Network Traffic Profiling

Network traffic profiles detect malicious traffic patterns that might otherwise be misclassified as benign, such as communications with legitimate sites used as part of a command and control mechanism. The WildFire cloud dynamic analysis environment now has a network traffic profile detection module that performs deep inspection of PCAPs produced during sample analysis. Network traffic profiles are created through PCAP analysis by looking for 10 or more networking session attributes, which in turn is used by the WildFire cloud to detect known and variants of known malware using a one-to-many profile match. No configuration changes or PAN-OS updates are required to enable network traffic profiling. All changes and updates have been made in the WildFire Cloud.
When the analysis environment identifies a malicious traffic pattern, a new behavior is shown under the
Behavioral Summary
section of the WildFire analysis report with the description
One or more malicious network patterns were triggered
.
network-traffic-profiling.png

Related Documentation