Advanced WildFire Features
Focus
Focus

Advanced WildFire Features

Table of Contents

Advanced WildFire Features

Explore new Advanced WildFire features introduced in PAN-OS ® 11.1.

Advanced WildFire Inline Cloud Analysis

November 2023
  • Introduced in PAN-OS 11.1 (Requires an Advanced WildFire license)
Palo Alto Networks Advanced WildFire now operates a series of cloud-based ML detection engines that provide inline analysis of PE (portable executable) files traversing your network to detect and prevent advanced malware in real-time. Advanced WildFire Inline Cloud Analysis prevents files from being downloaded and potentially spreading through your network while it performs real-time analysis of the target sample. As with other malicious content that WildFire detects, threats detected by Advanced WildFire Inline Cloud Analysis also generate a signature that is then disseminated to customers through an update package, providing a future defense for all Palo Alto Networks customers.
This real-time defense is facilitated by new cloud-based engines that enable the detection of never-before-seen malware (e.g., a Palo Alto Networks zero-day - malware previously unseen in the wild or by Palo Alto Networks) and block it from entering your network environment. Advanced WildFire Inline Cloud Analysis utilizes a lightweight forwarding mechanism on the firewall to minimize performance impact, while the process-intensive operations take place in the cloud. The cloud-based ML models are updated seamlessly, to address the ever-changing threat landscape without requiring content updates or feature release support.
Advanced WildFire Inline Cloud Analysis is enabled and configured through the WildFire Analysis profile and requires an active Advanced WildFire license.

OOXML Support for WildFire Inline ML

May 2024
  • Introduced in PAN-OS 11.1.3 (Available on platforms running Advanced WildFire or WildFire licenses)
Palo Alto Networks® WildFire® now supports a new office file type analysis classification engine for WildFire Inline ML: OOXML (Open Office XML). This enables you to configure your NGFW to detect and prevent malicious Office Open XML files from entering your network in real-time by applying machine learning (ML) analytics. WildFire Inline ML dynamically detects malicious files of specific types by evaluating various file details to formulate a high probability classification of a file. This protection extends to currently unknown as well as future variants of threats which match characteristics that Palo Alto Networks identifies as malicious. To take advantage of WildFire inline ML, you must have an active WildFire subscription. If you do not have WildFire Inline ML enabled on your firewall, refer to WildFire Inline ML for more information.
To access the new OOXML (Open Office XML) file analysis classification engine for WildFire Inline ML, be sure to download and install the latest content release package. Applications and Threat content release 8825 and later allows NGFWs operating on supported platforms to detect and prevent malicious OOXML files from entering your network in real-time using Inline ML. For more information about the update, refer to the Applications and Threat Content Release Notes.
To download the release notes, log in to the Palo Alto Networks Support Portal, click Dynamic Updates and select the release notes listed under Apps + Threats.