This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

WildFire - how to configure the frequency of file submission to Wildfire cloud for analysis?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

WildFire - how to configure the frequency of file submission to Wildfire cloud for analysis?

Eugene_Alejandro
L2 Linker

‎04-18-2017 09:00 PM - edited ‎04-18-2017 09:02 PM

Hello Everyone, I did not manage to get this information in other online resources and in Wildfire -> General Settings does not seem to have this option. Hence I am asking for your help on these questions:

 

  1. How can I configure the "frequency" of my PaloAlto as to when it will send sample files to WildFire cloud for analysis? (e.g. time interval, every hour? days? etc.) or it's on active monitoring status and will automatically capture any suspicious / doubtful file?
  2. How does my PaloAlto determine if a file is malicious or not? Any documentation around this area would be very helpful.
  3. How can i change/add the email address so that other recipient can get the notification email from report@wildfire.paloaltonetworks.com regarding the results of their analysis.

Thanks a lot!

 

0 Likes Likes
3 REPLIES 3

Mourik
L0 Member

‎04-18-2017 09:55 PM

Hi,

 

A few short answers on your queastions:
1. The files will be uploaded to the WildFire cloud on the fly as they get through the PA

2. The cloud sandboxing is determening whether a file is maliciuos or not.

3. Users with an account on the WildFire portal will receive the notifications. 

 

Elmar

0 Likes Likes

Eugene_Alejandro
L2 Linker
In response to Mourik

‎04-18-2017 11:13 PM

Great inputs @Mourik, thanks a lot.

All my relevant security policies are using my wildfire profile (which i instructed to capture any app, any file type, both direction with the Analysis on "Public-cloud), so with this I can say my traffic is pretty covered with wildfire.

I will tell my boss who is the main account holder for wildfire, thanks so much for your response. 

0 Likes Likes

Raido_Rattameister
Cyber Elite
Cyber Elite
In response to Eugene_Alejandro

‎04-20-2017 09:22 PM

If file passes Palo then hash is taken and checked against Wildfire cloud if this file has been scanned already.

If yes then based on previous verdict it is decided if file is benign, grayware or malware.

 

Benign is clean.

Grayware is something that does not install automatically but is something security aware people dislike (browser toolbars that leak data for example).

Malware is something that behaves maliciously.

 

If file has not been checked before then file is passed on to user but copy is sent to cloud to be analyzed.

 

Verdict will come in 5 minutes and if configured to block viruses found by Wildfire (there are 2 databases - AV and Wildfire) then Palo starts blocking malicious traffic that this virus generates.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
0 Likes Likes
  • 2082 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks