WildFire Email Alerts: How to Subscribe or Add Additional Recipients

by mivaldi on ‎08-26-2014 01:19 PM - edited on ‎09-10-2015 02:44 PM by (22,383 Views)

Details

WildFire email alerts can be generated on the Palo Alto Networks firewall (THREAT ALERT) or on the cloud (WildFire analysis report), as shown in the example below. The email that comes from the firewall is different than the email coming from the cloud. They both can be configured at the same time. If they are both configured, the first time a file is analyzed for a verdict, an e-mail alert for both will be received at about the same time.

Screen Shot 2014-08-26 at 12.48.01 PM.png

 

If the file was a known file (a verdict needed not to be determined), there will not be a WildFire analysis report, however there will be a THREAT ALERT generated for both known or unknown files.

 

Below is an example of a WildFire email alert generated on the firewall:

Screen Shot 2014-08-26 at 12.40.33 PM.png

 

Shown below is an example of a WildFire email alert generated from the cloud:

Screen Shot 2014-08-26 at 12.42.53 PM.png

 

The following is an example of a detailed forensics report that appears when the user clicks on the provided link (shown above):

Screen Shot 2014-08-26 at 12.44.18 PM.png

Screen Shot 2014-08-26 at 12.45.41 PM.png

 

Steps

Configuring WildFire alerts to be sent from the firewall

Email alerts can be sent to only two recipients, (comma, space or semicolon separated values are not supported). The recipients can be on email distribution lists.

  1. Email alerts are configured under Device > Server Profiles > Email:
    Screen Shot 2014-08-26 at 12.54.53 PM.png
  2. Alerts can be activated under Objects > Log Forwarding > WildFire Settings and Add the previously configured email profile under Benign_x_Email and Malicious_x_Email:Screen Shot 2014-08-26 at 12.56.07 PM.png
  3. Make sure that the relevant policies have the Log Forwarding profile setting activated under Policies > Security and the User's policies:Screen Shot 2014-08-26 at 12.58.46 PM.png

 

Configuring email alerts to be sent from the WildFire cloud

These alerts can be subscribed to each WildFire user. To create a WildFire user reference the following link:: How to Create a WildFire User

  1. Login with the assigned WildFire user at: https://wildfire.paloaltonetworks.com/
  2. Go to Settings > Configure Alerts and search for the firewall serial numbers desired to subscribe to for alerts, and whether the user wises to receive an alert for verdicts resulting as malware or benign.
  3. Once the appropriate check boxes are selected, click on 'Update Notification' to apply changes.
    Screen Shot 2014-08-26 at 1.12.12 PM.png

 

owner: mivaldi

 

Comments
by TCC
on ‎10-14-2016 01:28 AM

The User which send a mail from extern to intern through the Palo Alto Wildfire, and the Palo Alto block the mail, do the user from extern or intern get a Info that his mail would blocked from wildfire?

or is this not possible?

Only the Administrator get infos?!

 

thxxxx

by
on ‎10-14-2016 11:01 AM

@TCC, If your question is:

"Can WildFire be configured to respond to the email sender that the email was blocked due to an attachment?"

 

Then the answer right now is no. I do not believe that this is possible.

 

If you would like this as a feature, then I would recommend talking with your Sales Engineer about this feature, and they will be able to put in a feature request for this.

Ask Questions Get Answers Join the Live Community
Contributors