WildFire - how to configure the frequency of file submission to Wildfire cloud for analysis?

cancel
Showing results for 
Search instead for 
Did you mean: 

WildFire - how to configure the frequency of file submission to Wildfire cloud for analysis?

Hello Everyone, I did not manage to get this information in other online resources and in Wildfire -> General Settings does not seem to have this option. Hence I am asking for your help on these questions:

 

  1. How can I configure the "frequency" of my PaloAlto as to when it will send sample files to WildFire cloud for analysis? (e.g. time interval, every hour? days? etc.) or it's on active monitoring status and will automatically capture any suspicious / doubtful file?
  2. How does my PaloAlto determine if a file is malicious or not? Any documentation around this area would be very helpful.
  3. How can i change/add the email address so that other recipient can get the notification email from report@wildfire.paloaltonetworks.com regarding the results of their analysis.

Thanks a lot!

 

3 REPLIES 3

L0 Member

Hi,

 

A few short answers on your queastions:
1. The files will be uploaded to the WildFire cloud on the fly as they get through the PA

2. The cloud sandboxing is determening whether a file is maliciuos or not.

3. Users with an account on the WildFire portal will receive the notifications. 

 

Elmar

Great inputs @Mourik, thanks a lot.

All my relevant security policies are using my wildfire profile (which i instructed to capture any app, any file type, both direction with the Analysis on "Public-cloud), so with this I can say my traffic is pretty covered with wildfire.

I will tell my boss who is the main account holder for wildfire, thanks so much for your response. 

If file passes Palo then hash is taken and checked against Wildfire cloud if this file has been scanned already.

If yes then based on previous verdict it is decided if file is benign, grayware or malware.

 

Benign is clean.

Grayware is something that does not install automatically but is something security aware people dislike (browser toolbars that leak data for example).

Malware is something that behaves maliciously.

 

If file has not been checked before then file is passed on to user but copy is sent to cloud to be analyzed.

 

Verdict will come in 5 minutes and if configured to block viruses found by Wildfire (there are 2 databases - AV and Wildfire) then Palo starts blocking malicious traffic that this virus generates.

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE, PCNSE, PCNSI
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!