Script Sample Analysis
To use this feature, be sure to download
and install the latest PAN-OS content release. PAN-OS Applications
and Threats content release 8101 enables you to specify file forwarding
of script files. For more information about the update, refer to
the Applications and Threat Content Release Notes.
Dynamic Updates
and
select the release notes listed under Apps + Threats.
The
WildFire public cloud can now analyze and classify script files
with verdicts using static and dynamic analysis. When a malicious
script is discovered, the WildFire cloud generates and distributes
C2 and DNS signatures to firewalls to prevent successful script-based
attacks. Because C2 and DNS signatures look at key network behaviors
contained within samples, these signatures can detect activity in
previously unknown malicious scripts. To ensure that you are protected
from the latest threats, always keep your firewalls up-to-date with
the latest content and software updates from Palo Alto Networks.
- The WildFire appliance does not support script file analysis at this time.
- Only firewalls operating PAN-OS 8.1 and later can forward scripts to the WildFire public cloud.
The
WildFire cloud is capable of analyzing the following script types:
- JScript (.js)
- VBScript (.vbs)
- PowerShell Script (.ps1)
To forward script
files for analysis, the
WildFire Analysis Profile
on
the firewall must be configured to forward the script
file
type or Any
unknown files to the WildFire
public cloud.- Enable file type forwarding.
- SelectObjects > Security Profiles > WildFire AnalysisandAddor modify a profile to define traffic to forward for WildFire analysis.
- Add or modify a profile rule, selectfile type, and set the rule to forward the newAnyfile type. You can also specify thescriptfile type if you want to forward only scripts.Profile rules with the file type set toAnyforward all file types for WildFire analysis.
- Select Destination and set the profile rule to forward the files to thepublic-cloud.
- ClickOKto save the new or modified WildFire Analysis profile.
- Attach the WildFire Analysis profile to a security policy rule—traffic matched to the policy rule is forwarded for WildFire Analysis.
- SelectPolicies > SecurityandAddor modify a security policy rule.
- SelectActionsand set theProfile TypetoProfiles.
- Select the newly-createdWildFire Analysisprofile.
- ClickOKto save the security policy rule.For detailed steps to configure a WildFire Analysis profile and to attach the profile to a security policy rule, see Forward Files for WildFire Analysis.
- SelectMonitor > WildFire Submissionsto find WildFire verdicts and analysis reports for script files that have been submitted by the firewall.
You can also
submit script files directly to the WildFire public cloud for analysis.
With a WildFire subscription, you can manually and programmatically submit
a daily total of 1,000 files. Each submission counts as a single
upload regardless of the content.
- Manually submit files to the WildFire public cloud for analysis. You can then view the WildFire sample analysis report and verdict (malicious, grayware or benign) on the WildFire portal.
- Use the WildFire API to submit files to the WildFire public cloud. You can use the WildFire API to retrieve verdicts and analysis reports for the files. You can also specify script as the target analysis environment when you retrieve a packet capture through the WildFire API.
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.
