Advanced threat protection_Deep Learning

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Advanced threat protection_Deep Learning

L2 Linker

Hi,

PAN OS Version 10.2 support Advanced threat protection and its seems like , for any unknowns the metadata will be forwarded to cloud for deep learning mechanism (Correct me if i am wrong). My coroners are

  • how can we check what details has been uploaded to cloud for deep learning?
  • what action that firewall will take until the verdict is returned back to the firewall ( what if internet is down after uploading the data, it may take time to retrieve the verdict)

 

Also regarding the wildfire inspection, if the verdict is unknown to the firewall, the data will be uploaded to cloud for further analysis, until the verdict is returned back to the firewall, how does the firewall will treat that particular flow ( block or hold or allow)?

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

Cyber Elite
Cyber Elite

By default the Palo Alto firewall will alow traffic while waiting for verdict as to not cause performance issues that ICAP causes. You can use dynamic tags to quarantine source ip/user when the verdict is returned https://www.youtube.com/watch?v=WgG6Hi0T73g or also enable the inline ML learning on the firewall that can block the attack even without verdict from the cloud as extra security https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-100/con... .

 

 

Also you have reports on the firewall https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004N9oCAE&lang=en_US%E2%80%A... and a GUI portal https://docs.paloaltonetworks.com/advanced-wildfire/administration/monitor-wildfire-activity/use-the... where you can see what happened.

 

I have forgoten this but if the connection to the cloud is impacted I think that the files will be allowed if not blocked by the other Antivirus, Spyware or Vunrability profiles.

View solution in original post

1 REPLY 1

Cyber Elite
Cyber Elite

By default the Palo Alto firewall will alow traffic while waiting for verdict as to not cause performance issues that ICAP causes. You can use dynamic tags to quarantine source ip/user when the verdict is returned https://www.youtube.com/watch?v=WgG6Hi0T73g or also enable the inline ML learning on the firewall that can block the attack even without verdict from the cloud as extra security https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-100/con... .

 

 

Also you have reports on the firewall https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004N9oCAE&lang=en_US%E2%80%A... and a GUI portal https://docs.paloaltonetworks.com/advanced-wildfire/administration/monitor-wildfire-activity/use-the... where you can see what happened.

 

I have forgoten this but if the connection to the cloud is impacted I think that the files will be allowed if not blocked by the other Antivirus, Spyware or Vunrability profiles.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!