A company wants to ensure that any file uploaded to a specific cloud storage provider is immediately analyzed for malware, even if the file has never been seen before. Which action should be set in the WildFire Analysis Profile?
Comprehensive and Detailed 150 to 250 words of Explanation From Palo Alto Networks Network Security Analyst Knowledge:
In a WildFire Analysis Profile, the primary action for unknown files is to Forward them to the WildFire cloud for sandbox analysis. Unlike a standard "block" or "allow" action, forwarding initiates a behavioral analysis to determine if the file exhibits malicious characteristics.
For an analyst, the objective is to ensure that all relevant file types (PDFs, executables, etc.) are set to forward. If WildFire determines a file is malicious, it generates a new signature in as little as 5 minutes and pushes it to all firewalls globally. Some advanced implementations allow for "inline" blocking of files until the WildFire result is returned, but the fundamental configuration step for all zero-day protection is the forwarding of unknown content to the threat intelligence cloud.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit