The WildFire appliance (private cloud) can
now analyze and classify script files with verdicts using static
and dynamic analysis. Previously this feature was only present in
the WildFire cloud. This analysis capability has now been expanded
to include WildFire appliances running PAN-OS 9.0.4 and later.
a malicious script is discovered during analysis, the WildFire appliance
generates and distributes C2 and DNS signatures to firewalls to
prevent successful script-based attacks. Because C2 and DNS signatures
look at key network behaviors contained within samples, these signatures
can detect activity in previously unknown malicious scripts. To
ensure that you are protected from the latest threats, always keep
your firewalls up-to-date with the latest content and software updates
from Palo Alto Networks.
Only firewalls operating
PAN-OS 9.0.4 and later can analyze scripts.
WildFire appliance is capable of analyzing the following script
PowerShell Script (.ps1)
To forward script
files for analysis, the
WildFire Analysis Profile
the firewall must be configured to forward the
unknown files to the WildFire
Enable file type forwarding.
> Security Profiles > WildFire Analysis
modify a profile to define traffic to forward for WildFire analysis.
Add or modify a profile rule, select
and set the rule to forward the new
type. You can also specify the
type if you want to forward only scripts.
with the file type set to
file types for WildFire analysis.
Select Destination and set the profile rule to forward the
files to the
to save the new or modified
WildFire Analysis profile.
Attach the WildFire Analysis profile to a security policy
rule—traffic matched to the policy rule is forwarded for WildFire