End-of-Life (EoL)
Enable the following options for WildFire Submissions logs:
Enable Logging for Benign and Grayware Samples
Logging for benign and grayware samples is disabled by default. Email links that receive benign or grayware verdicts are not logged.
Enable Logging for Benign and Grayware Samples
Select Device > Setup > WildFire, edit General Settings.
Select Report Benign Files and/or Report Grayware Files and click OK to save the settings.
Include Email Header Information in WildFire Logs and Reports
Use the following steps to include email header information—email sender, recipient(s), and subject—in WildFire logs and reports.
Session information is forwarded to the WildFire cloud along with the sample, and used to generate the WildFire analysis report. Neither the firewall nor the WildFire cloud receive, store, or view actual email contents.
Session information can help you to quickly track down and remediate threats detected in email attachments or links, including how to identify recipients who have downloaded or accessed malicious content.
Include Email Header Information in WildFire Logs and Reports
Select Device > Setup > WildFire.
Edit the Session Information Settings section and enable one or more of the options ( Email sender, Email recipient, and Email subject).
Click OK to save.
Include User-ID Information in WildFire Logs and Reports
Enable the firewall to match User-ID information with email header information, so that the User-ID for the recipient of a malicious email attachment or link is identified for a WildFire entry.
Include User-ID Information in WildFire Logs and Reports
Select Device > User Identification > Group Mapping Settings.
Select the desired group mapping profile to modify it.
In the Server Profile tab in the Mail Domains section, populate the Domain List field: Mail Attributes —This field is automatically populated after you fill in the Domain List field and click OK. The attributes are based on your LDAP server type (Sun/RFC, Active Directory, and Novell). Domain List —Enter the list of email domains in your organization using a comma separated list up to 256 characters. When email header information is matched to a User-ID, the Recipient User-ID field in the Email Headers section of the detailed log view will link to a filtered ACC for that user or user group.

Recommended For You