Which Cli Command Is Used To Verify Successful File Uploads To Wildfire?

Verify File Forwarding

Later the firewall is ready upwards to Forward Files for WildFire Analysis, apply the following options to verify the connexion between the firewall and the WildFire public or individual cloud, and to monitor file forwarding.

Several of the options to verify that a firewall is forwarding samples for WildFire analysis are CLI commands; for details on getting started with and using the CLI, refer to the PAN-Bone CLI Quick Start Guide.

Verify that the firewall is communicating with a WildFire server(s).

Apply the

test wildfire registration

command to verify that the firewall is connected to a WildFire private cloud, the WildFire public cloud, or both.

The following example output is for a firewall in a private clouddeployment:



The instance output confirms that the firewall is connected to the WildFire private cloud, and is non connected to the WildFire public cloud (public cloud registration fails).

If the firewall is configured in a hybrid deject deployment, check that the firewall is successfully registered with and continued to both the WildFire public cloud and a WildFire individual deject.

Verify the condition of the firewall connection to the WildFire public and/or private cloud, including the total number of files forwarded past the firewall for analysis.

Use the

prove wildfire condition

command to:

Check the status of the WildFire public and/or private deject to which the firewall is connected. The status

Idle

indicates that the WildFire cloud (public or private) is ready to receive files for analysis.

Ostend the configured size limits for files forwarded by the firewall ().

Monitor file forwarding, including how the full count of files forwarded by the firewall for WildFire analysis. If the firewall is in a WildFire hybrid cloud deployment, the number of files forwarded to the WildFire public cloud and the WildFire private cloud are besides displayed.

The following example shows the

show wildfire status

output for a firewall in a WildFire private cloud deployment:



To view forwarding data for just the WildFire public cloud or WildFire individual cloud, utilize the following commands:

evidence wildfire condition aqueduct public

bear witness wildfire status aqueduct individual

View samples forwarded past the firewall co-ordinate to file type (including email links).

Utilize this option to confirm that email links are being forwarded for WildFire analysis, since only email links that receive a malicious or phishing verdict are logged equally

WildFire Submissions

entries on the firewall, fifty-fifty if logging for beneficial and grayware samples is enabled. This is due to the sheer number of WildFire Submissions entries that would be logged for benign email links.

Use the

show wildfire statistics

control to confirm the file types beingness forwarded to the WildFire public or individual cloud:

The control displays the output of a working firewall and shows counters for each file type that the firewall forwards for WildFire analysis. If a counter field shows 0, the firewall is not forwarding that file type.

Ostend that electronic mail links are being forwarded for analysis by checking that the following counters do not prove naught:

FWD_CNT_APPENDED_BATCH

—Indicates the number of email links added to a batch waiting for upload to WildFire.

FWD_CNT_LOCAL_FILE

— Indicates the total number of email links uploaded to WildFire.

Verify that a specific sample was forwarded by the firewall and check that condition of that sample.

This option can be helpful when troubleshooting to:

Confirm that samples that have not however received a WildFire verdict were correctly forwarded by the firewall. Because

WildFire Submissions

are logged on the firewall simply when WildFire analysis is consummate and the sample has received a WildFire verdict, use this option to verify the firewall forwarded a sample that is currently undergoing WildFire analysis.

Rails the status for a single file or email link that was allowed according to your security policy, matched to a WildFire Analysis profile, and then forwarded for WildFire analysis.

Check that a firewall in a hybrid cloud deployment is forwarding the correct file types and email links to either the WildFire public cloud or a WildFire private deject.

Execute the following CLI commands on the firewall to view samples the firewall has forwarded WildFire analysis:

View all samples forwarded by the firewall with the CLI control

debug wildfire upload-log

.

View only samples forwarded to the WildFire public deject with the CLI command

debug wildfire upload-log channel public

.

View only samples forwarded to the WildFire private cloud with the CLI control

debug wildfire upload-log channel private

.

The following example shows the output for the three commands listed higher up when issued on a firewall in a WildFire public cloud deployment:



Monitor samples successfully submitted for WildFire analysis.

Using the firewall web interface, select . All files forwarded by a firewall to the WildFire public or private cloud for analysis are logged on the WildFire Submissions page.

Check the WildFire verdict for a sample:

By default, merely samples that receive malicious or phishing verdicts are displayed equally

WildFire Submissions

entries. To enable logging for benign and/or grayware samples, select .

Enable logging for benign files as a quick troubleshooting step to verify that the firewall is forwarding files. Check the

WildFire Submissions

logs to verify that files are being submitted for analysis and receiving WildFire verdicts (in this instance, a benign verdict).

Ostend the assay location for a sample:

The

WildFire Cloud

column displays the location to which the file was forwarded and where it was analyzed (public deject or private cloud). This is useful when deploying a hybrid cloud.

Source: https://docs.paloaltonetworks.com/wildfire/8-1/wildfire-admin/submit-files-for-wildfire-analysis/verify-wildfire-submissions/verify-file-forwarding.html

Posted by: riggsyoughted.blogspot.com

Share this post