Hopefully quick one..
We used to get these alerts directly from the Wildfire cloud, but they have stopped (for a few months actually, I've only just got round to looking into it) - is this normal?
We do get the email alerts setup via the logging mechanism from the FW itself, but these do not contain all of the Wildfire specific information:-
Could you please log into the wildfire portal @ https://wildfire.paloaltonetworks.com/ and verify one more time, if notification has been enabled for the mentioned S/N ( PAN FW).
1- Go to Settings > enable the check-box for malware/benigh file notification ( for the required S/N)
2- Update notification.
We had a similar situation but it was caused as a result of our appliance not forwarding the files to the wildfire cloud. It is one of those things that if you don't get the email alerts you assume everything is OK. We ended up re-registering the device with wildfire and that started things back up. Not sure if this the same situation or not. What I would verify first is that you are actually forwarding files to the Wildfire Cloud and then check the notification settings as Hulk suggests in the previous reply.
Many thanks all, and update.
I did (and do) have the alerts enabled in the portal. I ended up 're-enabling' by selecting the 'All' tick box and re-saving, then testing with the WF test PE and I did get an email after that test.
Everything looked OK at this point, but this morning I was reviewing my logs and noticed that WF triggered 5 times on malicious files trying to download (we were prompted to look as we have an AV alert from a PC) and I had not received an emails from WF.
As HITSSEC noted above, it is *incredibly* frustrating where you cannot rely on an alert coming through to initiate action...!
We have daily report that can be emailed to let you know that files are being sent to the Wildfire cloud. Se Below:
Sample output looks like this:
This reporting / monitoring on Wildfire will help you recognize that there may be an issue fairly soon as opposed to going days or weeks in the dark about the status of Wildfire connectivity from your appliance.
Hope this helps,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!