The basic WildFire service is included as part of the Palo Alto Networks next generation firewall and does not require a WildFire subscription. With the basic WildFire service, the firewall can forward portable executable (PE) files for WildFire analysis, and can retrieve WildFire signatures only with antivirus and/or Threat Prevention updates which are made available every 24-48 hours.
A WildFire subscription unlocks the following WildFire features:
- WildFire Real-Time Updates—(PAN-OS 10.0 and later)The firewall can retrieve WildFire signatures for newly-discovered malware as soon as the WildFire public cloud can generate them. Signatures that are downloaded during a sample check are saved in the firewall cache, and are available for fast (local) look-ups. In addition, to maximize coverage, the firewall also automatically downloads a signature package on a regular basis when real-time signatures is enabled. These supplemental signatures are added to the firewall cache and remain available until they become stale and are refreshed or are overwritten by new signatures. Using real-time WildFire updates is a recommended best practice setting.Selectand enable the firewall to get the latest WildFire signatures in real-time.DeviceDynamic Updates
- WildFire Five-Minute Updates—(All PAN-OS versions)The WildFire public cloud and a WildFire private cloud can generate and distribute WildFire signatures for newly-discovered malware every five minutes, and you can set the firewall to retrieve and install these signatures every minute (this allows the firewall to get the latest signatures within a minute of availability).If you are running PAN-OS 10.0 or later, it is a best practice to use real-time WildFire updates instead of scheduling recurring updates.Selectto enable the firewall to get the latest WildFire signatures. Depending on your WildFire deployment, you can set up one or both of the following signature package updates:DeviceDynamic Updates
- WildFire Inline ML—(PAN-OS 10.0 and later)Prevent malicious variants of portable executables, executable and linked format (ELF) files, and PowerShell scripts from entering your network in real-time using machine learning (ML) on the firewall dataplane. By utilizing WildFire® Cloud analysis technology on the firewall, WildFire Inline ML dynamically detects malicious files of a specific type by evaluating various file details, including decoder fields and patterns, to formulate a high probability classification of a file. This protection extends to currently unknown as well as future variants of threats that match characteristics that Palo Alto Networks identified as malicious. WildFire inline ML complements your existing Antivirus profile protection configuration. Additionally, you can specify file hash exceptions to exclude any false-positives that you encounter, which enables you to create more granular rules in your profiles to support your specific security needs.
- WildFire Advanced File Type Support—In addition to PEs, forward advanced file types for WildFire analysis, including APKs, Flash files, PDFs, Microsoft Office files, Java Applets, Java files (.jar and .class), and HTTP/HTTPS email links contained in SMTP and POP3 email messages. (WildFire private cloud analysis does not support APK, Mac OS X, Linux (ELF), archive (RAR/7-Zip), and script (JS, BAT, VBS, Shell Script, PS1, and HTA) files).
- WildFire API—Access to the
- WildFire Private and Hybrid Cloud Support—Forward Files to a WildFire Appliance(PAN-OS 9.1, 10.0, 10.1, 10.2). WildFire private cloud and WildFire hybrid cloud deployments both require the firewall to be able to submit samples to a WildFire appliance. Enabling a WildFire appliance requires only a support license.
Recommended For You
Recommended videos not found.