Wildfire query

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Wildfire query

L1 Bithead

How long will wildfire do the analyze malicious behavior?

1 accepted solution

Accepted Solutions

With Wildfire Subscription on OS-5.0 ,Wildfire Updates can be delivered to all WildFire subscribers within one hour.

To verify ,navigate to Device>Dynamic Updates and check the Release Date timestamp  for Wildfire on the WebUI.

View solution in original post

4 REPLIES 4

L1 Bithead

For example, wildfire detected an unusual behavior of application then it send something on the wildfire cloud. If the client have a subscription for 30 to 60 minutes update. How long can wildfire send a patch for that application on the end-user? or i mean how long does wildfire cloud can evaluate the application as malware or threat?

With Wildfire Subscription on OS-5.0 ,Wildfire Updates can be delivered to all WildFire subscribers within one hour.

To verify ,navigate to Device>Dynamic Updates and check the Release Date timestamp  for Wildfire on the WebUI.

In that case, the moment palo alto detect some unusual behavior or suspicious file it sends data  to the wildfire cloud. Then client will just wait for 30 to 60 minutes for palo alto to deliver the updates and new signatures. It doesn't matter how difficult for that signatures to be created. Is that correct?


The PA unit doesnt do any analyse on its own.

You setup firewall rules on which traffic (files) to be sent to wildfire for analyze (allow-and-forward).

If you have a WF-500 appliance the files never leave your datacenter (compared to the cloudbased Wildfire where the files are sent into some Amazon EC2 cloud setup) unless when malware is detected then the malware file is being forwarded to PaloAlto so a signature will be created.

Once the files has been sent the first check (unfortunately) is if the binrary is signed by a trusted CA or not - if its signed it wont be checked (I hope this will change in future looking at cases such as stuxnet and flame who used real CA certs from Realtek (among others) to sign their malware) samt goes if the file has already been investigated previously.

Once its being checked and if identified as malware the signature for this file will be available within one hour for those with a wildfire-subscription - the rest will have to wait for the weekly updated of the threat db to get the same signature.

  • 1 accepted solution
  • 3128 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!