules, or restrict some
applications/actions (for example, file downloads to specific user
groups).
Access to the WildFire logs from Panorama
requires the following: a WildFire subscription, a File Blocking
profile that is attached to a Security rule, and Threat log forwarding
to Panorama.
If Panorama will manage firewalls running software
versions earlier than PAN-OS 7.0, specify a WildFire server from
which Panorama can gather analysis information for WildFire samples
that those firewalls submit. Panorama uses the information to complete
WildFire Submissions logs that are missing field values introduced
in PAN-OS 7.0. Firewalls running earlier releases won’t populate
those fields. To specify the server, select PanoramaSetupWildFire,
edit the General Settings, and enter the WildFire Private
Cloud name. The default is wildfire-public-cloud,
which is the WildFire cloud hosted in the United States.
If WildFire determines that a file is malicious, a new antivirus
signature is created within 24-48 hours and made available to you.
If you have a WildFire subscription, the signature is made available
within 30-60 minutes as part of the next WildFire signature update.
As soon as the Palo Alto Networks next-generation firewall has received
a signature for it, if your configuration is configured to block
malware, the file will be blocked and the information on the blocked
file will be visible in your threat logs. This process is tightly integrated
to protect you from this threat and stems the spread of malware
on your network.
Related Documentation
About WildFire Logs and Reporting
About WildFire Logs and Reporting You can Monitor WildFire Activity on the firewall, with the WildFire portal, or with the WildFire API. For each sample ...
Enable Basic WildFire Forwarding
Enable Basic WildFire Forwarding WildFire is a cloud-based virtual environment that analyzes and executes unknown samples (files and email links) and determines the samples to ...
Forward Files for WildFire Analysis
Forward Files for WildFire Analysis Configure Palo Alto Networks firewalls to forward unknown files or email links and blocked files that match existing antivirus signatures ...
View Blocked Files
View Blocked Files Verify that your firewall can forward files to WildFire. If you have a WildFire license, verify that it is active on the ...
WildFire Features
WildFire Features PAN-OS 8.0.1 is the base image for WF-500 appliances (not PAN-OS 8.0.0). New WildFire Features Description WildFire Appliance Clusters In environments where you ...
About WildFire
About WildFire The WildFire Analysis Environment identifies previously unknown malware and generates signatures that Palo Alto Networks firewalls can use to then detect and block ...
WildFire Analysis of Blocked Files
WildFire Analysis of Blocked Files If you enabled WildFire forwarding on your firewall, the firewall now submits blocked files that match antivirus signatures for WildFire ...
Monitor WildFire Activity
Monitor WildFire Activity Depending on your WildFire™ deployment—public, private, or hybrid—you can view samples submitted to WildFire and analysis results for each sample using the ...