Learn how to use the WildFire report on SaaS Security
API to investigate potentially malicious threats on your network.
SaaS Security API leverages the WildFire service
to detect known and unknown malware by file type. The WildFire service and
AutoFocus threat intelligence service together provide more
visibility into security risks; however, if your SOC team does not
currently have an AutoFocus subscription, use the WildFire Report
on SaaS Security API to track down threats. Before SaaS Security
API can display a WildFire Report, you must configure WildFire
analysis on SaaS Security API.
If an asset in one of
your monitored SaaS applications matches the
WildFire identifies the asset as malicious. SaaS Security API reports this
information in a WildFire Report, which includes:
—file information, including the
hash, file, type, and size.
WildFire static analysis
—results of machine learning
capabilities of WildFire to display samples that contain characteristics
of known malware.
WildFire dynamic analysis
—details about the malicious
host and network activity the file exhibited in the different WildFire
WildFire Report displays only for assets with a WildFire
Analysis rule violation.
Review the WildFire Report to get context into the malware
Download the report in XML or PDF format. This report contains
the following sections:
—Displays details about
the file, including the hash (SHA256), file type, and size. Additionally:
Report Incorrect Verdict
—If you disagree
with a WildFire verdict, send the WildFire team a request for further
analysis. You will receive an email notification directly from the
WildFire team with the results. If applicable, the verdict will
be updated on WildFire. However, the SaaS Security web interface
does not currently reflect such verdict updates. Contact SaaS Security
Technical Support to manually refresh the verdict in the SaaS Security
web interface pending an integration to automatically refresh verdict updates.
—Displays a link to
malware analysis. If the malware has never been discovered before,
file not found
—Leverages the machine
learning capabilities of WildFire to display samples that contain
characteristics of known malware.