Monday, November 23, 2015

howto submit files for analysis via WildFire

The Palo Alto  wildfire portal allows for you to submit files for analysis using the WildFire Analysis within the security policy. The process requires you to have a PA firewall  license and portal access & reachability.



The firewall can also submit suspect files also. In this post we will look at a manual process. You have upto 1K submittals that you can do per-day. The hard coded default size limits is 10MB or less. Not all files are supported.

 

 

After submittal , you can use both the dashboard or summary to get  status on file verdicts.

Ensure tcp-port 443 is allowed to  wildfire.paloaltonetworks.com  if you are behind a upstream filter or firewall.


 





 




The WildFire reports are detailed and can provide insight with it's findings.

 


If you fear the public cloud approach, you can purchase a  WildFire Appliance and perform localize analysis on the appliance. This approach along with the  fireEye appliance,  is widely accepted in SOC environments.


A good source for  malware samples are available at the zoo  http://ytisf.github.io/theZoo/