WildFire email alerts can be generated on the Palo Alto Networks firewall (THREAT ALERT) or on the cloud (WildFire analysis report), as shown in the example below. The email that comes from the firewall is different than the email coming from the cloud. They both can be configured at the same time. If they are both configured, the first time a file is analyzed for a verdict, an e-mail alert for both will be received at about the same time.
If the file was a known file (a verdict needed not to be determined), there will not be a WildFire analysis report, however there will be a THREAT ALERT generated for both known or unknown files.
Below is an example of a WildFire email alert generated on the firewall:
Shown below is an example of a WildFire email alert generated from the cloud:
The following is an example of a detailed forensics report that appears when the user clicks on the provided link (shown above):
Configuring WildFire alerts to be sent from the firewall
Email alerts can be sent to only two recipients, (comma, space or semicolon separated values are not supported). The recipients can be on email distribution lists.
Configuring email alerts to be sent from the WildFire cloud
These alerts can be subscribed to each WildFire user. To create a WildFire user reference the following link:: How to Create a WildFire User