https://live.paloaltonetworks.com/t5/general-topics/wildfire-categorizing-as-cat-threat-but-not-sure-why-how-to/m-p/357263#M87748 <P>The way I've been doing it is via the WildFire page at&nbsp;<A href="https://wildfire.paloaltonetworks.com/" target="_blank">https://wildfire.paloaltonetworks.com/</A></P><P>&nbsp;</P><P>Go to the Reports page and find the entry (if any). Click on the report icon on the left column, scroll to the bottom of the page and report an incorrect verdict. This page only shows what your firewall has uploaded to WildFire, so if another PAN customer was patient zero, you won't see it in here. If you don't see it listed but still want to report it as a false positive, you'll need to upload the file in question on the Upload Sample page. Once the upload is complete, go back to the reports page and you'll see it at the top of the list. You'll then be able to report the incorrect verdict.</P><P>&nbsp;</P><P>If you have your firewall configured to send you the WildFire report PDF to you via e-mail, you can do the same report incorrect verdict via that PDF as well.</P> Mon, 19 Oct 2020 20:26:16 GMT kalakai 2020-10-19T20:26:16Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-categorizing-as-cat-threat-but-not-sure-why-how-to/m-p/357234#M87743 <P>Hi everyone,</P><P><BR />Apologies in advance if this has been asked, but this is my first post re: Wildfire.</P><P>&nbsp;</P><P>We receive e-mail alerts via our SIEM when something is categorized as malicious from our PA device, but I noticed that all that is listed within the payload that tells me why it was categorized as a threat is:</P><P>&nbsp;</P><P>"cat=THREAT"&nbsp;</P><P>&nbsp;</P><P>As well as the hash which has no matches in VirusTotal.&nbsp;</P><P>&nbsp;</P><P>I can tell by the sending e-mail and recipient that this is a false positive (as well as the subject line) so how can I ensure that wildfire learns this is not a threat? There is not much I can go off of in terms of the payload. I would just like to fine tune our alerts in PA/wildfire.&nbsp;</P><P><BR />Thank you in advance!</P> Mon, 19 Oct 2020 18:42:06 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-categorizing-as-cat-threat-but-not-sure-why-how-to/m-p/357234#M87743 EdwardShim 2020-10-19T18:42:06Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-categorizing-as-cat-threat-but-not-sure-why-how-to/m-p/357263#M87748 <P>The way I've been doing it is via the WildFire page at&nbsp;<A href="https://wildfire.paloaltonetworks.com/" target="_blank">https://wildfire.paloaltonetworks.com/</A></P><P>&nbsp;</P><P>Go to the Reports page and find the entry (if any). Click on the report icon on the left column, scroll to the bottom of the page and report an incorrect verdict. This page only shows what your firewall has uploaded to WildFire, so if another PAN customer was patient zero, you won't see it in here. If you don't see it listed but still want to report it as a false positive, you'll need to upload the file in question on the Upload Sample page. Once the upload is complete, go back to the reports page and you'll see it at the top of the list. You'll then be able to report the incorrect verdict.</P><P>&nbsp;</P><P>If you have your firewall configured to send you the WildFire report PDF to you via e-mail, you can do the same report incorrect verdict via that PDF as well.</P> Mon, 19 Oct 2020 20:26:16 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-categorizing-as-cat-threat-but-not-sure-why-how-to/m-p/357263#M87748 kalakai 2020-10-19T20:26:16Z