Configure WildFire to send an alert when a malicious or greyware file is detected. This alert could be sent by whichever means is preferable, including email, SNMP trap, or syslog message. Alternatively, configure the WildFire cloud to generate alerts for malicious files. The cloud can generate alerts in addition to or instead of the local WildFire implementation. Note that the destination email address of alerts configured in the WildFire cloud portal is tied to the logged in account, and cannot be modified. Also, new systems added to the WildFire cloud portal will not be automatically set to email alerts. Rationale: WildFire analyzes files that have already been downloaded and possibly executed. A WildFire verdict of malicious indicates that a computer could already be infected. In addition, because WildFire only analyzes files it has not already seen that were not flagged by the firewall's antivirus filter, files deemed malicious by WildFire are more likely to evade detection by desktop antivirus products. NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
From GUI, configure some combination of the following Server Profiles: Configure the Email Server: Select Device > Server Profiles > Email Click Add Enter a name for the Profile. Select the virtual system from the Location drop down menu (if applicable) Click Add Configure the Syslog Server: Select Device > Server Profiles > Syslog > Add Enter Name, Display Name, Syslog Server, Transport, Port, Format, Facility Click OK Click Commit to save the configuration Configure the SMTP Server: Select Device > Server Profiles > Email Select Add, Name, Display Name, From, To, Additional Recipients, Gateway IP or Hostname Click OK Click Commit to save the configuration Navigate to Objects, Log Forwarding Choose Add, set the log type to 'wildfire', add the filter '(verdict neq benign)', then add log destinations for SNMP, Syslog, Email or HTTP as required. Default Value: Not Configured