Learn how to use the WildFire report on Prisma SaaS to
investigate potentially malicious threats on your network.
Prisma SaaS leverages the WildFire service
to detect known and unknown malware by file type. The WildFire service and
AutoFocus threat intelligence service together provide more
visibility into security risks; however, if your SOC team does not
currently have an AutoFocus subscription, use the WildFire Report
on Prisma SaaS to track down threats. Before Prisma SaaS can display
a WildFire Report, you must configure WildFire
analysis on Prisma SaaS.
If an asset in one of your
monitored SaaS applications matches the
WildFire identifies the asset as malicious. Prisma SaaS reports
this information in a WildFire Report, which includes:
—file information, including the hash,
file, type, and size.
WildFire static analysis
—results of machine learning capabilities
of WildFire to display samples that contain characteristics of known malware.
WildFire dynamic analysis
—details about the malicious host
and network activity the file exhibited in the different WildFire
WildFire Report displays only for assets with a WildFire
Analysis rule violation.
Review the WildFire Report to get context into the malware
Download the report in XML or PDF format. This report contains
the following sections:
—Displays details about
the file, including the hash (SHA256), file type, and size. Additionally:
Report Incorrect Verdict
—If you disagree
with a WildFire verdict, send Palo Alto Networks a request for further analysis.
You will receive an email notification with analysis results. A
change to a verdict can take up to 2 days. Prisma SaaS receives
daily verdict updates from the WildFire service.
—Displays a link to
malware analysis. If the malware has never been discovered before,
file not found
—Leverages the machine learning
capabilities of WildFire to display samples that contain characteristics
of known malware.