https://live.paloaltonetworks.com/t5/prisma-access-articles/wildfire-submission-logs-on-prisma-access/ta-p/448206 <DIV class="lia-message-template-content-zone"> <P><SPAN style="font-weight: 400;">The following article walks through the steps to verify the WildFire submission logs for Prisma Access deployment via the Panorama and Explore application on the hub.</SPAN></P> <P>&nbsp;</P> <H2><STRONG>Panorama</STRONG></H2> <P>&nbsp;</P> <OL> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">To view samples submitted by a firewall to a WildFire public, private, or hybrid cloud, select </SPAN><STRONG>Monitor&nbsp; &gt; Logs&nbsp; &gt;&nbsp; WildFire Submissions</STRONG><SPAN style="font-weight: 400;">.&nbsp;</SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">Select the Device Group related to the Prisma Access tenant of interest.</SPAN><SPAN style="font-weight: 400;"><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1.jpg" style="width: 937px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37691iA5970ECC74FA4A25/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="1.jpg" alt="1.jpg" /></span><BR /></SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">When WildFire analysis of a sample is complete, the results are accessible in the WildFire Submissions logs. The submission logs include details about a given sample, including the following information:</SPAN> <UL> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">The Verdict column indicates whether the sample is benign, malicious, phishing, or grayware.</SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">The Action column indicates whether the firewall allowed or blocked the sample.</SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">The Severity column indicates how much of a threat a sample poses to an organization using the following values: critical, high, medium, low, and informational.</SPAN><SPAN style="font-weight: 400;"><BR /></SPAN><SPAN style="font-weight: 400;"><BR /></SPAN><SPAN style="font-weight: 400;">Information on different kinds of verdicts can be found </SPAN><A href="https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/monitoring/view-and-manage-logs/log-types-and-severity-levels/wildfire-submissions-logs.html" target="_blank" rel="noopener"><SPAN style="font-weight: 400;">here</SPAN></A><SPAN style="font-weight: 400;">.</SPAN><SPAN style="font-weight: 400;"><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2.jpg" style="width: 931px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37692i88C4D45AD874E95E/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="2.jpg" alt="2.jpg" /></span></SPAN></LI> </UL> </LI> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">For an entry, select the Log Details icon to open a detailed log view for each entry:</SPAN><SPAN style="font-weight: 400;"><BR /></SPAN><SPAN style="font-weight: 400;"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="3.jpg" style="width: 465px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37693i3E435D0D94B95AC0/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="3.jpg" alt="3.jpg" /></span><BR /></SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><STRONG>Log Info </STRONG><SPAN style="font-weight: 400;">provides details around the wildfire that shared the suspicious file and triggered the wildfire submission</SPAN><SPAN style="font-weight: 400;"><BR /></SPAN><SPAN style="font-weight: 400;"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="4.jpg" style="width: 932px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37694i2D2ED7DBA5C2B587/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="4.jpg" alt="4.jpg" /></span></SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">For all samples, the WildFire analysis report displays file and session details. For malware samples, the WildFire analysis report is extended to include details on the file attributes and behavior that indicates the file was malicious.<BR /></SPAN><SPAN style="font-weight: 400;"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="5.jpg" style="width: 921px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37695iBEC2C98F2A073CFB/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="5.jpg" alt="5.jpg" /></span></SPAN></LI> </OL> <H1>&nbsp;</H1> <H2><STRONG>Explore App</STRONG></H2> <P><SPAN style="font-weight: 400;">To access the explore app, one must login into the </SPAN><A href="https://apps.paloaltonetworks.com/apps" target="_blank" rel="noopener"><SPAN style="font-weight: 400;">hub</SPAN></A><SPAN style="font-weight: 400;">. The Explore app is available for free for all customers. A complete guide to the Explore app can be found </SPAN><A href="https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/retrieve-log-records.html" target="_blank" rel="noopener"><SPAN style="font-weight: 400;">here</SPAN></A><SPAN style="font-weight: 400;">.&nbsp;</SPAN></P> <BR /> <P><SPAN style="font-weight: 400;">The following are steps to see wildfire submission logs via Explore app.&nbsp;</SPAN></P> <BR /> <OL> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">Select the Explore app from the list of activated apps on the hub</SPAN><SPAN style="font-weight: 400;"><BR /></SPAN><SPAN style="font-weight: 400;"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="6.jpg" style="width: 930px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37696iD170E15ED8F01830/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="6.jpg" alt="6.jpg" /></span></SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">Select </SPAN><STRONG>Threat </STRONG><SPAN style="font-weight: 400;">logs from the log type selection</SPAN><SPAN style="font-weight: 400;"><BR /></SPAN><SPAN style="font-weight: 400;"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="7.jpg" style="width: 298px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37697i225DC973FD9AF0A2/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="7.jpg" alt="7.jpg" /></span></SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">Subtype </SPAN><STRONG>wildfire </STRONG><SPAN style="font-weight: 400;">represents the logs represent the results of WildFire analysis:</SPAN><SPAN style="font-weight: 400;"><BR /></SPAN><SPAN style="font-weight: 400;"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="8.jpg" style="width: 504px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37698i3208640DDAFF3853/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="8.jpg" alt="8.jpg" /></span><BR /><BR /></SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">Click on the </SPAN><STRONG>‘Details' </STRONG><SPAN style="font-weight: 400;">view option to look into log details:</SPAN><SPAN style="font-weight: 400;"><BR /></SPAN><SPAN style="font-weight: 400;"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="9.jpg" style="width: 933px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37699i5951199C63831F39/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="9.jpg" alt="9.jpg" /></span></SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">The </SPAN><STRONG>‘Details’ </STRONG><SPAN style="font-weight: 400;">view will provide information on the traffic and threat details. ‘</SPAN><STRONG>General’ </STRONG><SPAN style="font-weight: 400;">will provide traffic information and threat details</SPAN><SPAN style="font-weight: 400;"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="10.jpg" style="width: 960px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37700i943EDEC83A5B78A6/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="10.jpg" alt="10.jpg" /></span></SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">Click on the ‘</SPAN><STRONG>Details’ </STRONG><SPAN style="font-weight: 400;">tab to get the hash of the file that triggered the wildfire.</SPAN><SPAN style="font-weight: 400;"><BR /></SPAN><SPAN style="font-weight: 400;"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="11.jpg" style="width: 685px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37701i1EEAEF6685297F3C/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="11.jpg" alt="11.jpg" /></span><BR /><BR /></SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">Copy the file hash from the screen</SPAN><SPAN style="font-weight: 400;"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="12.jpg" style="width: 673px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37702iCC5CF76100C587C5/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="12.jpg" alt="12.jpg" /></span></SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">Login into </SPAN><A href="https://wildfire.paloaltonetworks.com/" target="_blank" rel="noopener"><SPAN style="font-weight: 400;">WildFire Portal</SPAN></A><SPAN style="font-weight: 400;"> and select Reports</SPAN><SPAN style="font-weight: 400;"><BR /></SPAN><SPAN style="font-weight: 400;"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="13.jpg" style="width: 523px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37703i10B7E0797CEBEF95/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="13.jpg" alt="13.jpg" /></span><BR /><BR /></SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">Search using the file hash</SPAN><SPAN style="font-weight: 400;"><BR /></SPAN><SPAN style="font-weight: 400;"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="14.jpg" style="width: 933px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37704iC259D1E76BFCB3B8/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="14.jpg" alt="14.jpg" /></span><BR /></SPAN><SPAN style="font-weight: 400;"><BR /><BR /></SPAN></LI> <LI style="font-weight: 400;" aria-level="1"><SPAN style="font-weight: 400;">Click on the ‘</SPAN><STRONG>Details’</STRONG><SPAN style="font-weight: 400;"> button to open the report in the new tab<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="15.jpg" style="width: 934px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37705i0E96AE93BB862ABA/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="15.jpg" alt="15.jpg" /></span></SPAN></LI> </OL> <BR /> <P>&nbsp;</P> </DIV> Mon, 22 Nov 2021 20:21:22 GMT Sai_Tumuluri 2021-11-22T20:21:22Z https://live.paloaltonetworks.com/t5/prisma-access-articles/wildfire-submission-logs-on-prisma-access/ta-p/448206 <P><SPAN>Verify the WildFire submission logs for Prisma Access deployment via the Panorama and Explore application on the hub.</SPAN></P> Mon, 22 Nov 2021 20:21:22 GMT https://live.paloaltonetworks.com/t5/prisma-access-articles/wildfire-submission-logs-on-prisma-access/ta-p/448206 Sai_Tumuluri 2021-11-22T20:21:22Z https://live.paloaltonetworks.com/t5/prisma-access-articles/wildfire-submission-logs-on-prisma-access/tac-p/581988#M29 <P>Which region will the WF cloud service sent by Prisma Access ?</P><P>Reports cannot be viewed on global portal configured with template<BR />I was able to confirm this on another portal.</P><P>How do Prisma Access decide on a destination?</P><P>&nbsp;</P><P><SPAN>If you know, please let me know.</SPAN></P> Thu, 28 Mar 2024 06:09:49 GMT https://live.paloaltonetworks.com/t5/prisma-access-articles/wildfire-submission-logs-on-prisma-access/tac-p/581988#M29 MakotoT 2024-03-28T06:09:49Z https://live.paloaltonetworks.com/t5/prisma-access-articles/wildfire-submission-logs-on-prisma-access/tac-p/581991#M30 <P>According to the PDF at the following URL, it is determined by the Compute Location of Prisma Access.</P><P><A href="https://www.paloaltonetworks.com/resources/datasheets/privacy-prisma-access" target="_blank">https://www.paloaltonetworks.com/resources/datasheets/privacy-prisma-access</A></P> Thu, 28 Mar 2024 06:24:13 GMT https://live.paloaltonetworks.com/t5/prisma-access-articles/wildfire-submission-logs-on-prisma-access/tac-p/581991#M30 s-hamamoto 2024-03-28T06:24:13Z https://live.paloaltonetworks.com/t5/prisma-access-articles/wildfire-submission-logs-on-prisma-access/tac-p/581994#M31 <P><SPAN>Thank you very much for helping me.</SPAN></P> Thu, 28 Mar 2024 06:58:46 GMT https://live.paloaltonetworks.com/t5/prisma-access-articles/wildfire-submission-logs-on-prisma-access/tac-p/581994#M31 MakotoT 2024-03-28T06:58:46Z