Configure a WildFire Analysis Data Pattern

The predefined data pattern service in Prisma SaaS uses WildFire analysis to detect known and unknown malware by file type. By default, Prisma SaaS automatically submits Windows executables, Microsoft Office files, and Portable Document Format (PDF) files to the WildFire service for analysis, classification and reporting as follows:
  • WildFire reports the file information, including the hash, file, type, and size.
  • WildFire static analysis leverages the machine learning capabilities of WildFire to display samples that contain characteristics of known malware.
  • WildFire Dynamic Analysis displays the details about the malicious host and network activity the file exhibited in the different WildFire sandbox environments.
You can configure the WildFire match criteria to select the cloud apps to scan and exposure settings in policy rules. For assets that match the WildFire analysis rule, you can Use the WildFire Report to Track Down Threats.
  1. Enable or disable the WildFire analysis data pattern.
    By default, the WildFire analysis data pattern is always enabled. You can disable a WildFire analysis data pattern in Settings.
    1. Select
      Settings
      WildFire Analysis
      .
    2. Enable the data pattern by clicking the on/off toggle.
    3. Select the
      Files to Submit
      , such as
      Windows executables
      ,
      Microsoft Office files
      , and
      Portable Document Format (PDF) files
      .
    4. Save
      your setting.
    wildfire-analysis-data-pattern-toggle.png

Related Documentation