View WildFire Sample Analysis Processing Details

The WildFire appliance retains records of analysis activity within an event log. You can view details about which connected services or appliances in your network analyzed a particular sample, as well as how many samples were analyzed in a given time-frame. You can use this information to monitor activity and develop policies and countermeasures against malicious activity. Unusually heavy activity can indicate suspicious activity. Also consider using a threat intelligence tool such as AutoFocus to investigate and determine the nature of a threat.
  1. View the number of samples processed locally within a specified timespan or based on a maximum number of samples.
    show wildfire local sample-processed {time [last-12-hrs | last-15-minutes | last-1-hr | last-24-hrs | last-30-days | last-7-days | last-calender-day | last-calender-month] \ count <number_of_samples>}
    .
    Latest samples information: +------------------------------------------------------------------+---------------------+-----------+------------+-----------+------------+-------------------+ | SHA256 | Create Time | File Name | File Type | File Size | Malicious | Status | +------------------------------------------------------------------+---------------------+-----------+------------+-----------+------------+-------------------+ | ce752b7b76ac2012bdff2b76b6c6af18e132ae8113172028b9e02c6647ee19bb | 2018-12-09 16:55:53 | | Email Link | 31,522 | | download complete | | 349e57e51e7407abcd6eccda81c8015298ff5d5ba4cedf09c7353c133ceaa74b | 2018-12-09 16:53:40 | | Email Link | 39,679 | | download complete | +------------------------------------------------------------------+---------------------+-----------+------------+-----------+------------+-------------------+
  2. Identify the device(s) that submitted a specified sample for WildFire analysis.
    show wildfire global sample-device-lookup sha256 equal <SHA_256>
    .
    Sample 1024609813c57fe174722c53b3167dc3cf5583d5c7abaf4a95f561c686a2116e last seen on following devices: +------------------------------------------------------------------+-----------+-----------+---------------------+ | SHA256 | Device ID | Device IP | Submitted Time | +------------------------------------------------------------------+-----------+-----------+---------------------+ | 1024609813c57fe174722c53b3167dc3cf5583d5c7abaf4a95f561c686a2116e | Manual | Manual | 2019-08-05 19:24:39 | +------------------------------------------------------------------+-----------+-----------+---------------------+

Recommended For You