5.3 Ensure a WildFire Analysis profile is enabled for all security policies

Information

Ensure that all files traversing the firewall are inspected by WildFire by setting a Wildfire file blocking profile on all security policies.
Rationale:
Traffic matching security policies that do not include a WildFire file blocking profile will not utilize WildFire for file analysis. Wildfire analysis is one of the key security measures available on this platform. Without Wildfire analysis enabled, inbound malware can only be analyzed by signature - which industry wide is roughly 40-60% effective. In a targeted attack, the success of signature-based-only analysis drops even further.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

To Set File Blocking Profile:
Navigate to Objects > Security Profiles > WildFire Analysis Profile.
Create a WildFire profile that has 'Application Any', 'File Types Any', and 'Direction Both'
To Set WildFire Analysis Rules:
Navigate to Policies > Security > Security Policy Rule > Actions > Profile Setting > WildFire Analysis for each rule were the action is Allow and set a WildFire Analysis profile.
Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/2104

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CSCv6|8.5, CSCv7|8

Plugin: Palo_Alto

Control ID: 2478d150d1770d02643ecefb76a494096b20f60a46ac7f65bc1cef886f6b6397