End-of-Life (EoL)
Description
Shows various information about the WF-500 appliance, such as available API keys, registration information, activity, recent samples that the appliance analyzed, and the virtual machine that is selected to perform analysis.
Hierarchy Location
show wildfire
Syntax
api-keys
all {
details;
}
key <value>;
}
last-device-registration all |
latest {
analysis {
filter malicious|benign;
sort-by SHA256|Submit Time|Start Time|Finish Time|Malicious|Status;
sort-direction asc|desc;
limit 1-20000;
days 1-7;
}
OR...
samples {
filter malicious|benign;
sort-by SHA256|Create Time|File Name|File Type|File Size|Malicious|Status;
sort-direction asc|desc;
limit 1-20000;
days 1-7;
}
OR...
sessions {
filter malicious|benign;
sort-by SHA256|Create Time|Src IP|Src Port|Dst Ip|Dst Port|File|Device ID|App|Malicious|Status;
sort-direction asc|desc;
limit 1-20000;
days 1-7;
}
OR...
uploads {
sort-by SHA256|Create Time|Finish Time|Status;
sort-direction asc|desc;
limit 1-20000;
days 1-7;
}
sample-status {
sha256 {
equal <value>;
}
}
statistics days <1-31>;
status |
vm-images |
}
Options
admin@WF-500> show wildfire
> api-keys — Show details about the API keys generated on the WF-500 appliance. You can view the last time the key was used, the key name, status (Enabled or Disabled), and the date/time the key was generated.
> last-device-registration — Show list of latest registration activities.
> latest — Show latest 30 activities, which include the last 30 analysis activities, the last 30 files that were analyzed, network session information on files that were analyzed and files that were uploaded to the public cloud server.
> sample-status — Show wildfire sample status. Enter the SHA or MD5 value of the file to view the current analysis status.
> statistics — Display basic wildfire statistics.
> status — Display the status of the appliance as well as configuration information such as the Virtual Machine (VM) used for sample analysis, whether or not samples/reports are sent to the cloud, vm network, and registration information.
> vm-images — Display the attributes of the available virtual machine images used for sample analysis. To view the current active image, run the following command: admin@WF-500> show wildfire status and view the Select VM field .
Sample Output
The following shows the output for this command.
admin@WF-500> show wildfire api-keys all
+------------------------------------------------------------------+-------------| Apikey | Name | Status | Create Time | Last Used Time |
+------------------------------------------------------------------+----------------+
| <API KEY> | my-api-key-stu | Enabled | 2014-06-24 16:38:50 |
| <API KEY> | test-key | Enabled | 2014-06-25 09:05:30 | 2014-06-26 14:49:35 |
+------------------------------------------------------------------+----------------+
admin@WF-500> show wildfire last-device-registration all
+--------------+---------------------+-------------+------------+----------+--------+
| Device ID | Last Registered | Device IP | SW Version | HW Model | Status |
+--------------+---------------------+-------------+------------+----------+--------+
| 001606000114 | 2014-07-31 12:35:53 | 10.43.14.24 | 6.1.0-b14 | PA-200 | OK |
+--------------+---------------------+-------------+------------+----------+--------+
admin@WF-500> show wildfire latest
> analysis Show latest 30 analysis
> samples Show latest 30 samples
> sessions Show latest 30 sessions
> uploads Show latest 30 uploads
admin@WF-500> show wildfire sample-status sha256 equal 809bad2d3fbdf1c18ef47ba9c5a0feca691103f094bc8d7e0cbed480870fd78c
Sample information:
+---------------------+---------------------------------------------------------------
| Create Time | File Name | File Type | File Size | Malicious | Status |
+---------------------+---------------------------------------------------------------
| 2014-08-04 11:49:41 | 25047801_20130919175646000_970x66_Adobe_Marketing_RM_AUTO.swf | Adobe Flash File | 64502 | No | analysis complete |
+---------------------+---------------------------------------------------------------Session information:
+---------------------+---------------+----------+--------------+----------+----------| Create Time | Src IP | Src Port | Dst IP | Dst Port | File | Device ID | App |
Malicious | Status |
| 2014-08-04 11:49:41 | 10.10.10.50 | 80 | 192.168.2.10 | 64108 | 25047801_20130919175646000_970x66_Adobe_Marketing_RM_AUTO.swf | 001606000114 | flash |
No | completed |
Analysis information:
+---------------------+---------------------+---------------------+-----------+-----------------------------------------------------------+-----------+
| Submit Time | Start Time | Finish Time | Malicious | VM Image | Status |
+---------------------+---------------------+---------------------+-----------+-----------------------------------------------------------+-----------+
| 2014-08-04 11:49:41 | 2014-08-04 11:49:41 | 2014-08-04 11:56:52 | No | Windows 7 x64 SP1, Adobe Reader 11, Flash 11, Office 2010 | completed |
+---------------------+---------------------+---------------------+-----------+-----------------------------------------------------------+-----------+
admin@WF-500> show wildfire statistics
Last one hour statistics :
Total sessions submitted : 0
Samples submitted : 0
analyzed : 0
pending : 0
malicious : 0
benign : 0
error : 0
uploaded : 0
Last 24 hours statistics :
Total sessions submitted : 13
Samples submitted : 13
analyzed : 13
pending : 0
malicious : 0
benign : 13
error : 0
uploaded : 0
admin@WF-500> show wildfire status
Connection info:
Wildfire cloud: s1.wildfire.paloaltonetworks.com
Status: Idle
Submit sample: disabled
Submit report: disabled
Selected VM: vm-5
VM internet connection: disabled
VM network using Tor: disabled
Best server: s1.wildfire.paloaltonetworks.com
Device registered: yes
Service route IP address: 10.3.4.99
Signature verification: enable
Server selection: enable
Through a proxy: no
Required Privilege Level
superuser, superreader

Recommended For You