Include Email Header Information in WildFire Logs and Reports

Use the following steps to include email header information—email sender, recipient(s), and subject—in WildFire logs and reports.
Session information is forwarded to the WildFire cloud along with the sample, and used to generate the WildFire analysis report. Neither the firewall nor the WildFire cloud receive, store, or view actual email contents.
Session information can help you to quickly track down and remediate threats detected in email attachments or links, including how to identify recipients who have downloaded or accessed malicious content.
  1. Select DeviceSetupWildFire.
  2. Edit the Session Information Settings section and enable one or more of the options (Email sender, Email recipient, and Email subject).
  3. Click OK to save.

Related Documentation