WildFire Logs versus Blocking.

Reply
Highlighted
L4 Transporter

WildFire Logs versus Blocking.

For WildFire logs in 5.0.2 there is some confusion about the subscription.  The question most ask is whether the lack of a wildfire subscription will still allow the logs in the WildFIre section to accurately alert if a file is potentially malware. And in a general sense what the WildFire subscription gives you.

Tags (1)
Highlighted
L3 Networker

WildFire logs will still have the files analyzed against up to date information from the cloud, the subcription is to get those updates every 15 minutes and not over 24 hours. File rules establish the action for each EXE/PE file downloaded.

Highlighted
L4 Transporter

Wildfire will function the same as in the non subscription version except the summary report you get via email is now in the console.  If you have panorama or a siem you can more easily look at historical wildfire information or port the wildfire logs off to a separate place for analysis etc. The Wildfire logs will only come down to the console if you have the subscription service.  Also you will get hourly wildfire AV files with the latest signatures as opposed to the daily AV files (which you will still get if you have a threat subscription).

Hope this adds some clarity?

Highlighted
L4 Transporter

Thanks HITSEC.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!