How to Submit a WildFire Verdict Change Request in Aperture

How to Submit a WildFire Verdict Change Request in Aperture

13249
Created On 09/25/18 15:19 PM - Last Modified 06/09/23 03:08 AM


Symptom


WildFire may occasionally produce incorrect verdicts, these being false positives, such as a file deemed 'malware' when it's 'benign' or false negatives, such as a file deemed "benign" when it's "malware."

If the verdict needs to be reconsidered by Palo Alto Networks, Aperture Administrators are able to request a verdict change from within their Aperture Portal.

Environment


 
 

Cause


 
 

Resolution


Follow the steps listed below to submit a WildFire verdict change request on a malware policy violation:

  1. Access the Aperture Portal:
Screenshot of Aperture Portal
  1. Inside of the portal, click the INCIDENTS>Assets tab:
Screenshot of Aperture Portal Incidents tab Assets page
  1. Select the malware file violation by clicking on the file name
  2. Under Risks, click View WildFire Report  (not pictured)
  3. Click Report Incorrect Verdict
Screenshot of WildFire Report Verdict
  1. Select Suggested Verdict from the dropdown 
  2. Enter a valid email address (status update notifications will be sent to this email alias):
Screenshot of WildFire Report Incorrect Verdict
  1. Additional comments or details (Optional)
  2. Click Submit

Once the report is successfully submitted into the system, the request will be analyzed by the WildFire team. After the analysis is complete, the administrator who made the request will be updated by email and the status will be updated in the Aperture Portal.

 

 

Additional Information


 
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClDfCAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language