Advanced WildFire Powered by Precision AI™
show wildfire global
Table of Contents
Expand All
|
Collapse All
Advanced WildFire
-
-
- Forward Files for Advanced WildFire Analysis
- Manually Upload Files to the WildFire Portal
- Forward Decrypted SSL Traffic for Advanced WildFire Analysis
- Enable Advanced WildFire Inline Cloud Analysis
- Enable Advanced WildFire Inline ML
- Enable Hold Mode for Real-Time Signature Lookup
- Configure the Content Cloud FQDN Settings
- Sample Removal Request
- Firewall File-Forwarding Capacity by Model
-
-
-
- set deviceconfig cluster
- set deviceconfig high-availability
- set deviceconfig setting management
- set deviceconfig setting wildfire
- set deviceconfig system eth2
- set deviceconfig system eth3
- set deviceconfig system panorama local-panorama panorama-server
- set deviceconfig system panorama local-panorama panorama-server-2
- set deviceconfig system update-schedule
- set deviceconfig system vm-interface
-
- clear high-availability
- create wildfire api-key
- delete high-availability-key
- delete wildfire api-key
- delete wildfire-metadata
- disable wildfire
- edit wildfire api-key
- load wildfire api-key
- request cluster decommission
- request cluster reboot-local-node
- request high-availability state
- request high-availability sync-to-remote
- request system raid
- request wildfire sample redistribution
- request system wildfire-vm-image
- request wf-content
- save wildfire api-key
- set wildfire portal-admin
- show cluster all-peers
- show cluster controller
- show cluster data migration status
- show cluster membership
- show cluster task
- show high-availability all
- show high-availability control-link
- show high-availability state
- show high-availability transitions
- show system raid
- submit wildfire local-verdict-change
- show wildfire
- show wildfire global
- show wildfire local
- test wildfire registration
show wildfire global
Description
Shows various information
about global devices and the status of samples, such as available
API keys, registration information, sample verdict changes, activity, sample
device origin, and recent samples that the appliance analyzed.
Hierarchy Location
show wildfire global
Syntax
api-keys { all { details; } key <value>; } devices-reporting-data; last-device-registration { all; } local-verdict-change { all; sha256 <value>; } } sample-analysis { number; type; } } sample-device-lookup { sha256 { equal <value>; } sample-status { sha256 { equal <value>; } } signature-status { sha256 { equal <value>; } }
Options
> api-keys —
Show details about the API keys generated on the WildFire appliance.
You can view the last time the key was used, the key name, status
(Enabled or Disabled), and the date/time the key was generated.
>
devices-reporting-data — Show list of latest registration
activities.
> last-device-registration —
Show list of latest registration activities.
>
local-verdict-change — Shows samples with changed
verdicts.
> sample-analysis —
Show wildfire analysis results for up to a maximum of 1,000 samples.
>
sample-status — Show wildfire sample status. Enter
the SHA256 value of the file to view the current analysis status.
>
sample-device-lookup — Shows the firewall that sent
the specified SHA256 sample.
> signature-status —
Show wildfire signature status. Enter the SHA256 value of the file
to view the current analysis status.
Sample Output
The following shows the
output for this command.
admin@WF-500> show wildfire global api-keys all +------------+-----------+---------+---------------------+---------------------+ | Apikey | Name | Status | Create Time | Last Used Time | +------------+-----------+---------+---------------------+---------------------+ | <API KEY> | happykey1 | Enabled | 2017-03-01 23:21:02 | 2017-03-01 23:21:02 | +------------+-----------+---------+---------------------+---------------------+ admin@WF-500> show wildfire global devices-reporting-data +--------------+---------------------+-------------+------------+----------+--------+ | _Device ID | Last Registered | Device IP | SW Version | HW Model | Status | +--------------+---------------------+-------------+------------+----------+--------+ | 000000000000 | 2017-03-01 22:28:25 | 10.1.1.1 | 8.1.4 | PA-220 | OK | +--------------+---------------------+-------------+------------+----------+--------+ admin@WF-500> show wildfire global last-device-registration all +--------------+---------------------+-------------+------------+----------+--------+ | Device ID | Last Registered | Device IP | SW Version | HW Model | Status | +--------------+---------------------+-------------+------------+----------+--------+ | 000000000000 | 2017-07-31 12:35:53 | 10.1.1.1 | 8.1.4 | PA-220 | OK | +--------------+---------------------+-------------+------------+----------+--------+ admin@WF-500> show wildfire global local-verdict-change +-----------------------------------------------------------------+---------+--------+ | SHA256 | Verdict | Source | +-----------------------------------------------------------------+---------+--------+ | c883b5d2e16d22b09b176ca0786128f8064d47edf26186b95845aa3678868496| 2 -> 1 | Yes | +-----------------------------------------------------------------+---------+--------+ admin@WF-500> show wildfire global sample-analysis Last Created 100 Malicious Samples +--------------+---------------------+---------------------+-----------+ | SHA256 | Finish Date | Create Date | Malicious | +--------------+---------------------+---------------------+-----------+ | <HASH VALUE> | 2017-03-01 23:27:57 | 2017-03-01 23:27:57 | Yes | +--------------+---------------------+---------------------+-----------+ +----------------------+----------------+---------------+----------------+ | Storage Nodes | Analysis Nodes | Status | File Type | +----------------------+----------------+---------------+----------------+ | 00926ld1_2,0094:d1_2 | qa16 | Notify Finish | Elink File | +----------------------+----------------+---------------+----------------+ Last Created 100 Non-malicious Samples +--------------+---------------------+---------------------+-----------+ | SHA256 | Finish Date | Create Date | Malicious | +--------------+---------------------+---------------------+-----------+ | <HASH VALUE> | 2017-03-01 23:31:15 | 2017-03-01 23:24:29 | No | +--------------+---------------------+---------------------+-----------+ +----------------------+----------------+---------------+--------------------+ | Storage Nodes | Analysis Nodes | Status | File Type | +----------------------+----------------+---------------+--------------------+ | 0712:smp_27,94:smp_7 | qa16 | Notify Finish | MS Office document | +----------------------+----------------+---------------+--------------------+ admin@WF-500> show wildfire global sample-device-lookup sha256 equal d75f2f71829153775fa33cf2fa95fd377f153551aadf0a642704595100efd460 Sample 1024609813c57fe174722c53b3167dc3cf5583d5c7abaf4a95f561c686a2116e last seen on following devices: +------------------------------------------------------------------+-----------+-----------+---------------------+ | SHA256 | Device ID | Device IP | Submitted Time | +------------------------------------------------------------------+-----------+-----------+---------------------+ | 1024609813c57fe174722c53b3167dc3cf5583d5c7abaf4a95f561c686a2116e | Manual | Manual | 2019-08-05 19:24:39 | +------------------------------------------------------------------+-----------+-----------+---------------------+ admin@WF-500> show wildfire global sample-status sha256 equal dc9f3a2a053c825e7619581f3b31d53296fe41658b924381b60aee3eeea4c088 +---------------------+---------------------+-----------+----------------------------+ | Finish Date | Create Date | Malicious | Storage Nodes | +---------------------+---------------------+-----------+----------------------------+ | 2017-03-01 22:34:17 | 2017-03-01 22:28:23 | No | 009026:smp_27,097010smp_27 | +---------------------+---------------------+-----------+----------------------------+ +----------------+---------------+------------------+ | Analysis Nodes | Status | File Type | +----------------+---------------+------------------+ | qa15 | Notify Finish | Adobe Flash File | +----------------+---------------+------------------+ admin@WF-500> show wildfire global signature-status sha256 equalc883b5d2e16d22b09b176ca0786128f8064d47edf26186b95845aa3678868496 Signature Name: Virus/Win32.WPCGeneric.cr Current Status: released Release History: +---------------+---------------------+---------+-------------+----------+ | Build Version | Timestamp | UTID | Internal ID | Status | +---------------+---------------------+---------+-------------+----------+ | 155392 | 2017-02-03 10:11:06 | 5000259 | 10411 | released | +---------------+---------------------+---------+-------------+----------+
Required Privilege Level
superuser, superreader