Hi folks,
We have a Wildfire public cloud subscription, dynamic updates, and security profile configured.
I've been asked, "How do we know it's doing anything?".
When I look at Wildfire submissions, the last submissions are from January and end of last year.
I am looking at this article and our settings, I don't think our's looks correct. Our File Blocking rule is empty and the Wildfile analysis does not look linked to the File blocking profile either.
So while we are enabled for Wildfire, I don't think it is doing anything because not configured right.
We should at least have a File Blocking rule in place for it to do anything right?
Hello,
Check your wildfire config and see if its se to report greyware and benign files. When I fileted my logs to remove the benign files, there was not much shown.
Device tab -> Setup -> Wildfire
That could be why you dont see any activity in the Monitor Logs.
Hope that helps.
Hello,
Check your wildfire config and see if its se to report greyware and benign files. When I fileted my logs to remove the benign files, there was not much shown.
Device tab -> Setup -> Wildfire
That could be why you dont see any activity in the Monitor Logs.
Hope that helps.
Thank you!
Ok, getting close, but still a little confused. This text from my 7.0 training seems to indicate that they may operate and detect separately? Meaning I could have no File Blocking rule (like my company has here) and just a Wildfire rule for PE and those files would be shipped off to Wildfire Cloud?
However, this Wildfire test PE URL: http://wildfire.paloaltonetworks.com/publicapi/test/pe does not show up as uploaded to Wildfire when I run command: debug wildfire upload-log show.
I may need to call support to get all this cleared up.
