Learn how to use the WildFire report on SaaS Security
API to investigate potentially malicious threats on your network.
SaaS Security API leverages the WildFire service
to detect known and unknown malware by file type. The WildFire service and
AutoFocus threat intelligence service together provide more
visibility into security risks; however, if your SOC team does not currently
have an AutoFocus subscription, use the WildFire Report on SaaS
Security API to track down threats. Before SaaS Security API can
display a WildFire Report, you must configure WildFire
analysis on SaaS Security API.
If an asset in one of
your monitored SaaS applications matches the
WildFire identifies the asset as malicious. SaaS Security API reports
this information in a WildFire Report, which includes:
—file information, including the
hash, file, type, and size.
WildFire static analysis
—results of machine learning
capabilities of WildFire to display samples that contain characteristics of
WildFire dynamic analysis
—details about the malicious
host and network activity the file exhibited in the different WildFire sandbox
WildFire Report displays only for assets with a WildFire
Analysis rule violation.
Review the WildFire Report to get context into the malware
Download the report in XML or PDF format. This report contains
the following sections:
—Displays details about
the file, including the hash (SHA256), file type, and size. Additionally:
Report Incorrect Verdict
—If you disagree
with a WildFire verdict, send the WildFire team a request for further analysis.
You will receive an email notification directly from the WildFire
team with the results. If applicable, the verdict will be updated
on WildFire. However, the SaaS Security web interface does not currently
reflect such verdict updates. Contact SaaS Security Technical Support
to manually refresh the verdict in the SaaS Security web interface
pending an integration to automatically refresh verdict updates.
—Displays a link to
malware analysis. If the malware has never been discovered before,
file not found
—Leverages the machine
learning capabilities of WildFire to display samples that contain
characteristics of known malware.