show wildfire global

Table of Contents

show wildfire global

Description

Shows various information about global devices and the status of samples, such as available API keys, registration information, sample verdict changes, activity, sample device origin, and recent samples that the appliance analyzed.

Hierarchy Location

show wildfire global

Syntax

api-keys {
				all {
				details;
				}
				key <value>;
				}
				devices-reporting-data;
				last-device-registration {
				all;
				}
				local-verdict-change {
				all;
				sha256 <value>;
				}
				}
				sample-analysis {
				number;
				type;
				}
				}
				sample-device-lookup {
				sha256 {
				equal <value>;
				}				
				sample-status {
				sha256 {
				equal <value>;
				}
				}
				signature-status {
				sha256 {
				equal <value>;
				}
				}

Options

> api-keys — Show details about the API keys generated on the WildFire appliance. You can view the last time the key was used, the key name, status (Enabled or Disabled), and the date/time the key was generated.

> devices-reporting-data — Show list of latest registration activities.

> last-device-registration — Show list of latest registration activities.

> local-verdict-change — Shows samples with changed verdicts.

> sample-analysis — Show wildfire analysis results for up to a maximum of 1,000 samples.

> sample-status — Show wildfire sample status. Enter the SHA256 value of the file to view the current analysis status.

> sample-device-lookup — Shows the firewall that sent the specified SHA256 sample.

> signature-status — Show wildfire signature status. Enter the SHA256 value of the file to view the current analysis status.

Sample Output

The following shows the output for this command.

admin@WF-500>
				show wildfire global api-keys all
				+------------+-----------+---------+---------------------+---------------------+
				|   Apikey   |  Name     |  Status |     Create Time     |    Last Used Time   |
				+------------+-----------+---------+---------------------+---------------------+
				| <API KEY>  | happykey1 | Enabled | 2017-03-01 23:21:02 | 2017-03-01 23:21:02 |
				+------------+-----------+---------+---------------------+---------------------+

				admin@WF-500>
				show wildfire global devices-reporting-data
				+--------------+---------------------+-------------+------------+----------+--------+
				| _Device ID   |   Last Registered   |  Device IP  | SW Version | HW Model | Status |
				+--------------+---------------------+-------------+------------+----------+--------+
				| 000000000000 | 2017-03-01 22:28:25 | 10.1.1.1    |   8.1.4    |  PA-220  |   OK   |
				+--------------+---------------------+-------------+------------+----------+--------+

				admin@WF-500>
				show wildfire global last-device-registration
					all
				+--------------+---------------------+-------------+------------+----------+--------+
				| Device ID    | Last Registered     | Device IP   | SW Version | HW Model | Status |
				+--------------+---------------------+-------------+------------+----------+--------+
				| 000000000000 | 2017-07-31 12:35:53 | 10.1.1.1    |   8.1.4    | PA-220   | OK     |
				+--------------+---------------------+-------------+------------+----------+--------+

				admin@WF-500> show wildfire global local-verdict-change
				+-----------------------------------------------------------------+---------+--------+
				|                              SHA256                             | Verdict | Source |
				+-----------------------------------------------------------------+---------+--------+
				| c883b5d2e16d22b09b176ca0786128f8064d47edf26186b95845aa3678868496|  2 -> 1 |   Yes  |
				+-----------------------------------------------------------------+---------+--------+

				admin@WF-500>
				show wildfire global sample-analysis

				Last Created 100 Malicious Samples
				+--------------+---------------------+---------------------+-----------+
				|    SHA256    |     Finish Date     |     Create Date     | Malicious |
				+--------------+---------------------+---------------------+-----------+
				| <HASH VALUE> | 2017-03-01 23:27:57 | 2017-03-01 23:27:57 |    Yes    |
				+--------------+---------------------+---------------------+-----------+
				+----------------------+----------------+---------------+----------------+
				|     Storage Nodes    | Analysis Nodes |     Status    |    File Type   |
				+----------------------+----------------+---------------+----------------+
				| 00926ld1_2,0094:d1_2 |      qa16      | Notify Finish |   Elink File   |
				+----------------------+----------------+---------------+----------------+

				Last Created 100 Non-malicious Samples
				+--------------+---------------------+---------------------+-----------+
				|    SHA256    |     Finish Date     |     Create Date     | Malicious |
				+--------------+---------------------+---------------------+-----------+
				| <HASH VALUE> | 2017-03-01 23:31:15 | 2017-03-01 23:24:29 |     No    |
				+--------------+---------------------+---------------------+-----------+
				+----------------------+----------------+---------------+--------------------+
				|     Storage Nodes    | Analysis Nodes |     Status    |     File Type      |
				+----------------------+----------------+---------------+--------------------+
				| 0712:smp_27,94:smp_7 |      qa16      | Notify Finish | MS Office document |
				+----------------------+----------------+---------------+--------------------+

				admin@WF-500>
				show wildfire global sample-device-lookup sha256
				equal d75f2f71829153775fa33cf2fa95fd377f153551aadf0a642704595100efd460
				Sample 1024609813c57fe174722c53b3167dc3cf5583d5c7abaf4a95f561c686a2116e last seen on following devices:
				+------------------------------------------------------------------+-----------+-----------+---------------------+
				|                              SHA256                              | Device ID | Device IP |    Submitted Time   |
				+------------------------------------------------------------------+-----------+-----------+---------------------+
				| 1024609813c57fe174722c53b3167dc3cf5583d5c7abaf4a95f561c686a2116e |   Manual  |   Manual  | 2019-08-05 19:24:39 |
				+------------------------------------------------------------------+-----------+-----------+---------------------+

				admin@WF-500>
				show wildfire global sample-status sha256
				equal dc9f3a2a053c825e7619581f3b31d53296fe41658b924381b60aee3eeea4c088
				+---------------------+---------------------+-----------+----------------------------+
				|     Finish Date     |     Create Date     | Malicious |       Storage Nodes        |
				+---------------------+---------------------+-----------+----------------------------+
				| 2017-03-01 22:34:17 | 2017-03-01 22:28:23 |     No    | 009026:smp_27,097010smp_27 |
				+---------------------+---------------------+-----------+----------------------------+

				+----------------+---------------+------------------+
				| Analysis Nodes |     Status    |    File Type     |
				+----------------+---------------+------------------+
				|      qa15      | Notify Finish | Adobe Flash File |
				+----------------+---------------+------------------+

				admin@WF-500>
				show wildfire global signature-status sha256
				equalc883b5d2e16d22b09b176ca0786128f8064d47edf26186b95845aa3678868496
				Signature Name: Virus/Win32.WPCGeneric.cr
				Current Status: released
				Release History:
				+---------------+---------------------+---------+-------------+----------+
				| Build Version |      Timestamp      |   UTID  | Internal ID |  Status  |
				+---------------+---------------------+---------+-------------+----------+
				|     155392    | 2017-02-03 10:11:06 | 5000259 |    10411    | released |
				+---------------+---------------------+---------+-------------+----------+

Required Privilege Level

superuser, superreader

show wildfire

show wildfire local