Traps Endpoint Security Manager Administrator's Guide
    : Set Up the ESM to Communicate with WildFire
    Focus
    Focus
    1. Home
    2. Traps
    3. Traps Endpoint Security Manager Administrator's Guide
    4. Malware Protection
    5. WildFire Integration
    6. Set Up the ESM to Communicate with WildFire

    Traps Endpoint Security Manager Administrator's Guide

    Set Up the ESM to Communicate with WildFire

    Table of Contents

    Set Up the ESM to Communicate with WildFire

    WildFire integration is enabled by default; however, you must set up the ESM to communicate with WildFire.
    1. From the ESM Console, select SettingsESMWildFire.
    2. Enable WildFire communication settings:
      • Select Allow External Communication with WildFire to enable the ESM to check hashes with WildFire.
      • Select Allow Upload Executable Files to WildFire to enable the ESM to send files to WildFire for analysis. Clearing this upload option enables the ESM Server to check verdicts with WildFire but not send files for analysis.
      • To Use Private Cloud (Requires a WF-500 appliance), see Set Up a Private WildFire Cloud.
    3. In the Unknown Verdicts Recheck Interval (Minutes) field, enter the frequency (in minutes) at which the ESM Server resubmits hashes to WildFire for unknown files. A file can have an unknown verdict if it is the first time an endpoint submits the hash to the server or if WildFire has not, yet, analyzed or finished analyzing the file (range is 0 to 100,000; default is 15; a value of 0 is evaluated as 1).
    4. In the Known Verdicts Recheck Interval (Minutes) field, enter the frequency (in minutes) at which the ESM Server rechecks with WildFire for the value of known benign or malicious hashes (range is 0 to 100,000; default is 720; a value of 0 is evaluated as 1).
    5. In the Upload Retry Interval (Minutes) field, enter the frequency (in minutes) at which the ESM Server attempts to re-upload any files that did not upload to WildFire successfully (range is 0 to 100,000; default is 240; a value of 0 is evaluated as 1).
    6. Enter the WildFire web address (for example, https://wildfire.paloaltonetworks.com) that the ESM will use to check hashes and submit samples. To forward samples to a local WF-500 appliance, see Set Up a Private WildFire Cloud.
      The WildFire API Key is required only for a private WildFire cloud.
    7. By default, the ESM Server submits files up to 100MB to WildFire for analysis. To change the Maximal File Size (MB), enter a value from 1 to 100 MB. Files that exceed the maximum size are not submitted to WildFire either automatically or manually.
    8. Save your changes.

    © 2024 Palo Alto Networks, Inc. All rights reserved.