So I have been running Palo Alto just shy of a year now, and as I look at my logging it occurs to me that aside from testing against EICARS I have never seen Wildfire or AV trigger "in the wild".
My organization has full endpoint protection and the firewall has enough policies including SSL decryption that it should be protecting my users from ending up at places where they would get bad things. In addition we have a reasonably solid cyber security training program in place.
Still I find it somewhat unbelievable this thing has never triggered. In fact not even an AV alert either. Plenty of traffic based alerts and actions though coming from the untrust zone.... but no AV alerts, no Wildfire uploads...
Whats your experience?
... View more