Wildfire Submission Logs on Prisma Access

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
L4 Transporter
Did you find this article helpful? Yes No
No ratings

The following article walks through the steps to verify the WildFire submission logs for Prisma Access deployment via the Panorama and Explore application on the hub.

 

Panorama

 

  1. To view samples submitted by a firewall to a WildFire public, private, or hybrid cloud, select Monitor  > Logs  >  WildFire Submissions
  2. Select the Device Group related to the Prisma Access tenant of interest.
    1.jpg
  3. When WildFire analysis of a sample is complete, the results are accessible in the WildFire Submissions logs. The submission logs include details about a given sample, including the following information:
    • The Verdict column indicates whether the sample is benign, malicious, phishing, or grayware.
    • The Action column indicates whether the firewall allowed or blocked the sample.
    • The Severity column indicates how much of a threat a sample poses to an organization using the following values: critical, high, medium, low, and informational.

      Information on different kinds of verdicts can be found here.
      2.jpg
  4. For an entry, select the Log Details icon to open a detailed log view for each entry:
    3.jpg
  5. Log Info provides details around the wildfire that shared the suspicious file and triggered the wildfire submission
    4.jpg
  6. For all samples, the WildFire analysis report displays file and session details. For malware samples, the WildFire analysis report is extended to include details on the file attributes and behavior that indicates the file was malicious.
    5.jpg

 

Explore App

To access the explore app, one must login into the hub. The Explore app is available for free for all customers. A complete guide to the Explore app can be found here


The following are steps to see wildfire submission logs via Explore app. 


  1. Select the Explore app from the list of activated apps on the hub
    6.jpg
  2. Select Threat logs from the log type selection
    7.jpg
  3. Subtype wildfire represents the logs represent the results of WildFire analysis:
    8.jpg

  4. Click on the ‘Details' view option to look into log details:
    9.jpg
  5. The ‘Details’ view will provide information on the traffic and threat details. ‘General’ will provide traffic information and threat details10.jpg
  6. Click on the ‘Details’ tab to get the hash of the file that triggered the wildfire.
    11.jpg

  7. Copy the file hash from the screen12.jpg
  8. Login into WildFire Portal and select Reports
    13.jpg

  9. Search using the file hash
    14.jpg


  10. Click on the ‘Details’ button to open the report in the new tab
    15.jpg

 

Rate this article:
Register or Sign-in
Contributors
Article Dashboard
Version history
Last update:
‎11-22-2021 12:21 PM
Updated by: