Monitor WildFire Submissions and Analysis Reports
Samples that firewalls submit for WildFire analysis are displayed as entries in the WildFire Submissions log on the firewall web interface. For each WildFire entry, you can open an expanded log view which displays log details and the WildFire analysis report for the sample.
- Forward Files for WildFire Analysis.
- Configure WildFire Submissions Log Settings.
- To view samples submitted by a firewall to a WildFire
public, private, or hybrid cloud, select MonitorLogsWildFire Submissions.
When WildFire analysis of a sample is complete, the results are
sent back to the firewall that submitted the sample and are accessible
in the WildFire Submissions logs. The submission logs include details
about a given sample, including the following information:
- The Verdict column indicates whether the sample is benign, malicious, phishing, or grayware.
- The Action column indicates whether the firewall allowed or blocked the sample.
- The Severity column indicates how much of a threat a sample poses to an organization using the following values: critical, high, medium, low, and informational.The values for the following severity levels are determined by a combination of verdict and action values.
- Low—Grayware samples with the action set to allow.
- High—Malicious samples with the action set to allow.
- Benign samples with the action set to allow.
- Samples with any verdict with the action set to block.
- For any entry, select the Log Details icon to open a
detailed log view for each entry:The detailed log view displays Log Info and the WildFire Analysis Report for the entry. If the firewall has packet captures (PCAPs) enabled, the sample PCAPs are also displayed.For all samples, the WildFire analysis report displays file and session details. For malware samples, the WildFire analysis report is extended to include details on the file attributes and behavior that indicated the file was malicious.
- (Optional) Download PDF of the WildFire Analysis Report.
About WildFire Logs and Reporting
About WildFire Logs and Reporting You can Monitor WildFire Activity on the firewall, with the WildFire portal, or with the WildFire API. For each sample ...
Monitor WildFire Activity
Monitor WildFire Activity Depending on your WildFire™ deployment—public, private, or hybrid—you can view samples submitted to WildFire and analysis results for each sample using the ...
Verify File Forwarding
Verify File Forwarding After the firewall is set up to Forward Files for WildFire Analysis , use the following options to verify the connection between ...
Submit Files for WildFire Analysis
Submit Files for WildFire Analysis The following topics describe how to submit files for WildFire™ analysis. You can set up Palo Alto Networks firewalls to ...
WildFire Submissions Logs
WildFire Submissions Logs The firewall forwards samples (files and emails links) to the WildFire cloud for analysis based on WildFire Analysis profiles settings ( Objects ...
Use the Firewall to Monitor Malware
Use the Firewall to Monitor Malware Samples forwarded by the firewall are added as entries to the WildFire Submissions logs. A detailed WildFire analysis report ...
Forward Files for WildFire Analysis
Forward Files for WildFire Analysis Configure Palo Alto Networks firewalls to forward unknown files or email links and blocked files that match existing antivirus signatures ...
Samples Samples are all file types and email links submitted for WildFire analysis from the firewall and the public API. See File Analysis and Email ...
Verdict Checks with the WildFire Global Cloud
Verdict Checks with the WildFire Global Cloud The WildFire appliance can now leverage WildFire global cloud intelligence to deliver quick verdicts for known samples. This ...