Enable Advanced WildFire Inline ML (Cloud Management)

1. To take advantage of WildFire Inline ML, you must have an active WildFire subscription as part of your Prisma Access subscription.

   Verify that you have a valid and unexpired WildFire subscription.
2. Create a new or update your existing WildFire and Antivirus security profile to use the real-time WildFire inline ML models.

   1. Select an existing WildFire and Antivirus security profile or create a new one (select ManageConfigurationNGFW and Prisma AccessSecurity ServicesWildFire and Antivirus and Add Profile.
   2. Configure your WildFire and Antivirus profile to forward samples for analysis.
   3. Select WildFire Inline Machine Learning Models and apply an Action Setting for each WildFire Inline ML model. This enforces the WildFire Inline ML Actions settings configured for each protocol on a per model basis.
      The following classification engines available:
      • Windows Executables
      • PowerShell Scripts 1
      • PowerShell Scripts 2
      • Executable Linked Format
      • MSOffice
      • Shell Scripts
      • enable—WildFire inspects traffic according to your selections in the WildFire Inline ML Action column in the decoders section of the Action tab.
      • enable(alert-only)—WildFire inspects traffic according to your selections in the WildFire Inline ML Action column in the decoders section of the Action tab and overrides any action with a severity level higher than alert (drop, reset-client, reset-server, reset-both) alert, which allows traffic to pass while still generating and saving an alert in the threat logs.
      • disable—WildFire allows traffic to pass without any policy action.
3. (Optional) Add file exceptions to your WildFire and Antivirus security profile if you encounter false-positives. This is typically done for users who are not forwarding files to WildFire for analysis. You can add the file exception details directly to the exception list or by specifying a file from the threat logs.

   If your WildFire Analysis security profile is configured to forward the filetypes analyzed using WildFire inline ML, false-positives are automatically corrected as they are received. If you continue to see ml-virus alerts for files that have been classified as benign by WildFire Analysis, please contact Palo Alto Networks Support.

   • Add file exceptions directly to the exception list.
     1. Select Advanced Settings and Add Exception in the File Exceptions pane.
     2. Add the hash, filename, and description of the file that you want to exclude from enforcement.
     3. When finished, Save your file exceptions.
4. Save your WildFire and Antivirus profile configuration and push configuration changes.