WildFire® What's New Guide
    : WildFire Appliance Script Support
    Focus
    Download PDF
    Focus
    1. Home
    2. WildFire
    3. WildFire® What's New Guide
    4. WildFire Features in PAN-OS 9.0
    5. WildFire Appliance Script Support
    Download PDF

    WildFire® What's New Guide

    WildFire Appliance Script Support

    Table of Contents

    WildFire Appliance Script Support

    The WildFire appliance (private cloud) can now analyze and classify script files with verdicts using static and dynamic analysis. Previously this feature was only present in the WildFire cloud. This analysis capability has now been expanded to include WildFire appliances running PAN-OS 9.0.4 and later.
    When a malicious script is discovered during analysis, the WildFire appliance generates and distributes C2 and DNS signatures to firewalls to prevent successful script-based attacks. Because C2 and DNS signatures look at key network behaviors contained within samples, these signatures can detect activity in previously unknown malicious scripts. To ensure that you are protected from the latest threats, always keep your firewalls up-to-date with the latest content and software updates from Palo Alto Networks.
    • Only firewalls operating PAN-OS 9.0.4 and later can analyze scripts.
    The WildFire appliance is capable of analyzing the following script types:
    • JScript (.js)
    • VBScript (.vbs)
    • PowerShell Script (.ps1)
    To forward script files for analysis, the
    WildFire Analysis Profile
     on the firewall must be configured to forward the
    script
     file type or
    Any
     unknown files to the WildFire private cloud.
    1. Enable file type forwarding.
      1. Select
        Objects > Security Profiles > WildFire Analysis
         and
        Add
         or modify a profile to define traffic to forward for WildFire analysis.
      2. Add or modify a profile rule, select
        file type
        , and set the rule to forward the new
        Any
         file type. You can also specify the
        script
         file type if you want to forward only scripts.
        Profile rules with the file type set to
        Any
         forward all file types for WildFire analysis.
      3. Select Destination and set the profile rule to forward the files to the
        private-cloud
        .
      4. Click
        OK
         to save the new or modified WildFire Analysis profile.
    2. Attach the WildFire Analysis profile to a security policy rule—traffic matched to the policy rule is forwarded for WildFire Analysis.
      1. Select
        Policies > Security
         and
        Add
         or modify a security policy rule.
      2. Select
        Actions
         and set the
        Profile Type
         to
        Profiles
        .
      3. Select the newly-created
        WildFire Analysis
         profile.
      4. Click
        OK
         to save the security policy rule.
        For detailed steps to configure a WildFire Analysis profile and to attach the profile to a security policy rule, see Forward Files for WildFire Analysis.
    3. Select
      Monitor > WildFire Submissions
       to find WildFire verdicts and analysis reports for script files that have been submitted by the firewall.

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.