8 • PAN-OS 6.1 Release Notes Palo Alto Networks
Features Introduced in PAN-OS 6.1 PAN-OS 6.1 Release Information
WildFire Email Link
Analysis
The firewall can now extract HTTP/HTTPS links contained in SMTP and POP3 email
messages and forward the links to the WildFire public cloud for analysis (this feature is not
supported on the WF-500 WildFire appliance). Enable this functionality by configuring the
firewall to forward the email-link file type. Note that the firewall only extracts links and
associated session information (sender, recipient, and subject) from the email messages that
traverse the firewall; it does not receive, store, forward, or view the email message.
After receiving an email link from a firewall, WildFire visits the links to determine if the
corresponding web page hosts any exploits. If it detects malicious behavior on the page, it
returns a malicious verdict and:
• Generates a detailed analysis report and logs it to the WildFire Submissions log on the
firewall that forwarded the links. This log now includes the email header
information-email sender, recipient and subject-so that you can identify the message and
delete it from the mail server and/or track down the recipient and mitigate the threat if
the email has already been delivered and/or opened.
• Adds the URL to PAN-DB and categorizes it as malware.
Note that if the link corresponds to a file download, WildFire does not analyze the file.
However, the firewall will forward the corresponding file to WildFire for analysis if the end
user clicks the link to download it as long as the corresponding file type is enabled for
forwarding. Note also that WildFire does not send a log to the firewall if it determines a link
to be benign even if you have enabled logging of benign files because of the large number
of logs this would generate.
WildFire Analysis Report
Enhancements
The WildFire detailed report provides new forensic details to help you quickly identify
threat severity and signature coverage status:
• The report now provides details about each behavior that the sample file exhibits and the
corresponding Severity of each behavior. A visual gauge provides an at-a-glance indicator
of severity level; one bar indicates low severity and each additional bar indicates a higher
severity level.
• A new Coverage Status section dynamically updates when the report is rendered on the
firewall. This section displays up-to-date information about what signature and URL
filtering coverage that Palo Alto Networks currently provides to protect against the
threat.
Windows 7 64-bit
Support
WildFire now supports the Microsoft Windows 7 64-bit sandbox environment on both the
WildFire public cloud and the WF-500 WildFire appliance. Support for this environment on
the WF-500 appliance requires that you upgrade the appliance OS to 6.1 and install the
Windows 7 64-bit image.
WildFire XML API
Support on the WildFire
Appliance
The WF-500 appliance now supports the WildFire XML API. To use WildFire XML API
with the appliance, you must generate the API key on the appliance. The WF-500 appliance
supports up to 100 API keys.
New WildFire Feature Description
(104 Seiten)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern