Advanced WildFire Powered by Precision AI™
Session Information Sharing
Table of Contents
Expand All
|
Collapse All
Advanced WildFire
-
-
- Forward Files for Advanced WildFire Analysis
- Manually Upload Files to the WildFire Portal
- Forward Decrypted SSL Traffic for Advanced WildFire Analysis
- Enable Advanced WildFire Inline Cloud Analysis
- Enable Advanced WildFire Inline ML
- Enable Hold Mode for Real-Time Signature Lookup
- Configure the Content Cloud FQDN Settings
- Sample Removal Request
- Firewall File-Forwarding Capacity by Model
-
-
-
- set deviceconfig cluster
- set deviceconfig high-availability
- set deviceconfig setting management
- set deviceconfig setting wildfire
- set deviceconfig system eth2
- set deviceconfig system eth3
- set deviceconfig system panorama local-panorama panorama-server
- set deviceconfig system panorama local-panorama panorama-server-2
- set deviceconfig system update-schedule
- set deviceconfig system vm-interface
-
- clear high-availability
- create wildfire api-key
- delete high-availability-key
- delete wildfire api-key
- delete wildfire-metadata
- disable wildfire
- edit wildfire api-key
- load wildfire api-key
- request cluster decommission
- request cluster reboot-local-node
- request high-availability state
- request high-availability sync-to-remote
- request system raid
- request wildfire sample redistribution
- request system wildfire-vm-image
- request wf-content
- save wildfire api-key
- set wildfire portal-admin
- show cluster all-peers
- show cluster controller
- show cluster data migration status
- show cluster membership
- show cluster task
- show high-availability all
- show high-availability control-link
- show high-availability state
- show high-availability transitions
- show system raid
- submit wildfire local-verdict-change
- show wildfire
- show wildfire global
- show wildfire local
- test wildfire registration
Session Information Sharing
Where Can I Use This? | What Do I Need? |
---|---|
|
|
In addition to forwarding unknown and blocked samples for analysis,
the firewall also forwards information about the network session
for a sample. Palo Alto Networks uses session information to learn
more about the context of the suspicious network event, indicators
of compromise related to the malware, affected hosts and clients,
and applications used to deliver the malware.
Forward of session information is enabled by default; however,
you can adjust the default settings and choose what type of session
information is forwarded to one of the WildFire cloud options.
Session Information Sharing (Cloud Management)
If you’re using Panorama to manage Prisma Access:
Toggle over to the PAN-OS tab
and follow the guidance there.
If you’re using Prisma Access Cloud Management, continue here.
- Use the credentials associated with your Palo Alto Networks support account and log in to the Strata Cloud Manager application on the hub.
- Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesWildFire and Antivirus and configure your Session Information Settings options.
- Source IP—Forward the source IP address that sent the unknown file.
- Source Port—Forward the source port that sent the unknown file.
- Destination IP—Forward the destination IP address for the unknown file.
- Destination Port—Forward the destination port for the unknown file.
- Virtual System—Forward the virtual system that detected the unknown file.
- Application—Forward the user application that transmitted the unknown file.
- User—Forward the targeted user.
- URL—Forward the URL associated with the unknown file.
- Filename—Forward the name of the unknown file.
- Email sender—Forward the sender of an unknown email link (the name of the email sender also appears in WildFire logs and reports).
- Email recipient—Forward the recipient of an unknown email link (the name of the email recipient also appears in WildFire logs and reports).
- Email subject—Forward the subject of an unknown email link (the email subject also appears in WildFire logs and reports).
- Save your changes.
Session Information Sharing (PAN-OS & Panorama)
- Select DeviceSetupWildFire and select or clear the following Session Information Settings options.
- Source IP—Forward the source IP address that sent the unknown file.
- Source Port—Forward the source port that sent the unknown file.
- Destination IP—Forward the destination IP address for the unknown file.
- Destination Port—Forward the destination port for the unknown file.
- Virtual System—Forward the virtual system that detected the unknown file.
- Application—Forward the user application that transmitted the unknown file.
- User—Forward the targeted user.
- URL—Forward the URL associated with the unknown file.
- Filename—Forward the name of the unknown file.
- Email sender—Forward the sender of an unknown email link (the name of the email sender also appears in WildFire logs and reports).
- Email recipient—Forward the recipient of an unknown email link (the name of the email recipient also appears in WildFire logs and reports).
- Email subject—Forward the subject of an unknown email link (the email subject also appears in WildFire logs and reports).
- Click OK to save your changes.