07-16-2012 06:21 AM
Has anyone who has been using Wildfire encountered a case where a piece of Malware identified via the WF assessment has had the following in the summary:
"Malware came from a malware domain"
where the applicable URL category returned by Palo (Brightcloud online URL lookup) does not recognise it as a malware hosting domain?
I assume that the different services use different backend databases - but it's a bit annoying that there is a 'signature' (URL) available that would have prevented the download in 'one hand' that isn't being made available to the other hand!
07-16-2012 11:30 AM
Just guessing here but since PA is working on their own url category db to replace Brightcloud (I think this year already) then the db used in wildfire is the new PA db where the PA devices mostly use Brightcloud db today (I guess the new db is to be released for PANOS 5.0)?
Another idea might be how the resolution is performed - will Brightcloud check the full url and not just the domain part (Im thinking in case wildfire checks the full url like one folder on a webserver can be classified as malware while another folder is classified as something else)?
But yeah I agree, would be nice if any bad urls known by wildfire could be pushed out to the regular url-db so customers who doesnt run wildfire can take advantage of this (for example if you block access to url category "malware") but also so the bad malware isnt downloaded by the client at all (because stuff that hits wildfire has been downloaded by the clients).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!