Cortex XDR notifies an administrator about grayware on the endpoints. There are no entries about grayware in any of the logs of the corresponding firewall. Which setting can the administrator configure on the firewall to log grayware verdicts?
Cortex XDR notifies an administrator about grayware on the endpoints. There are no entries about grayware in any of the logs of the corresponding firewall. Which setting can the administrator configure on the firewall to log grayware verdicts?
To log grayware verdicts on the firewall, the administrator should configure the setting in WildFire General Settings to select 'Report Grayware Files'. This setting ensures that files analyzed by WildFire and determined to be grayware are logged appropriately.
https://docs.paloaltonetworks.com/wildfire/9-1/wildfire-admin/monitor-wildfire-activity/use-the-firewall-to-monitor-malware/configure-wildfire-submissions-log-settings/enable-logging-for-benign-and-grayware-samples
Definitely C, otherwise they won't be logged.
https://docs.paloaltonetworks.com/wildfire/10-2/wildfire-admin/monitor-wildfire-activity/use-the-firewall-to-monitor-malware/configure-wildfire-submissions-log-settings/enable-logging-for-benign-and-grayware-samples
D Log Forwarding Profile Match List Log Type: wildfire Filter verdict eq grayware
Answer is C. When this option is enabled (disabled by default), files analyzed by WildFire that are determined to be grayware will appear in the Monitor > WildFire Submissions log.
Looks c is more accurate.As first we have to select report grayware . The only it will logs
C turn on verdicts. D turns on the logging. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTqCAK
Nevermind. Answer is C. It turns on logging to wildfire submissions upon report Gray ware Files.
answer is C: configure report graware files on the device, setup, wildfire, general setings
Under Wildfire settings -->Report Grayware