|
|
|
![]() |
|
|
![]() |
![]() ![]() ![]() |
|
![]() |
![]() |
|
|
|
|
|
|
|
Document:WildFire® Administrator’s Guide
Forward Files for WildFire Analysis
Last Updated:
Wed May 06 13:22:31 PDT 2020
Table of Contents
Search the Table of Contents
-
- About the WF-500 Appliance
- Configure the WF-500 Appliance
- Set Up the WF-500 Appliance VM Interface
- Virtual Machine Interface Overview
- Configure the VM Interface on the WF-500 Appliance
- Connect the Firewall to the WF-500 Appliance VM Interface
- Enable WF-500 Appliance Analysis Features
- Set Up WF-500 Appliance Content Updates
- Enable Local Signature and URL Category Generation
- Submit Locally-Discovered Malware or Reports to the WildFire Public Cloud
- Upgrade a WF-500 Appliance
-
- WildFire Best Practices
- Forward Files for WildFire Analysis
- Forward Decrypted SSL Traffic for WildFire Analysis
- Verify WildFire Submissions
- Test a Sample Malware File
- Verify File Forwarding
- Manually Upload Files to the WildFire Portal
- Submit Malware or Reports from the WF-500 Appliance
- Firewall File Forwarding Capacity by Platform
-
- About WildFire Logs and Reporting
- Use the Firewall to Monitor Malware
- Configure WildFire Submissions Log Settings
- Monitor WildFire Submissions and Analysis Reports
- Set Up Alerts for Malware
- Use the WildFire Portal to Monitor Malware
- Configure WildFire Portal Settings
- Add WildFire Portal Users
- View Reports on the WildFire Portal
- WildFire Analysis Reports—Close Up
- WildFire Example
- Use the WildFire API
-
- WF-500 Appliance Software CLI Concepts
- WF-500 Appliance Software CLI Structure
- WF-500 Appliance Software CLI Command Conventions
- WF-500 Appliance CLI Command Messages
- WF-500 Appliance Command Option Symbols
- WF-500 Appliance Privilege Levels
- WildFire CLI Command Modes
- WF-500 Appliance CLI Configuration Mode
- WF-500 Appliance CLI Operational Mode
- Access the WF-500 Appliance CLI
- Use the WF-500 Appliance CLI
- Access WF-500 Appliance Operational and Configuration Modes
- Display WF-500 Appliance Software CLI Command Options
- Restrict WF-500 Appliance CLI Command Output
- Set the Output Format for WF-500 Appliance Configuration Commands
- WF-500 Appliance Configuration Mode Command Reference
- set deviceconfig setting wildfire
- set deviceconfig system update-schedule
- set deviceconfig system vm-interface
- WF-500 Appliance Operational Mode Command Reference
- create wildfire api-key
- delete wildfire api-key
- delete wildfire-metadata
- edit wildfire api-key
- load wildfire api-key
- request system raid
- request system wildfire-vm-image
- request wf-content
- save wildfire api-key
- set wildfire portal-admin
- show system raid
- show wildfire
- test wildfire registration
Configure Palo Alto Networks firewalls to forward unknown files or email links for analysis. Use the
WildFire Analysis
profile to define files to forward to the WildFire cloud (use the public cloud or a private cloud), and then attach the profile to a security rule to trigger inspection for zero-day malware.
Specify traffic to be forwarded for analysis based on the application in use, the file type detected, links contained in email messages, or the transmission direction of the sample (upload, download, or both). For example, you can set up the firewall to forward Portable Executables (PEs) or any files that users attempt to download during a web-browsing session.
If you are using a WF-500 appliance to host a WildFire private cloud, you can extend WildFire analysis resources to a
WildFire Hybrid Cloud , by configuring the firewall to continue to forward sensitive files to your WildFire private cloud for local analysis, and forward less sensitive or unsupported file types to the WildFire public cloud.