Integrate Palo Alto Networks Wildfire with Red Canary via Email
- 24 Jul 2024
- 2 Minutes to read
- PDF
Integrate Palo Alto Networks Wildfire with Red Canary via Email
- Updated on 24 Jul 2024
- 2 Minutes to read
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Palo Alto Networks Wildfire provides critical insights into malicious file behavior. To integrate Palo Alto Networks Wildfire with Red Canary via email, follow the procedure below from beginning to end.
Before connecting to Palo Alto Networks Wildfire to Red Canary, make sure the following configuration requirement is met:
Create a Palo Alto Networks Wildfire user account using the Red Canary email provided in Step 1.7.
Step 1: Red Canary–Create a Red Canary email for alerts
Create a Red Canary provided-email to send Wildfire alerts for ingestion.
From your Red Canary homepage, click Integrations. If you do not see the required integration, click See all integrations.
.png?sv=2022-11-02&spr=https&st=2024-09-20T14%3A47%3A39Z&se=2024-09-20T14%3A57%3A39Z&sr=c&sp=r&sig=MM05puDz8J64i2i5Jo1VndRbnIjvh74zIb8q9GxqMoQ%3D)
In the search bar, type and then select Palo Alto Networks Wildfire.
Click Configure.
Select a display category.
Under the Ingest Format/Method dropdown, select Palo Alto Networks Wildfire via Email.
Click Save Configuration. This will generate the email address you will use to send Palo Alto Wildfire alerts to.
Click Edit Configuration.
With your alert source configured, click Activate.
With your Red Canary email generated, log in to Palo Alto Networks Wildfire.
.png?sv=2022-11-02&spr=https&st=2024-09-20T14%3A47%3A39Z&se=2024-09-20T14%3A57%3A39Z&sr=c&sp=r&sig=MM05puDz8J64i2i5Jo1VndRbnIjvh74zIb8q9GxqMoQ%3D)
Step 2: Palo Alto Customer Support Portal–Create a Wildfire User account
Create a Wildfire User account to enable Wildfire to send alerts to the Red Canary alert collector.
Login into the Palo Alto customer support portal with your Wildfire admin account.
From the Members dropdown click WildFire Users.
Click Add Wildfire Users.
Enter the Red Canary provided email address.
Click Submit.
Select the wildfire device you want to connect to Red Canary.
Enter the required information.
Click Submit.
Step 3: Red Canary–Retrieve your Wildfire activation link
To return to a pre existing integration:
From your Red Canary homepage, click Integrations.
Scroll down, and then select your third-party security source.
Click Edit Configuration.
Click View Alerts.
Click your Alert ID.
Click the Show original alert dropdown.
To activate the find command, press Control+F (or Command+F on a Mac).
Type and search for sso.paloaltonetworks.com/welcome.
From the HTML section, copy and save the URL.
Example: https://sso.paloaltonetworks.com/welcome/testnumber://support.paloaltonetoworks.com/
To activate your new alert source, copy and paste the URL form Step 3.9 into a new browser window.
Create a new password for your Wildfire account.
Click Create My Account.
Step 4: Palo Alto Networks Wildfire–Configure email alerts
Adjust your Palo Alto Networks Wildfire settings to send generated alerts to your Red Canary-provided email.
Create a Wildfire user account using the Red Canary email provided in Step 1.7.
From your Wildfire dashboard, click Settings.
In the Configure Alerts section, select the types of alerts you want to send Red Canary. We recommend selecting Malware, Grayware, and Phishing as these are the most useful alerts to Red Canary.
Note: If you send Benign alerts, Red Canary will automatically mark them as “not a threat”.
Click Update Notification.
Was this article helpful?
