Firewall integration with other sandbox.

Reply
L1 Bithead

Firewall integration with other sandbox.

 

Colleagues, good afternoon. There was a question about integrating a firewall with third-party sandboxes to send files for review, such as cuckoosandbox or checkpoint, is there such an opportunity and where can I find documentation or information about similar experiences?

Tags (1)
Community Manager

Re: Firewall integration with other sandbox.

This option currently does not exist

 

You can always reach out to your local sales team so they can start a Feature Request for you


Help the community: Like helpful comments and mark solutions
Reaper out
L1 Bithead

Re: Firewall integration with other sandbox.

Ok, thank you for answer. Does wildfire have functionality for checking files on third-party resources besides virus total? It is necessary that after checking in wildfire the file is delayed until the file information from a third-party resource is received.

L7 Applicator

Re: Firewall integration with other sandbox.

 


@ColaNet wrote:

Does wildfire have functionality for checking files on third-party resources besides virus total?


That currently doesn't exist. Palo Alto has formed a lot of partnerships with other companies so that it isn't just using virus total, but you currently can't control this at all.

 


@ColaNet wrote:

 It is necessary that after checking in wildfire the file is delayed until the file information from a third-party resource is received.


That's not a functionality of WildFire at all. When the firewall sees a file it will check the files hash against its database of verdicts. IF it has never seen that hash before, the firewall will allow the file and take a copy for analysis; by the time it's being analysed by WildFire the file transfer to the first client has already finished. 

L4 Transporter

Re: Firewall integration with other sandbox.

When you say 

 

the firewall will allow the file and take a copy

 

Does this mean that this PC can get infected as PA paases the traffic but remaning users who want to access this

file will wait for WF verdict and can be protected if WF finds that file has bad data?

L6 Presenter

Re: Firewall integration with other sandbox.


@MP18 wrote:

When you say 

 

the firewall will allow the file and take a copy

 

Does this mean that this PC can get infected as PA paases the traffic but remaning users who want to access this

file will wait for WF verdict and can be protected if WF finds that file has bad data?


 

No, other user would also still receive the file if there isn't a signature.  The file is sent to the user (potentially malicious) and the user has potentially received something malicious that you will need to remediate after a WF verdict is reached.

L4 Transporter

Re: Firewall integration with other sandbox.

so it means if PA does not have signature for some file still we can get infected?

L7 Applicator

Re: Firewall integration with other sandbox.

@MP18,

Correct. The advantage there is that WildFire will tell you post-analysis so you can investigate and remediate the issue much faster than waiting for an end-user to actually report a problem. 

L4 Transporter

Re: Firewall integration with other sandbox.

Good to know that.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!