The WildFire
Virtual Environment
identifies previously unknown malware and generates signatures that Palo Alto Networks firewalls can use to then detect and block the malware. When a Palo Alto Networks firewall detects an unknown sample (a file or a link included in an email), the firewall can automatically forward the sample for WildFire analysis. Based on the properties, behaviors, and activities the sample displays when analyzed and executed in the WildFire sandbox, WildFire determines the sample to be benign, grayware, or malicious. WildFire then generates signatures to recognize the newly-discovered malware, and makes the latest signatures globally available every five minutes. All Palo Alto Networks firewalls can then compare incoming samples against these signatures to automatically block the malware first detected by a single firewall.
Document:WildFire® Administrator’s Guide
About WildFire
Last Updated:
Wed May 06 13:22:31 PDT 2020
Table of Contents
Search the Table of Contents
-
- About the WF-500 Appliance
- Configure the WF-500 Appliance
- Set Up the WF-500 Appliance VM Interface
- Virtual Machine Interface Overview
- Configure the VM Interface on the WF-500 Appliance
- Connect the Firewall to the WF-500 Appliance VM Interface
- Enable WF-500 Appliance Analysis Features
- Set Up WF-500 Appliance Content Updates
- Enable Local Signature and URL Category Generation
- Submit Locally-Discovered Malware or Reports to the WildFire Public Cloud
- Upgrade a WF-500 Appliance
-
- WildFire Best Practices
- Forward Files for WildFire Analysis
- Forward Decrypted SSL Traffic for WildFire Analysis
- Verify WildFire Submissions
- Test a Sample Malware File
- Verify File Forwarding
- Manually Upload Files to the WildFire Portal
- Submit Malware or Reports from the WF-500 Appliance
- Firewall File Forwarding Capacity by Platform
-
- About WildFire Logs and Reporting
- Use the Firewall to Monitor Malware
- Configure WildFire Submissions Log Settings
- Monitor WildFire Submissions and Analysis Reports
- Set Up Alerts for Malware
- Use the WildFire Portal to Monitor Malware
- Configure WildFire Portal Settings
- Add WildFire Portal Users
- View Reports on the WildFire Portal
- WildFire Analysis Reports—Close Up
- WildFire Example
- Use the WildFire API
-
- WF-500 Appliance Software CLI Concepts
- WF-500 Appliance Software CLI Structure
- WF-500 Appliance Software CLI Command Conventions
- WF-500 Appliance CLI Command Messages
- WF-500 Appliance Command Option Symbols
- WF-500 Appliance Privilege Levels
- WildFire CLI Command Modes
- WF-500 Appliance CLI Configuration Mode
- WF-500 Appliance CLI Operational Mode
- Access the WF-500 Appliance CLI
- Use the WF-500 Appliance CLI
- Access WF-500 Appliance Operational and Configuration Modes
- Display WF-500 Appliance Software CLI Command Options
- Restrict WF-500 Appliance CLI Command Output
- Set the Output Format for WF-500 Appliance Configuration Commands
- WF-500 Appliance Configuration Mode Command Reference
- set deviceconfig setting wildfire
- set deviceconfig system update-schedule
- set deviceconfig system vm-interface
- WF-500 Appliance Operational Mode Command Reference
- create wildfire api-key
- delete wildfire api-key
- delete wildfire-metadata
- edit wildfire api-key
- load wildfire api-key
- request system raid
- request system wildfire-vm-image
- request wf-content
- save wildfire api-key
- set wildfire portal-admin
- show system raid
- show wildfire
- test wildfire registration
