What does Content Version: WildFire-0 mean in the threat log?

What does Content Version: WildFire-0 mean in the threat log?

4887
Created On 08/11/22 15:30 PM - Last Modified 02/16/24 08:42 AM


Question


What does Content Version:WildFire-0 mean?

User-added image

Environment


  • PAN-OS 10.0 or above
  • WildFire realtime update is enabled

Answer


In the threat log, the Content Version shows the version that triggered the signature. This can be found by looking at the detailed threat log event.

1. Monitor > Logs > Threat
2. Click Magnifying glass on the left of the event to view the "Detailed Log View".  
3. In the "Details" pane, the Content Version is shown as "WildFire-0".


The "WildFire-0" means that the threat was detected by the WildFire realtime updates (WF RTSig). In other words, it was not detected by the signature in the released Antivirus package or WildFire package, thus there's no corresponding version number.



For example, as of today (Feb 2024), Threat Vault shows that the release status of the signature is "n/a" which means that the signature isn't being released as a part of the Antivirus package or the WildFire package.

https://threatvault.paloaltonetworks.com/?query=196664388&type=

ThreatVault_196664388.png

 

See Also:

What is the meaning of "Current Release: n/a" on ThreatVault?
WildFire Real-Time Signature Updates
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wlHFCAY&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail