You will not see every single downloaded file in the WildFire Dashboard reports. If that would be the cause it would require a huge amount of cloud space. The WildFire Dash reports will be blank at all times, unless there has been downloaded a file unknown by the PA WildFire database. Once having a Data Filter in place with <forward> action, every file will be send to WildFire for a data file checksum check, if the file is already known it will not be reported in the WildFire report and will let the user to download the file. If the File is unknown by the DB, it will be checked, by executing the file in the cloud, looking at the results of the file execution, looking at the damage it can cause to a operation system, creating a report on it and later decide what to do , to allow the user to download the file or not. So if you don’t see any reports on WildFire this is not a bad thing and it does not mean that your configurations did not work. So think of a WilfFire as of a virtual computer somewhere in the cloud that would take a unknown executable file or a virus and will intentionally install it on it, just to check if the executable file is safe or not. And after it checks as safe file it will pass the file to your computer, if it is unsafe the file will never touch your computer. But if you need to check on the files downloaded you can always refer to the PA GUI interface, Monitor->Logs->Data Filtering. Here is some info and some tips how to know if the WildFire is working or not: https://live.paloaltonetworks.com/docs/DOC-2670 Configuration instructions: https://live.paloaltonetworks.com/docs/DOC-2029 Hope this helps.
... View more