03-25-2024 11:08 AM
Hi Community!
I wanted to better understand how Palo Alto ties it's detections with its Unique Threat ID to the Wildfire Virus Detections.
For example, we have been receiving a steady amount of alerting for a Virus File and Palo Alto gives us the file name. If I search for the Unique Threat ID, I can see SHA-256's that Palo ties to it.
So my question is, are Palo Alto Virus Detections tied to a file name or can it actually pick up SHA-256's in network connections. Is the association made through the Unique Threat ID accurate? Or can it lead to false positives because it's only detecting based on file name?
Thank you in advance!
03-25-2024 06:15 PM
Palo Alto Networks' virus detection is not based on the file name nor the SHA-256 hash value. The Antivirus signature is based on a byte pattern that is generated from the malicious sample analyzed by WildFire. On Threat Vault, you see the SHA-256 hashes of the associated malware samples.
Reference:
https://live.paloaltonetworks.com/t5/pancast-episodes/pancast-episode-20-threat-logs-av/ta-p/546632
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
