Submit Locally-Discovered Malware or Reports to the WildFire Public Cloud

Enable the WildFire appliance to automatically submit malware samples to the WildFire public cloud. The WildFire public cloud further analyzes the malware and generates a signature to identify the sample. The signature is then added to WildFire signature updates, and distributed to global users to prevent future exposure to the threat. If you do not want to forward malware samples outside of your network, you can instead choose to submit only WildFire reports for the malware discovered on your network, in order to contribute to and refine WildFire statistics and threat intelligence.
  • Submit Malware to the WildFire Public Cloud.
    1. Execute the following CLI command from the WildFire appliance to enable the appliance to automatically submit malware samples to the WildFire public cloud:
      admin@WF-500# set deviceconfig setting wildfire cloud-intelligence submit-sample yes
      If the firewall that originally submitted the sample for WildFire private cloud analysis has packet captures (PCAPs) enabled, the PCAPs for the malware will also be forwarded to the WildFire public cloud.
    2. Go to the WildFire portal to view analysis reports for malware automatically submitted to the WildFire public cloud. When malware is submitted to the WildFire public cloud, the public cloud generates a new analysis report for the sample.
  • Submit Analysis Reports to the WildFire Public Cloud
    To automatically submit malware reports to the WildFire public cloud (and not the malware sample), execute the following CLI command on the WildFire appliance:
    admin@WF-500# set deviceconfig setting wildfire cloud-intelligence submit-report yes
    If you have enabled the WildFire appliance to automatically submit malware to the WildFire public cloud, you do not need to enable this option—the WildFire public cloud will generate a new analysis report for the sample.
    Reports submitted to the WildFire public cloud cannot be viewed on the WildFire portal. The WildFire portal displays only WildFire public cloud reports.
  • Verify Malware and Report Submission Settings
    Check to confirm that cloud intelligence is enabled to either submit malware or submit reports to the WildFire public cloud by running the following command:
    admin@WF-500> show wildfire status
    Refer to the Submit sample and Submit report fields.

Related Documentation