WildFire Appliance Script Support
Expand all | Collapse all
WildFire Appliance Script Support
The WildFire appliance (private cloud) can
now analyze and classify script files with verdicts using static
and dynamic analysis. Previously this feature was only present in
the WildFire cloud. This analysis capability has now been expanded
to include WildFire appliances running PAN-OS 9.0.4 and later.
When
a malicious script is discovered during analysis, the WildFire appliance
generates and distributes C2 and DNS signatures to firewalls to
prevent successful script-based attacks. Because C2 and DNS signatures
look at key network behaviors contained within samples, these signatures
can detect activity in previously unknown malicious scripts. To
ensure that you are protected from the latest threats, always keep
your firewalls up-to-date with the latest content and software updates
from Palo Alto Networks.
Only firewalls operating
PAN-OS 9.0.4 and later can analyze scripts.
The
WildFire appliance is capable of analyzing the following script
types:
To forward script
files for analysis, the
WildFire Analysis Profile
on
the firewall must be configured to forward the
script
file
type or
Any
unknown files to the WildFire
private cloud.
Enable file type forwarding.
Select
Objects
> Security Profiles > WildFire Analysis
and
Add
or
modify a profile to define traffic to forward for WildFire analysis.
Add or modify a profile rule, select
file type
,
and set the rule to forward the new
Any
file
type. You can also specify the
script
file
type if you want to forward only scripts.
Profile rules
with the file type set to
Any
forward all
file types for WildFire analysis.
Select Destination and set the profile rule to forward the
files to the
private-cloud
.
Click
OK
to save the new or modified
WildFire Analysis profile.
Attach the WildFire Analysis profile to a security policy
rule—traffic matched to the policy rule is forwarded for WildFire
Analysis.
Select
Policies > Security
and
Add
or
modify a security policy rule.
Select
Actions
and set the
Profile
Type
to
Profiles
.
Select the newly-created
WildFire Analysis
profile.
Click
OK
to save the security policy
rule.
Select
Monitor > WildFire Submissions
to
find WildFire verdicts and analysis reports for script files that
have been submitted by the firewall.