I am setting up my lab PA-200 for Wildfire. I had a question about the monitoring logs. I understand that using the Wildfire portal, you have to configure the global settings of what meta information to send to the Wildfire servers to see that info. (URL, src-dst IP, username, etc)
If you have the subscription is this information still sent? Since all of the data is local I am not certain that it would be necessary to send that metadata to the cloud in order for the local firewall to still log the metadata. Does anyone have a definitive answer on this?
I think these settings are part of statistics over at PaloAlto but also replicated into the email you get sent (along with the online report) once a malware is found.
Simply to make it easier for you so you dont have to login to your PA-device to find out these values.
So if you doesnt send these values into the cloud and have a wildfire subscription I think you can find these values manually by digging through your wildfire log in your PA-device.
Just to clarify: If I have a security policy that prohibits the disclosure of things like internal IP, username, etc. then what I was wondering if the potential malware payload would be sent to Wildfire cloud, information returned, and the metadata re-associated with the original file. I am guessing that metadata would not really need to be sent in order to correlate the Wildfire payload with the logs but I am looking for clarification.
Hopefully someone from PA could reply to your question - I simply dont know 😞
However if you are sensitive of which data you send into the cloud you could join the feature request (which I know exists because I have sent one myself 🙂 of an in-house wildfire (that is you get/buy one or more appliance box(es) at your own datacenter to perform the analysis and by that the data never leaves your datacenter).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!