Set Up Alerts for Malware
You can configure a Palo Alto Networks firewall to send an alert when WildFire identifies a malicious or phishing sample. You can configure alerts for benign and grayware files as well, but not for benign and grayware email links. This example describes how to configure an email alert; however, you could also configure log forwarding to set up alerts to be delivered as syslog messages, SNMP traps, or Panorama alerts.
- Configure an email server profile.
- Select DeviceServer ProfilesEmail.
- Click Add and then enter a Name for the profile. For example, WildFire-Email-Profile.
- (Optional) Select the virtual system to which this profile applies from the Location drop-down.
- Click Add to add a new email
server entry and enter the information required to connect to the
Simple Mail Transport Protocol (SMTP) server and send email (up
to four email servers can be added to the profile):
- Server—Name to identify the mail server (1-31 characters). This field is just a label and does not have to be the host name of an existing SMTP server.
- Display Name—The name to show in the From field of the email.
- From—The email address where notification emails are sent from.
- To—The email address to which notification emails are sent.
- Additional Recipient(s)—Enter an email address to send notifications to a second recipient.
- Gateway—The IP address or host name of the SMTP gateway to use to send the emails.
- Click OK to save the server profile.
- Click Commit to save the changes to the running configuration.
- Test the email server profile.
- Select MonitorPDF ReportsEmail Scheduler.
- Click Add and select the new email profile from the Email Profile drop-down.
- Click the Send test email button and a test email should be sent to the recipients defined in the email profile.
- Configure a log forwarding profile, to enable WildFire
logs to be forwarded to Panorama, an email account, SNMP, and/or
a syslog server.In this example you will set up email logs for when a sample is determined to be malicious. You can also enable Benign and Grayware logs to be forwarded, which will produce more activity if you are testing.The firewall does not forward WildFire logs for blocked files to an email account.
- Select ObjectsLog Forwarding.
- Add and name the profile, for example, WildFire-Log-Forwarding.
- In WildFire Settings, choose
the email profile from the Email column for Malicious as
shown below.To forward logs to Panorama, select the check boxes under the Panorama column for Benign, Grayware, Phishing and/or Malicious. For SNMP and Syslog, select the drop-down and choose the appropriate profile or click New to configure a new profile.
- Click OK to save the changes.
- Add the log forwarding profile to a security policy being
used for WildFire forwarding (with a WildFire Analysis profile attached).The WildFire Analysis profile defines the traffic that the firewall forwards for WildFire analysis. To set up a WildFire analysis profile and attach it to a security policy rule, see Forward Files for WildFire Analysis.
- Select PoliciesSecurity and click on the policy that is used for WildFire forwarding.
- In the Actions tab Log Setting section, select the Log Forwarding profile you configured.
- Click OK to save the changes and then Commit the configuration.
Configure Email Alerts
Configure Email Alerts You can configure email alerts for System, Config, HIP Match, Correlation, Threat, WildFire Submission, and Traffic logs. Create an Email server profile. ...
Forward Files for WildFire Analysis
Forward Files for WildFire Analysis Configure Palo Alto Networks firewalls to forward unknown files or email links and blocked files that match existing antivirus signatures ...
Configure WildFire Portal Settings
Configure WildFire Portal Settings This section describes the settings that can be customized for a WildFire cloud account, such as time zone and email notifications ...
Device > Setup > WildFire
Device > Setup > WildFire Select Device Setup WildFire to configure WildFire settings on the firewall and Panorama. You can enable both the WildFire cloud ...
Verify File Forwarding
Verify File Forwarding After the firewall is set up to Forward Files for WildFire Analysis , use the following options to verify the connection between ...
Device > Server Profiles > Email
Device > Server Profiles > Email Select Device Server Profiles Syslog or Panorama Server Profiles Syslog to configure a server profile for forwarding logs as ...
Enable Logging for Benign and Grayware Samples
Enable Logging for Benign and Grayware Samples Logging for benign and grayware samples is disabled by default. Email links that receive benign or grayware verdicts ...
Managed WildFire Cluster and Appliance Administration
Managed WildFire Cluster and Appliance Administration Select Panorama Managed WildFire Clusters and select a cluster to manage or select a WildFire appliance ( Panorama Managed ...
Configure Log Forwarding
Configure Log Forwarding In an environment where you use multiple firewalls to control and analyze network traffic, any single firewall can display logs and reports ...