https://live.paloaltonetworks.com/t5/general-topics/wildfire-subscription-logs/m-p/4325#M3205 <HTML><HEAD></HEAD><BODY><P>Hopefully someone from PA could reply to your question - I simply dont know <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P><P></P><P>However if you are sensitive of which data you send into the cloud you could join the feature request (which I know exists because I have sent one myself <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> of an in-house wildfire (that is you get/buy one or more appliance box(es) at your own datacenter to perform the analysis and by that the data never leaves your datacenter).</P></BODY></HTML> Mon, 28 Jan 2013 19:11:12 GMT mikand 2013-01-28T19:11:12Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-subscription-logs/m-p/4322#M3202 <HTML><HEAD></HEAD><BODY><P><BR />I am setting up my lab PA-200 for Wildfire.&nbsp; I had a question about the monitoring logs.&nbsp; I understand that using the Wildfire portal, you have to configure the global settings of what meta information to send to the Wildfire servers to see that info.&nbsp; (URL, src-dst IP, username, etc)</P><P></P><P>If you have the subscription is this information still sent?&nbsp; Since all of the data is local I am not certain that it would be necessary to send that metadata to the cloud in order for the local firewall to still log the metadata.&nbsp; Does anyone have a definitive answer on this?</P></BODY></HTML> Sun, 27 Jan 2013 18:06:37 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-subscription-logs/m-p/4322#M3202 ftboomer1 2013-01-27T18:06:37Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-subscription-logs/m-p/4323#M3203 <HTML><HEAD></HEAD><BODY><P>I think these settings are part of statistics over at PaloAlto but also replicated into the email you get sent (along with the online report) once a malware is found.</P><P></P><P>Simply to make it easier for you so you dont have to login to your PA-device to find out these values.</P><P></P><P>So if you doesnt send these values into the cloud and have a wildfire subscription I think you can find these values manually by digging through your wildfire log in your PA-device.</P></BODY></HTML> Mon, 28 Jan 2013 18:39:09 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-subscription-logs/m-p/4323#M3203 mikand 2013-01-28T18:39:09Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-subscription-logs/m-p/4324#M3204 <HTML><HEAD></HEAD><BODY><P>Just to clarify:&nbsp; If I have a security policy that prohibits the disclosure of things like internal IP, username, etc. then what I was wondering if the potential malware payload would be sent to Wildfire cloud, information returned, and the metadata re-associated with the original file.&nbsp; I am guessing that metadata would not really need to be sent in order to correlate the Wildfire payload with the logs but I am looking for clarification.</P></BODY></HTML> Mon, 28 Jan 2013 19:05:57 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-subscription-logs/m-p/4324#M3204 ftboomer1 2013-01-28T19:05:57Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-subscription-logs/m-p/4325#M3205 <HTML><HEAD></HEAD><BODY><P>Hopefully someone from PA could reply to your question - I simply dont know <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P><P></P><P>However if you are sensitive of which data you send into the cloud you could join the feature request (which I know exists because I have sent one myself <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> of an in-house wildfire (that is you get/buy one or more appliance box(es) at your own datacenter to perform the analysis and by that the data never leaves your datacenter).</P></BODY></HTML> Mon, 28 Jan 2013 19:11:12 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-subscription-logs/m-p/4325#M3205 mikand 2013-01-28T19:11:12Z