In addition to forwarding unknown and blocked samples for analysis, the firewall also forwards information about the network session for a sample. Palo Alto Networks uses session information to learn more about the context of the suspicious network event, indicators of compromise related to the malware, affected hosts and clients, and applications used to deliver the malware.
The firewall is enabled to forward session information by default; however, you can adjust the default settings and choose what type of session information the firewall forwards to WildFire. On the firewall, select
and select or clear the following
Session Information Settings:
- Source IP—Forward the source IP address that sent the unknown file.
- Source Port—Forward the source port that sent the unknown file.
- Destination IP—Forward the destination IP address for the unknown file.
- Destination Port—Forward the destination port for the unknown file.
- Virtual System—Forward the virtual system that detected the unknown file.
- Application—Forward the user application that transmitted the unknown file.
- User—Forward the targeted user.
- URL—Forward the URL associated with the unknown file.
- Filename—Forward the name of the unknown file.
- Email sender—Forward the sender of an unknown email link (the name of the email sender also appears in WildFire logs and reports).
- Email recipient—Forward the recipient of an unknown email link (the name of the email recipient also appears in WildFire logs and reports).
- Email subject—Forward the subject of an unknown email link (the email subject also appears in WildFire logs and reports).
Device > Setup > WildFire
Device > Setup > WildFire Select Device Setup WildFire to configure WildFire settings on the firewall and Panorama. You can enable both the WildFire cloud ...
Include Email Header Information in WildFire Logs and Repor...
Include Email Header Information in WildFire Logs and Reports Use the following steps to include email header information—email sender, recipient(s), and subject—in WildFire logs and ...
WildFire Analysis Reports—Close Up
WildFire Analysis Reports—Close Up Access WildFire analysis reports on the firewall , the WildFire portal , and the WildFire API . WildFire analysis reports display ...
Threat Log Fields
Threat Log Fields Format : FUTURE_USE, Receive Time, Serial Number, Type, Threat/Content Type, FUTURE_USE, Generated Time, Source IP, Destination IP, NAT Source IP, NAT Destination ...
Forward Files for WildFire Analysis
Forward Files for WildFire Analysis Configure Palo Alto Networks firewalls to forward unknown files or email links and blocked files that match existing antivirus signatures ...
WildFire Concepts Samples Firewall Forwarding Session Information Sharing Analysis Environment Verdicts File Analysis Email Link Analysis Compressed and Encoded File Analysis WildFire Signatures ...
Email Link Analysis
Email Link Analysis A Palo Alto Networks firewall can extract HTTP/HTTPS links contained in SMTP and POP3 email messages and forward the links for WildFire ...
Security Profiles While security policy rules enable you to allow or block traffic on your network, security profiles help you define an allow but scan ...
Firewall Forwarding The firewall forwards unknown samples, as well as blocked files that match antivirus signatures, for WildFire analysis based on the configured WildFire Analysis ...