This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Wildfire Submission Logs on Prisma Access

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Wildfire Submission Logs on Prisma Access

Sai_Tumuluri
L4 Transporter

on ‎11-22-2021 12:17 PM - edited on ‎11-22-2021 12:21 PM by

No ratings

The following article walks through the steps to verify the WildFire submission logs for Prisma Access deployment via the Panorama and Explore application on the hub.

 

Panorama

 

  1. To view samples submitted by a firewall to a WildFire public, private, or hybrid cloud, select Monitor  > Logs  >  WildFire Submissions
  2. Select the Device Group related to the Prisma Access tenant of interest.
    1.jpg
  3. When WildFire analysis of a sample is complete, the results are accessible in the WildFire Submissions logs. The submission logs include details about a given sample, including the following information:
    • The Verdict column indicates whether the sample is benign, malicious, phishing, or grayware.
    • The Action column indicates whether the firewall allowed or blocked the sample.
    • The Severity column indicates how much of a threat a sample poses to an organization using the following values: critical, high, medium, low, and informational.

      Information on different kinds of verdicts can be found here.
      2.jpg
  4. For an entry, select the Log Details icon to open a detailed log view for each entry:
    3.jpg
  5. Log Info provides details around the wildfire that shared the suspicious file and triggered the wildfire submission
    4.jpg
  6. For all samples, the WildFire analysis report displays file and session details. For malware samples, the WildFire analysis report is extended to include details on the file attributes and behavior that indicates the file was malicious.
    5.jpg

 

Explore App

To access the explore app, one must login into the hub. The Explore app is available for free for all customers. A complete guide to the Explore app can be found here


The following are steps to see wildfire submission logs via Explore app. 


  1. Select the Explore app from the list of activated apps on the hub
    6.jpg
  2. Select Threat logs from the log type selection
    7.jpg
  3. Subtype wildfire represents the logs represent the results of WildFire analysis:
    8.jpg

  4. Click on the ‘Details' view option to look into log details:
    9.jpg
  5. The ‘Details’ view will provide information on the traffic and threat details. ‘General’ will provide traffic information and threat details10.jpg
  6. Click on the ‘Details’ tab to get the hash of the file that triggered the wildfire.
    11.jpg

  7. Copy the file hash from the screen12.jpg
  8. Login into WildFire Portal and select Reports
    13.jpg

  9. Search using the file hash
    14.jpg


  10. Click on the ‘Details’ button to open the report in the new tab
    15.jpg

 

Rate this article:
Comments
MakotoT
L1 Bithead
‎03-27-2024 11:09 PM

Which region will the WF cloud service sent by Prisma Access ?

Reports cannot be viewed on global portal configured with template
I was able to confirm this on another portal.

How do Prisma Access decide on a destination?

 

If you know, please let me know.

s-hamamoto
L0 Member
‎03-27-2024 11:24 PM

According to the PDF at the following URL, it is determined by the Compute Location of Prisma Access.

https://www.paloaltonetworks.com/resources/datasheets/privacy-prisma-access

MakotoT
L1 Bithead
‎03-27-2024 11:58 PM

Thank you very much for helping me.

  • 4204 Views
  • 3 comments
  • 1 Likes
Register or Sign-in
Contributors
Article Dashboard
Version history
Last Updated:
‎11-22-2021 12:21 PM
Updated by:
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks