This article leads you through the process of integrating Palo Alto Networks Wildfire with Red Canary via email. Follow the procedure from beginning to end. 

Prerequisites 

Before you connect Palo Alto Networks Wildfire to Red Canary, make sure the following configuration requirement is met:

• Create a  Palo Alto Networks Wildfire user account using the Red Canary email provided in Step 1.8.

Step 1: Red Canary–Create a Red Canary email for alerts

Create a Red Canary provided-email to send Wildfire alerts for ingestion.

1. From your Red Canary homepage, click Integrations.
   
2. From the Integrations section, locate and then click the security product you want to integrate with Red Canary.
   Note: If you do not see your security product listed, click See all integrations.
    
3. In the search bar, type and then select your third-party security source.
   
4. Continue onto the next step by configuring your third-party security source in Red Canary.
   Note: Your third-party security source may require that you contact Red Canary to configure.
   
5. Select a display category.
6. Under the Ingest Format/Method dropdown, select Palo Alto Networks Wildfire via Email.
   
7. Click Save Configuration. This will generate the email address you will use to send Palo Alto Wildfire alerts to.
   
   
8. Click Edit Configuration.
9. With your alert source configured, click Activate.
10. With your Red Canary email generated, log in to Palo Alto Networks Wildfire.

Step 2: Palo Alto Customer Support Portal–Create a Wildfire User account

Create a Wildfire User account to enable Wildfire to send alerts to the Red Canary alert collector.

1. Login into the Palo Alto customer support portal with your Wildfire admin account.
2. From the Members dropdown click WildFire Users.
3. Click Add Wildfire Users.
4. Enter the Red Canary provided email address from Step 1.8.
5. Click Submit.
6. Select the wildfire device you want to connect to Red Canary.
   
   
7. Enter the required information.
8. Click Submit.

Step 3: Red Canary–Retrieve your Wildfire activation link 

To return to a pre existing integration

1. From your Red Canary homepage, click Integrations.
   
2. Scroll down, and then select your third-party security source.
3. Click Edit Configuration.
4. Click View Alerts.
   
5.  Click your Alert ID.
   
6. Click the Show original alert dropdown.
   
7. To activate the find command, press Control+F (or Command+F on a Mac).
8. Type and search for sso.paloaltonetworks.com/welcome.
9. From the HTML section, copy and save the URL.
   Example: https://sso.paloaltonetworks.com/welcome/testnumber://support.paloaltonetoworks.com/
   
10. To activate your new alert source, copy and paste the URL form Step 3.8 into a new browser window.
11. Create a new password for your Wildfire account.
12. Click Create My Account.

Step 4: Palo Alto Networks Wildfire–Configure email alerts

Adjust your Palo Alto Networks Wildfire settings to send generated alerts to your Red Canary-provided email.

1. Create a Wildfire user account using the Red Canary email provided in Step 1.8.
2. From your Wildfire dashboard, click Settings.
3. In the Configure Alerts section, select the types of alerts you want to send Red Canary. We recommend selecting Malware, Grayware, and Phishing as these are the most useful alerts to Red Canary.
   Note: If you send Benign alerts, Red Canary will automatically mark them as “not a threat”.
   
   
4. Click Update Notification.