The WildFire global (U.S.) cloud can
analyze URLs, and by extension, email links, to provide standardized
verdicts and reports through the WildFire API. By aggregating
threat analysis details from all Palo Alto Networks services, including
PAN-DB, WildFire is able to generate a more accurate verdict and
provide consistent URL analysis data.
WildFire operates a series of URL analyzers that
process various URL feeds, correlated URL sources (such as email
links), NRD (newly registered domain) lists, PAN-DB content, and
manually uploaded URLs. After a URL has been processed, you can
retrieve the WildFire URL analysis report, which includes the verdict,
detection reasons with evidence, screenshots, and analysis data
generated for the web request. You can also retrieve web page artifacts
(downloaded files and screenshots) seen during URL analysis to further
investigate anomalous activity.
No additional configuration is necessary to take advantage of
this feature, however, if you want to automatically submit email
links for analysis (which are now analyzed through this service),
you must configure your firewall to forward email link (PAN-OS 8.1, 9.0, 9.1, 10.0).
Verdicts that you suspect are either false positives or false
negatives can be submitted (PAN-OS 8.1, 9.0, 9.1, 10.0) to the Palo Alto
Networks threat team for additional analysis.
URL Analysis is currently available only in the WildFire
global (U.S.) cloud.