Malware Analysis
Create, Test, and Examine a WildFire Security Profile
OBJECTIVE
- 1st Configure && test the WildFire Analysis Security Profile
- 2nd Examine the Wildfire report
- REPEAT STEPS 1 && 2
Load Lab Configuration
Use the Chromium Web Browser or Firefox or your browser of choice
CONFIGURATION SETUP
In the web interface, navigate to DEVICE
In the Left side of the interface select SETUP from the top of the selections
Then Select OPERATIONS on the right side of Management
Next In the Configuration Management window select `LOAD NAMED CONFIG` SNAPSHOT
In the load Named Configuration Select the Lab && press OK then close the window
info
To check the task status click the task icon in the bottom right of the Interface
Create Wildfire Analysis Profile
Navigate to Objects in the top selections
Go to the Security Profiles on the left side of the Interface
Select Wildfire Analysis
There will be a default entry on the page
Select Add at the bottom of the page
A Wildfire Analysis Profile window will open
Type `lab-wildfire` for the name
Type `Wildfire Analysis for lab` in the description
Click Add in the box and type `pe`
Under File Types and click the any in the box and select `Add`
From the dropdown menu choose the `pe` selection and click `OK`
info
Verify the lab-wildfire object has been created (you should see it as an addition to the default)
Add the lab-wild-fire analysis profile to the lab-spg to open the Security Profile Group
Modify Security Profile Group
Navigate to `Objects` in the top Selections
Select the `Security Profile Groups` on the right hand side of the list of options
Click `lab-spg` in the interface window to open the security Profile Group Interface
Select `lab-wildfire` for the `Wildfire Analysis Profile`
Click `OK`
Verify the lab-spg Security Profile Group has been updated for the Wildfire Analysis Profile to show lab-wildfire
info
ClickCommit to commit the changes In the Commit window, click Commit to proceed with committing the changes When the commit operation successfully completes, click close to continue. Then open a new tab in the browser.
Test the Wildfire Analysis Profile && Generate an Attack file to simulate a Zero-day Attack
Test the Wildfire Analysis Profile
In the new tab address bar enter `http://wildfire.paloaltonetworks.com/publicapi/test/pe` and press `enter`
The save a file window will appear
save the defaults
Then close the tab
Now on the desktop open the putty icon in the bottom lower-left of the desktop
When the putty configuration window opens double click `firewall-management`
If the Putty Security Alert window appears click accept
When prompted for login type `admin`
When prompted for password type `Pal0Alt0!`
In the Putty window enter the command `debug wildfire upload-log show`
tip
The command should display the output
log: 0, filename: wildfire-test-pe-file.exe processed
this output verifies that the file was uploaded to the Wildfire public cloud.
the message might take a minute or two to appear
In the putty terminal window type exit and press enter
Monitor Wildfire Selections
Navigate to monitor in the top selections
Under logs select `Wildfire Submissions` (It may take 5 to 10 minutes to appear)
Click the `magnifying glass icon` next to `the wildfire-test-pe-file.exe` to see a detailed view of the Wildfire entry.
In the Detailed Log view window select the `log info` tab Review the information within the `General, Source, and Destination` Panels.
Click the `Wildfire Analysis Report` Tab && Review the Information regarding the Wildfire Analysis Summary.
To see the `Static Analysis, Dynamic Analysis, Network Actiity, Host Activity` (By Process), and report Incorrect Verdict. You may need to select the Virtual Machine 2 tab if the report does not file as Malware in Virtual Machine 1. you may need to click the `expand` icon in the upper-right corner to better view the wildfire Analysis report
Click Download PDF to view the Wildfire Report
Once the file opens in Chromium, scroll through and review the Wildfire Analysis Report.
It is also possible to create your sidebar explicitly in sidebars.js:
sidebars.js
export default {
tutorialSidebar: [
'intro',
'hello',
{
type: 'category',
label: 'Tutorial',
items: ['tutorial-basics/create-a-document'],
},
],
};