Who rated this post

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Who rated this post

dfalcon
L4 Transporter

Most everything is handled locally, with the exception of malware verdicts.  Instead of leveraging signature files, the agent will check with WildFire via a SHA-256 hash.  If the file is known, it will respond accordingly.  If it is unknown, local analysis will score the file and make a temporary verdict.  At the same time the file is uploaded and detonated in WildFire.  After analysis, the file is known.  This logic is the same logic that applied in the on-premise ESM.

 

Do you have connectivity challenges or are you trying to limit internet traffic?


David Falcon 
Solutions Architect, Cortex
Palo Alto Networks® 
Who rated this post