Email Link Analysis
A Palo Alto Networks firewall can extract HTTP/HTTPS
links contained in SMTP and POP3 email messages and forward the
links for WildFire analysis. The firewall only extracts links and
associated session information (sender, recipient, and subject) from
email messages; it does not receive, store, forward, or view the
email message.
WildFire visits submitted links to determine if the corresponding
web page hosts any exploits or displays phishing activity. A link
that WildFire finds to be malicious or phishing is:
- Recorded on the firewall as a WildFire Submissions log entry. The WildFire analysis report that details the behavior and activity observed for the link is available for each WildFire Submissions log entry. The log entry also includes the email header information—email sender, recipient, and subject—so that you can identify the message and delete it from the mail server, or mitigate the threat if the email has been delivered or opened.
- Added to PAN-DB and the URL is categorized as malware.
The firewall forwards email links in batches of 100 email links
or every two minutes (depending on which limit is hit first). Each
batch upload to WildFire counts as one upload toward the upload
per-minute capacity for the given firewall model (Firewall File Forwarding Capacity by Model).
If a link included in an email corresponds to a file download instead
of a URL, the firewall forwards the file only if the corresponding
file type is enabled for WildFire analysis.
To enable the firewall to forward links included in emails for
WildFire analysis, see Forward Files for WildFire Analysis.
With a PAN-DB URL Filtering license, you can also block user access
to malicious and phishing sites.
Related Documentation
Verify File Forwarding
Verify File Forwarding After the firewall is set up to Forward Files for WildFire Analysis , use the following options to verify the connection between ...
WildFire Phishing Verdict
WildFire Phishing Verdict The new WildFire phishing verdict classifies credential phishing links found in emails separately from emailed links found to be exploits or malware. ...
Samples
Samples Samples are all file types and email links submitted for WildFire analysis from the firewall and the public API. See File Analysis and Email ...
WildFire Features
WildFire Features PAN-OS 8.0.1 is the base image for WF-500 appliances (not PAN-OS 8.0.0). New WildFire Features Description WildFire Appliance Clusters In environments where you ...
WildFire Submissions Logs
WildFire Submissions Logs The firewall forwards samples (files and emails links) to the WildFire cloud for analysis based on WildFire Analysis profiles settings ( Objects ...
Forward Files for WildFire Analysis
Forward Files for WildFire Analysis Configure Palo Alto Networks firewalls to forward unknown files or email links and blocked files that match existing antivirus signatures ...
Enable Basic WildFire Forwarding
Enable Basic WildFire Forwarding WildFire is a cloud-based virtual environment that analyzes and executes unknown samples (files and email links) and determines the samples to ...
Submit Files for WildFire Analysis
Submit Files for WildFire Analysis The following topics describe how to submit files for WildFire™ analysis. You can set up Palo Alto Networks firewalls to ...