The WildFire Analysis
Environment identifies previously unknown malware and generates
signatures that Palo Alto Networks firewalls can use to then detect
and block the malware. When a Palo Alto Networks firewall detects an
unknown sample (a file or a link included in an email), the firewall
can automatically forward the sample for WildFire analysis. Based
on the properties, behaviors, and activities the sample displays
when analyzed and executed in the WildFire sandbox, WildFire determines
the sample to be benign, grayware, phishing, or malicious. WildFire
then generates signatures to recognize the newly-discovered malware,
and makes the latest signatures globally available every five minutes.
All Palo Alto Networks firewalls can then compare incoming samples
against these signatures to automatically block the malware first
detected by a single firewall.The following workflow describes the
WildFire process lifecycle from when a user downloads a file carrying
an advanced VM-aware payload to the point where WildFire generates
a signature package used by Palo Alto Networks firewalls to protect against
future exposure to malware.
In this example, the following assumptions are made:
A firewall is registered to the
WildFire cloud and is configured to forward supported file types.
The malware found in the file attachment
is an advanced VM-aware threat and has not been encountered before.
The file download is logged if the data filtering logs and
WildFire submissions logs are configured to be forwarded to the
To learn more about WildFire, or to get started with WildFire
now, see the following topics:
Concepts to learn more about the types of samples you can
submit for WildFire analysis, WildFire verdicts, and WildFire signatures.
Learn more about WildFire
Deployments deployments you can set up with the firewall.
You can submit samples you would like to have analyzed to a Palo
Alto Networks-hosted WildFire cloud, a locally-hosted WildFire private
cloud, or you can use a hybrid cloud, where the firewall submits
certain samples to the public cloud and certain samples to a private
Get Started with WildFire
(PAN-OS 8.0, 8.1, 9.0) to define the samples that you want
to submit for analysis, and to begin submitted samples to a WildFire
Manage WildFire Appliances
(PAN-OS 8.0, 8.1, 9.0) using Panorama to manage up to 200
WildFire appliances centrally instead of individually.
Create WildFire Appliance Clusters
(PAN-OS 8.0, 8.1, 9.0) to increase analysis and storage
capacity, support more firewalls on a single network, and implement
high-availability to provide fault tolerance. You can manage WildFire
appliance clusters using the local WildFire CLI or using Panorama.