The Palo Alto
wildfire portal allows for you to submit files for analysis using the WildFire Analysis within the security policy. The process requires you to have a PA firewall license and portal access & reachability.
The firewall can also submit suspect files also. In this post we will look at a manual process. You have upto 1K submittals that you can do per-day. The hard coded default size limits is 10MB or less. Not all files are supported.
After submittal , you can use both the
dashboard or
summary to get status on file verdicts.
Ensure tcp-port 443 is allowed to wildfire.paloaltonetworks.com if you are behind a upstream filter or firewall.
The WildFire reports are detailed and can provide insight with it's findings.
If you fear the public cloud approach, you can purchase a WildFire Appliance and perform localize analysis on the appliance. This approach along with the fireEye appliance, is widely accepted in SOC environments.
A good source for malware samples are available at the zoo
http://ytisf.github.io/theZoo/
I have been using AVG security for a number of years now, and I'd recommend this solution to all you.
ReplyDelete