>
    Strata Copilot
    WildFire Insights: All Submissions
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Cloud Manager
    3. Strata Cloud Manager Getting Started
    4. Insights: Strata Cloud Manager
    5. Insights: WildFire
    6. WildFire Insights: All Submissions
    Download PDF
    Strata Cloud Manager

    WildFire Insights: All Submissions

    Table of Contents

    WildFire Insights: All Submissions

    The Activity Insights: WildFire dashboard provides a list of all submitted samples to Advanced WildFire from selected sources and associated details from the All Submissions widget.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Panorama or Strata Cloud Manager)
    • NGFW, including those funded by Software NGFW Credits
    Each of these licenses include access to Strata Cloud Manager:
    The other licenses and prerequisites needed for visibility are:
    • A role that has permission to view the dashboard
    • Advanced WildFire (active subscription attached with NGFW and/or Prisma Access)
    • (Optional) Strata Logging Service (provides enhanced Insights: WildFire functionality)
    → The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are using.
    • Click Strata Cloud ManagerInsightsWildFire to view the dashboard.
    View a list of all submitted samples to Advanced WildFire from your selected sources and the details for those samples. This is available to all Advanced WildFire users, including those without an SLS (Strata Logging Service) license, which enables you to ingest, store, and forward log data from multiple Palo Alto Networks products. There are several workflow and option availability differences, depending on whether you have an SLS license or not:
    Strata Logging Service License PresentNo Strata Logging Service License
    • The All Submissions widget is not directly shown on the Insights: WildFire dashboard. You can access it by selecting All Submissions from the Recent Submissions widget.
    • A Threat Search option is available from the Actions column.
    • Breadcrumbs indicating the parent WildFire dashboard page is displayed next to the widget name.
    • The Wildfire - All Submissions is the default view upon entering the dashboard - no other options are available.
    • Threat Search is not available in the Actions column.
    You can customize the columns to display an expanded list of attributes compared to the Recent Submissions widget:
    • Timestamp—The exact date and time the sample was analyzed by the Advanced WildFire cloud.
    • Filename or URL—Specifies the type of file that the firewall forwarded for Advanced WildFire analysis. This can include the specific web address where the file was hosted.
    • File Type—Displays the threat vector by file type, as supported by Advanced WildFire.
    • Verdict—The WildFire verdict of the sample, as determined after static and/or dynamic analysis of the sample is completed.
      • Benign—Indicates that the entry received a WildFire analysis verdict of benign. Files categorized as benign are safe and do not exhibit malicious behavior.
      • Grayware— Indicates that the entry received a WildFire analysis verdict of grayware. Files categorized as grayware do not pose a direct security threat, but might display otherwise obtrusive behavior. Grayware can include, adware, spyware, and Browser Helper Objects (BHOs).
      • Phishing—Indicates that WildFire assigned a link an analysis verdict of phishing. A phishing verdict indicates that the site to which the link directs users displayed credential phishing activity.
      • Malicious—Indicates that the entry received a WildFire analysis verdict of malicious. Samples categorized as malicious are can pose a security threat. Malware can include viruses, C2 (command-and-control), worms, Trojans, Remote Access Tools (RATs), rootkits, and botnets. For samples that are identified as malware, the WildFire cloud generates and distributes a signature to prevent against future exposure.
    • First Seen—If the Advanced WildFire system has analyzed the file previously, this is the date/time that it was first observed.
    • File Hash (SHA1)—A unique digital fingerprint of the file (SHA-1).
    • File Hash (SHA256)—A unique digital fingerprint of the file (SHA-256).
    • Source IP—The IP address of the device that initiated the file transfer.
    • Destination IP—Original session destination IP address.
    • Actions—Describes the actions you can take related to the selected WildFire submission.
      • View Details—(Requires Strata Logging Service) Performs a Threat Search (also referred to as an IOC Search) on the selected WildFire submission.
      • Download Sample—Download the sample file to your local system.
      • Download PDF Report—Exports and downloads the Advanced WildFire analysis report to your local system in the PDF format.
      • Download MAEC Report—Exports and downloads the Advanced WildFire analysis report to your local system in the MAEC format.
      • Download PCAP Report—PCAPs generated during Advanced WildFire analysis are downloaded to your local system.
      • Copy the File Hash String—Copies the hash of the file to your system clipboard.
      • Report Incorrect Verdict—Verdicts that you suspect are either false positives or false negatives can be submitted to the Palo Alto Networks threat team for additional analysis. The threat team will perform further analysis on the sample to determine if it should be reclassified. If a malware sample is determined to be safe, the signature for the file is disabled in an upcoming antivirus signature update or if a benign file is determined to be malicious, a new signature is generated. After the investigation is complete, you will receive an email describing the action that was taken. You must provide the following details: the recommended verdict, your email address, and any additional comments related to the request.

    © 2026 Palo Alto Networks, Inc. All rights reserved.