show wildfire global

Description

Shows various information about global devices and the status of samples, such as available API keys, registration information, sample verdict changes, activity, and recent samples that the appliance analyzed.

Hierarchy Location

show wildfire global

Syntax

api-keys { 
all { 
details; 
} 
key <value>; 
} 
devices-reporting-data; 
last-device-registration { 
all; 
} 
local-verdict-change { 
all; 
sha256 <value>; 
} 
} 
sample-analysis { 
number; 
type; 
} 
} 
sample-status { 
      sha256 { 
        equal <value>; 
} 
} 
signature-status { 
      sha256 { 
        equal <value>; 
} 
} 

Options

> api-keys — Show details about the API keys generated on the WildFire appliance. You can view the last time the key was used, the key name, status (Enabled or Disabled), and the date/time the key was generated.
> devices-reporting-data — Show list of latest registration activities.
> last-device-registration — Show list of latest registration activities.
> local-verdict-change — Shows samples with changed verdicts.
> sample-analysis — Show wildfire analysis results for up to a maximum of 1,000 samples.
> sample-status — Show wildfire sample status. Enter the SHA256 value of the file to view the current analysis status.
> signature-status — Show wildfire signature status. Enter the SHA256 value of the file to view the current analysis status.

Sample Output

The following shows the output for this command.
admin@WF-500> show wildfire global api-keys all 
+------------+-----------+---------+---------------------+---------------------+ 
|   Apikey   |  Name     |  Status |     Create Time     |    Last Used Time   | 
+------------+-----------+---------+---------------------+---------------------+ 
| <API KEY>  | happykey1 | Enabled | 2017-03-01 23:21:02 | 2017-03-01 23:21:02 | 
+------------+-----------+---------+---------------------+---------------------+ 
 
admin@WF-500> show wildfire global devices-reporting-data 
+------------+---------------------+-------------+------------+----------+--------+ 
| _Device ID |   Last Registered   |  Device IP  | SW Version | HW Model | Status | 
+------------+---------------------+-------------+------------+----------+--------+ 
| test_WF500 | 2017-03-01 22:28:25 | 10.1.1.1    |    8.0     |  PA-200  |   OK   | 
+------------+---------------------+-------------+------------+----------+--------+ 
 
admin@WF-500> show wildfire global last-device-registration all 
+--------------+---------------------+-------------+------------+----------+--------+ 
| Device ID    | Last Registered     | Device IP   | SW Version | HW Model | Status | 
+--------------+---------------------+-------------+------------+----------+--------+ 
| 001606000114 | 2014-07-31 12:35:53 | 10.43.14.24 | 6.1.0-b14  | PA-200   | OK     | 
+--------------+---------------------+-------------+------------+----------+--------+ 
 
admin@WF-500> show wildfire global local-verdict-change 
+-----------------------------------------------------------------+---------+--------+ 
|                              SHA256                             | Verdict | Source | 
+-----------------------------------------------------------------+---------+--------+ 
| c883b5d2e16d22b09b176ca0786128f8064d47edf26186b95845aa3678868496|  2 -> 1 |   Yes  | 
+-----------------------------------------------------------------+---------+--------+ 
 
admin@WF-500> show wildfire global sample-analysis 
 
Last Created 100 Malicious Samples 
+--------------+---------------------+---------------------+-----------+ 
|    SHA256    |     Finish Date     |     Create Date     | Malicious | 
+--------------+---------------------+---------------------+-----------+ 
| <HASH VALUE> | 2017-03-01 23:27:57 | 2017-03-01 23:27:57 |    Yes    | 
+--------------+---------------------+---------------------+-----------+ 
+----------------------+----------------+---------------+----------------+ 
|     Storage Nodes    | Analysis Nodes |     Status    |    File Type   | 
+----------------------+----------------+---------------+----------------+ 
| 00926ld1_2,0094:d1_2 |      qa16      | Notify Finish |   Elink File   | 
+----------------------+----------------+---------------+----------------+ 
 
Last Created 100 Non-malicious Samples 
+--------------+---------------------+---------------------+-----------+ 
|    SHA256    |     Finish Date     |     Create Date     | Malicious | 
+--------------+---------------------+---------------------+-----------+ 
| <HASH VALUE> | 2017-03-01 23:31:15 | 2017-03-01 23:24:29 |     No    | 
+--------------+---------------------+---------------------+-----------+ 
+----------------------+----------------+---------------+--------------------+ 
|     Storage Nodes    | Analysis Nodes |     Status    |     File Type      | 
+----------------------+----------------+---------------+--------------------+ 
| 0712:smp_27,94:smp_7 |      qa16      | Notify Finish | MS Office document | 
+----------------------+----------------+---------------+--------------------+ 
 
admin@WF-500> show wildfire global sample-status sha256 equal dc9f3a2a053c825e7619581f3b31d53296fe41658b924381b60aee3eeea4c088 
 
+---------------------+---------------------+-----------+----------------------------+ 
|     Finish Date     |     Create Date     | Malicious |       Storage Nodes        |  
+---------------------+---------------------+-----------+----------------------------+ 
| 2017-03-01 22:34:17 | 2017-03-01 22:28:23 |     No    | 009026:smp_27,097010smp_27 | 
+---------------------+---------------------+-----------+----------------------------+ 
 
+----------------+---------------+------------------+ 
| Analysis Nodes |     Status    |    File Type     | 
+----------------+---------------+------------------+ 
|      qa15      | Notify Finish | Adobe Flash File | 
+----------------+---------------+------------------+ 
 
admin@WF-500> show wildfire global signature-status sha256 equalc883b5d2e16d22b09b176ca0786128f8064d47edf26186b95845aa3678868496 
Signature Name: Virus/Win32.WPCGeneric.cr 
Current Status: released 
Release History: 
+---------------+---------------------+---------+-------------+----------+ 
| Build Version |      Timestamp      |   UTID  | Internal ID |  Status  | 
+---------------+---------------------+---------+-------------+----------+ 
|     155392    | 2017-02-03 10:11:06 | 5000259 |    10411    | released | 
+---------------+---------------------+---------+-------------+----------+ 

Required Privilege Level

superuser, superreader

Related Documentation