AutoFocus® is a cloud-based threat intelligence service that enables you to easily identify critical attacks, so that you can triage effectively and take action without requiring additional IT resources. AutoFocus correlates threat data from your network, industry, and global intelligence feeds, and surfaces what’s most important. This includes giving you a direct pipeline to actionable intelligence from Unit 42, the Palo Alto Networks threat research team—AutoFocus lets you know if Unit 42’s newly-discovered adversaries, campaigns, and exploits have targeted your network, or networks like yours.
|Nov 2018||Support for Script Sample Analysis|
|Sep 2018||Support for Samples that have Undergone Dynamic Unpacking|
|Jul 2018||Customizable Widgets|
|May 2018||Simplified AutoFocus Searches|
|May 2018||Scheduled Reporting|
Learn all about the latest features in AutoFocus, the Palo Alto Networks threat intelligence service. For each new feature we describe, we've also included steps to get started. You'll also find a list of open issues that we’re working on to improve your AutoFocus experience.
AutoFocus™ is a threat intelligence service that provides an interactive, graphical interface for analyzing and contextualizing the threats your network faces. AutoFocus especially helps you to keep up with threat trends related to targeted cyberattacks, so that you can take a preventive approach to securing your network. The AutoFocus Administrator's Guide gives you everything you need to get started with AutoFocus: learn about how AutoFocus works, set up meaningful alerts for advanced attacks, and even use AutoFocus IoCs to enforce security policy on a Palo Alto Networks firewall.
The AutoFocus™ API extends the ability to query the threat intelligence cloud through a programmatic, RESTful API. You can integrate this API into a third-party service, application, or script that accesses AutoFocus outside of the web portal. API responses are in JSON or XML-based STIX format.