Details
Enable all options under Session Information Settings for WildFire.
Rationale:
Permitting the firewall to send all of this information to WildFire creates more detailed reports, thereby making the process of tracking down potentially infected devices more efficient. This could prevent an infected system from further infecting the environment. Environments with security policies restricting sending this data to the WildFire cloud can instead utilize an on-premises WildFire appliance. In addition, risk can be analyzed in the context of the destination host and user account, either during analysis or during incident response.
Solution
Navigate to Device > Setup > WildFire > Session Information Settings.
Set every option to be enabled.
Default Value:
All Session Information Settings are enabled by default. These include: Source IP Source port Destination IP Destination port Virtual System Application User URL File name Email sender Email recipient Email subject
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Palo_Alto.