Wildfire Email Alerts

Reply
L4 Transporter

Wildfire Email Alerts

Hopefully quick one..

We used to get these alerts directly from the Wildfire cloud, but they have stopped (for a few months actually, I've only just got round to looking into it) - is this normal?

We do get the email alerts setup via the logging mechanism from the FW itself, but these do not contain all of the Wildfire specific information:-

wfalert.png

Cheers

Tags (1)
L7 Applicator

Hello apackard,

Could you please log into the wildfire portal @ https://wildfire.paloaltonetworks.com/ and verify one more time, if notification has been enabled for the mentioned S/N ( PAN FW).

1- Go to Settings > enable the check-box for malware/benigh file notification ( for the required S/N)

2- Update notification.

FYI.

wildfire-1.jpg

wildfire-2.jpg

Thanks

L4 Transporter

Hello apackard,

We had a similar situation but it was caused as a result of our appliance not forwarding the files to the wildfire cloud.  It is one of those things that if you don't get the email alerts you assume everything is OK.  We ended up re-registering the device with wildfire and that started things back up. Not sure if this the same situation or not.  What I would verify first is that you are actually forwarding files to the Wildfire Cloud and then check the notification settings as  Hulk suggests in the previous reply.

Phil

L4 Transporter

Many thanks all, and update.

I did (and do) have the alerts enabled in the portal.  I ended up 're-enabling' by selecting the 'All' tick box and re-saving, then testing with the WF test PE and I did get an email after that test.

Everything looked OK at this point, but this morning I was reviewing my logs and noticed that WF triggered 5 times on malicious files trying to download (we were prompted to look as we have an AV alert from a PC) and I had not received an emails from WF.

As HITSSEC noted above, it is *incredibly* frustrating where you cannot rely on an alert coming through to initiate action...!

L4 Transporter

Apackard,

We have daily report that can be emailed to let you know that files are being sent to the Wildfire cloud.   Se Below:

Capture-Pan-job.PNG

Sample output looks like this:

Capture-WF-stats.PNG

This reporting / monitoring on Wildfire will help you recognize that there may be an issue fairly soon as opposed to going days or weeks in the dark about the status of Wildfire connectivity from your appliance.

Hope this helps,

Phil

L7 Applicator

For future reference, please check the following KB article:

WildFire Email Alerts: Subscribe or Add Additional Recipients

Best regards,

Mariano Ivaldi

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!