WildFire

• WildFire public cloud—The WildFire Virtual Environment analyzes and identifies previously unknown malware and generates signatures that Palo Alto Networks firewalls and Palo Alto Networks Endpoint Security Managers can use to detect and block the malware. When Traps detects an unknown sample (an executable file or macro), the Endpoint Security Manager can automatically forward the sample for WildFire analysis.

• WildFire private cloud—A WildFire private cloud enables you to analyze unknown executable files discovered on Windows endpoints in a local sandbox. To deploy a WildFire private cloud, you must install a local WF-500 appliance.
  The local WF-500 appliance is ideal for deployments with privacy and legal regulations that restrict the transfer of files outside your network. The WildFire-500 appliance queries the WildFire public cloud to obtain the verdict and, if unknown, analyzes the executable file in the local sandbox. By default, the WF-500 appliance does not send discovered malware outside your network, however, you can choose to automatically forward malware to the WildFire public cloud to generate and distribute signatures to all Palo Alto Networks firewalls with Threat Prevention and WildFire licenses. Otherwise, the WF-500 appliance only forwards the malware report (and not the sample itself) to the WildFire public cloud.

If WildFire integration is enabled in the ESM Console, the Status page of the Traps Console displays a

next to Forensic Data Collection. If WildFire is not enabled, the Traps Console displays an

next to Forensic Data Collection.