The WildFire Analysis Environment identifies previously unknown malware and generates signatures that Palo Alto Networks firewalls can use to then detect and block the malware. When a Palo Alto Networks firewall detects an unknown sample (a file or a link included in an email), the firewall can automatically forward the sample for WildFire analysis. Based on the properties, behaviors, and activities the sample displays when analyzed and executed in the WildFire sandbox, WildFire determines the sample to be benign, grayware, phishing, or malicious. WildFire then generates signatures to recognize the newly-discovered malware, and makes the latest signatures globally available every five minutes. All Palo Alto Networks firewalls can then compare incoming samples against these signatures to automatically block the malware first detected by a single firewall.The following workflow describes the WildFire process lifecycle from when a user downloads a file carrying an advanced VM-aware payload to the point where WildFire generates a signature package used by Palo Alto Networks firewalls to protect against future exposure to malware.
In this example, the following assumptions are made:
- A firewall is registered to the WildFire cloud and is configured to forward supported file types.
- The malware found in the file attachment is an advanced VM-aware threat and has not been encountered before.
- The file download is logged if the data filtering logs and WildFire submissions logs are configured to be forwarded to the firewall.
To learn more about WildFire, or to get started with WildFire now, see the following topics:
- Review WildFire Concepts to learn more about the types of samples you can submit for WildFire analysis, WildFire verdicts, and WildFire signatures.
- Learn more about WildFire Deployments deployments you can set up with the firewall. You can submit samples you would like to have analyzed to a Palo Alto Networks-hosted WildFire cloud, a locally-hosted WildFire private cloud, or you can use a hybrid cloud, where the firewall submits certain samples to the public cloud and certain samples to a private cloud.
- Get Started with WildFire to define the samples that you want to submit for analysis, and to begin submitted samples to a WildFire cloud.
- Manage WildFire Appliances using Panorama to manage up to 200 WildFire appliances centrally instead of individually.
- Create WildFire Appliance Clusters to increase analysis and storage capacity, support more firewalls on a single network, and implement high-availability to provide fault tolerance. You can manage WildFire appliance clusters using the local WildFire CLI or using Panorama.
About the WildFire Appliance
About the WildFire Appliance The WildFire appliance provides an on-premises WildFire private cloud, enabling you to analyze suspicious files in a sandbox environment without requiring ...
WildFire Global Cloud
WildFire Global Cloud A Palo Alto Networks firewall with can forward unknown files and email links to the WildFire global cloud or to one of ...
WildFire Private Cloud
WildFire Private Cloud In a Palo Alto Networks private cloud deployment, Palo Alto Networks firewalls forward files to a WildFire appliance on your corporate network ...
Enable Local Signature and URL Category Generation
Enable Local Signature and URL Category Generation The WildFire appliance can generate signatures locally based on the samples received from connected firewalls and the WildFire ...
Get Started with WildFire
Get Started with WildFire The following steps provide a quick workflow to get started with WildFire™. If you’d like to learn more about WildFire before ...
Submit Files for WildFire Analysis
Submit Files for WildFire Analysis The following topics describe how to submit files for WildFire™ analysis. You can set up Palo Alto Networks firewalls to ...
Monitor WildFire Activity
Monitor WildFire Activity Depending on your WildFire™ deployment—public, private, or hybrid—you can view samples submitted to WildFire and analysis results for each sample using the ...
Forward Files for WildFire Analysis
Forward Files for WildFire Analysis Configure Palo Alto Networks firewalls to forward unknown files or email links and blocked files that match existing antivirus signatures ...
Use the WildFire Portal to Monitor Malware
Use the WildFire Portal to Monitor Malware Log in to the Palo Alto Networks WildFire portal using your Palo Alto Networks support credentials or your ...