I didn't realize Wildfire can issue multiple verdicts for a submitted file. So it can indeed issue a verdict of malicious AND phishing? At 10:28 the presenter says "either malicious OR phishing verdicts" so I'm wondering if that connector should have been "or" instead.
at 9:00 where you created the filter for WildFire logs - you used an 'and' operator but afterwards you kept speaking of it as though it was an 'or' operator. Is that a mistake ? Does it need to match both malicious and phishing to be forwarded - or would a match on either result in the log being forwarded ?
No, what he created means that it would have to match on both the 'malicious' and 'phishing' categories or it will not send the log. Based on how he built this, he's going to be missing a lot (if not all) of the alerts he's hoping to receive from the Wildfire Log Type. The correct connector, in this case, would to have the setting of "Or" as opposed to "And" in order to trigger a log forward condition on either one of these filters.
![ILLSLICK - THE KING'S LANDING [Freestyle]](http://i.ytimg.com/vi/feIJJnNkTfk/mqdefault.jpg)
Thanks...this is very helpful. Kindly make a session for paloalto mschapv2 configuration with Radius server
I didn't realize Wildfire can issue multiple verdicts for a submitted file. So it can indeed issue a verdict of malicious AND phishing? At 10:28 the presenter says "either malicious OR phishing verdicts" so I'm wondering if that connector should have been "or" instead.
agree, should be OR
at 9:00 where you created the filter for WildFire logs - you used an 'and' operator but afterwards you kept speaking of it as though it was an 'or' operator. Is that a mistake ? Does it need to match both malicious and phishing to be forwarded - or would a match on either result in the log being forwarded ?
No, what he created means that it would have to match on both the 'malicious' and 'phishing' categories or it will not send the log. Based on how he built this, he's going to be missing a lot (if not all) of the alerts he's hoping to receive from the Wildfire Log Type. The correct connector, in this case, would to have the setting of "Or" as opposed to "And" in order to trigger a log forward condition on either one of these filters.
Excellent video.
What about user id logs? I cannot add a match condition for user id logs ina log forwarding profile.
Check under Device > logging settings for User-ID log forwarding