Set Up Alerts for Malware
You can configure a Palo Alto Networks firewall
to send an alert when WildFire identifies a malicious or phishing
sample. You can configure alerts for benign and grayware files as
well, but not for benign and grayware email links. This example
describes how to configure an email alert; however, you could also
configure log forwarding to set
up alerts to be delivered as syslog messages, SNMP traps, or Panorama alerts.
- Configure an email server profile.
- Select .
- ClickAddand then enter aNamefor the profile. For example, WildFire-Email-Profile.
- (Optional) Select the virtual system to which this profile applies from theLocationdrop-down.
- ClickAddto add a new email server entry and enter the information required to connect to the Simple Mail Transport Protocol (SMTP) server and send email (up to four email servers can be added to the profile):
- Server—Name to identify the mail server (1-31 characters). This field is just a label and does not have to be the host name of an existing SMTP server.
- Display Name—The name to show in the From field of the email.
- From—The email address where notification emails are sent from.
- To—The email address to which notification emails are sent.
- Additional Recipient(s)—Enter an email address to send notifications to a second recipient.
- Gateway—The IP address or host name of the SMTP gateway to use to send the emails.
- ClickOKto save the server profile.
- ClickCommitto save the changes to the running configuration.
- Test the email server profile.
- Select .
- ClickAddand select the new email profile from theEmail Profiledrop-down.
- Click theSend testemail button and a test email should be sent to the recipients defined in the email profile.
- Configure a log forwarding profile, to enable WildFire logs to be forwarded to Panorama, an email account, SNMP, and/or a syslog server.In this example you will set up email logs for when a sample is determined to be malicious. You can also enable Benign and Grayware logs to be forwarded, which will produce more activity if you are testing.The firewall does not forward WildFire logs for blocked files to an email account.
- Select .
- Addand name the profile, for example, WildFire-Log-Forwarding.
- InWildFire Settings, choose the email profile from the Email column forMaliciousas shown below.
To forward logs to Panorama, select the check boxes under the Panorama column for Benign, Grayware, Phishing and/or Malicious. For SNMP and Syslog, select the drop-down and choose the appropriate profile or clickNewto configure a new profile. - ClickOKto save the changes.
- Add the log forwarding profile to a security policy being used for WildFire forwarding (with a WildFire Analysis profile attached).The WildFire Analysis profile defines the traffic that the firewall forwards for WildFire analysis. To set up a WildFire analysis profile and attach it to a security policy rule, see Forward Files for WildFire Analysis.
- Select and click on the policy that is used for WildFire forwarding.
- In theActionstabLog Settingsection, select theLog Forwardingprofile you configured.
- ClickOKto save the changes and thenCommitthe configuration.
