5.5 Ensure all WildFire session information settings are enabled

Information

Enable all options under Session Information Settings for WildFire.
Rationale:
Permitting the firewall to send all of this information to WildFire creates more detailed reports, thereby making the process of tracking down potentially infected devices more efficient. This could prevent an infected system from further infecting the environment. Environments with security policies restricting sending this data to the WildFire cloud can instead utilize an on-premises WildFire appliance. In addition, risk can be analyzed in the context of the destination host and user account, either during analysis or during incident response.

Solution

Navigate to Device > Setup > WildFire > Session Information Settings.
Set every option to be enabled.
Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/1664

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4(4), CSCv6|6.5, CSCv6|8.5

Plugin: Palo_Alto

Control ID: 723b4c08aebc90e0807e1ddbc83ff8c9a0db3884bb07797e6bdfcf464c4e34bb