This article leads you through the process of integrating Palo Alto Networks Wildfire with Red Canary via email. Follow the procedure from beginning to end.
Estimated reading time: 15 minutes
Prerequisites
Before you connect Palo Alto Networks Wildfire to Red Canary, make sure the following configuration requirement is met:
- Create a Palo Alto Networks Wildfire user account using the Red Canary email provided in Step 1.8.
Step 1: Red Canary–Create a Red Canary email for alerts
Create a Red Canary provided-email to send Wildfire alerts for ingestion.
- From your Red Canary homepage, click the Integrations dropdown, and then click Alert Sources.
- In the search bar, type and select Wildfire.
- To configure your new alert source, scroll down and click Palo Alto Networks WildFire.
- Click Edit Configuration.
- Enter a Name for your external alert source.
- Select a display category.
- Under the Ingest Format/Method dropdown, select Palo Alto Networks Wildfire via Email.
- Click Save Configuration. This will generate the email address you will use to send Palo Alto Wildfire alerts to.
- Click Edit Configuration.
- With your alert source configured, click Activate.
- With your Red Canary email generated, log in to Palo Alto Networks Wildfire.
Step 2: Palo Alto Networks Wildfire–Configure email alerts
Adjust your Palo Alto Networks Wildfire settings to send generated alerts to your Red Canary-provided email.
- Create a Wildfire user account using the Red Canary email provided in Step 1.8.
- From your Wildfire dashboard, click Settings.
- In the Configure Alerts section, select the types of alerts you want to send Red Canary. We recommend selecting Malware, Grayware, and Phishing as these are the most useful alerts to Red Canary.
Note: If you send Benign alerts, Red Canary will automatically mark them as “not a threat”. - Click Update Notification.
Comments
0 comments
Please sign in to leave a comment.