Skip to main content
Red Canary help

Integrate Palo Alto Networks Wildfire with Red Canary via email

  • Updated .

This article leads you through the process of integrating Palo Alto Networks Wildfire with Red Canary via email. Follow the procedure from beginning to end. 

Prerequisites 

Before you connect Palo Alto Networks Wildfire to Red Canary, make sure the following configuration requirement is met:

Step 1: Red Canary–Create a Red Canary email for alerts

Create a Red Canary provided-email to send Wildfire alerts for ingestion.

  1. From your Red Canary homepage, click the Integrations dropdown, and then click Alert Sources.
  2. In the search bar, type and select Wildfire.
    1.png
  3. To configure your new alert source, scroll down and click Palo Alto Networks WildFire.
  4. Click Edit Configuration.
  5. Enter a Name for your external alert source.  
  6. Select a display category.
  7. Under the Ingest Format/Method dropdown, select Palo Alto Networks Wildfire via Email.
    2.png
  8. Click Save Configuration. This will generate the email address you will use to send Palo Alto Wildfire alerts to.
    3.png
  9. Click Edit Configuration.
  10. With your alert source configured, click Activate.
  11. With your Red Canary email generated, log in to Palo Alto Networks Wildfire.

Step 2: Palo Alto Customer Support Portal–Create a Wildfire User account

Create a Wildfire User account to enable Wildfire to send alerts to the Red Canary alert collector.

  1. Login into the Palo Alto customer support portal with your Wildfire admin account.
  2. From the Members dropdown click WildFire Users.
  3. Click Add Wildfire Users.
  4. Enter the Red Canary provided email address from Step 1.8.
  5. Click Submit.
  6. Select the wildfire device you want to connect to Red Canary.
    1.1.png
  7. Enter the required information.
  8. Click Submit.

Step 3: Red Canary–Retrieve your Wildfire activation link 

Activate your Wildfire account to start sending alert telemetry to Red Canary.

  1. From your Red Canary homepage, click the Integrations dropdown, and then click Alert Sources.
  2. Scroll down and click Palo Alto Networks WildFire.
  3. Click View Alerts.
    1.2.png
  4.  Click your Alert ID.
    1.3.png
  5. Click the Show original alert dropdown.
    1.4.png
  6. To activate the find command, press Control+F (or Command+F on a Mac).
  7. Type and search for sso.paloaltonetworks.com/welcome.
  8. From the HTML section, copy and save the URL.
    Example: https://sso.paloaltonetworks.com/welcome/testnumber://support.paloaltonetoworks.com/
    1.5.png
  9. To activate your new alert source, copy and paste the URL form Step 3.8 into a new browser window.
  10. Create a new password for your Wildfire account.
  11. Click Create My Account.

Step 4: Palo Alto Networks Wildfire–Configure email alerts

Adjust your Palo Alto Networks Wildfire settings to send generated alerts to your Red Canary-provided email.

  1. Create a Wildfire user account using the Red Canary email provided in Step 1.8.
  2. From your Wildfire dashboard, click Settings.
  3. In the Configure Alerts section, select the types of alerts you want to send Red Canary. We recommend selecting Malware, Grayware, and Phishing as these are the most useful alerts to Red Canary.
    Note: If you send Benign alerts, Red Canary will automatically mark them as “not a threat”.
    4.png
  4. Click Update Notification.

Comments

0 comments

Please sign in to leave a comment.