AutoFocus is a cloud-based threat intelligence service that enables you to easily identify critical attacks, so that you can triage effectively and take action without requiring additional IT resources. AutoFocus correlates threat data from your network, industry, and global intelligence feeds, and surfaces what’s most important. This includes giving you a direct pipeline to actionable intelligence from Unit 42, the Palo Alto Networks threat research team—AutoFocus lets you know if adversaries and campaigns discovered by Unit 42 have targeted your network, or networks like yours.
Release Highlights
| Date | Highlights |
|---|---|
| August 2021 | AutoFocus™ support for MineMeld has reached end-of-life and will no longer be accessible from the AutoFocus portal. For more information about migration to the Cortex XSOAR Threat Intel Management platform or alternative solutions, refer to the MineMeld End-of-Life Announcement. |
| May 2021 | The AutoFocus™ search mechanism has been improved to optimize performance and reliability. |
| October 2020 | AutoFocus™ now integrates analysis and session data from samples uploaded to the WildFire cloud from Cortex XDR. This provides a centralized view of all your upload sources to help your organization assess the attack surface and specific attack vectors that make your organization vulnerable to threats. The AutoFocus™ search now incorporates analysis data derived from the improved URL analysis capabilities found in the WildFire global cloud. |
| September 2020 | AutoFocus™ now integrates analysis and session data from samples uploaded to the WildFire cloud from Prisma Access. This provides a centralized view of all your upload sources to help your organization assess the attack surface and specific attack vectors that make your organization vulnerable to threats. The DNS Security dashboard has also been improved to display additional DNS Security logging information based on your organization’s firewall security policy rules, associated action, and the DNS query details. |
| April 2020 | AutoFocus™ now consumes additional statistics data generated by the DNS Security Cloud service to provide a fast, visual assessment report of your organization’s DNS usage. This new dashboard allows you to visually examine your DNS request statistics for context into network activity as well as insights into how to combat DNS based threats. |
| March 2020 | AutoFocus™ now embeds a WildFire analysis report, with new threat data contexts, (including a causality chain visualization, a WildFire verdict rationale, and a breakdown of detected IoCs, behaviors, and sample processes), directly into your AutoFocus sample details page. |
| November 2019 | Introducing AutoFocus™ 2.0! In this November release, we made a multitude of updates to AutoFocus, including a refreshed user interface with a modern look and feel, a streamlined search with options that are quicker and easier to use, and support for custom threat indicator feeds, which enable you to create EDL and URL lists with actionable threat data so that you can better safeguard your network. |
| May 2019 | AutoFocus shows you the malicious domains that DNS Security has identified through machine learning and predictive analytics. |
| March 2019 | More WildFire Data! See hashes for files that were found to be embedded within another document, and the compilation timestamp for an executable (unusual timestamps can indicate tampering). |
| Feb 2019 | AutoFocus displays all the categories that PAN-DB—the URL Filtering cloud—has assigned to a URL, including the URL's risk category (high, medium, or low). |
| Nov 2018 | Investigate script-based malware, which has become a common vector of attack. |
| Oct 2018 | Check out some usability updates we've made to widgets and reports. |
| Sep 2018 | Get visibility into files that have undergone dynamic unpacking—this means they've been encoded using custom or open source file compression or packing tools. |
| Looking for more? | See what else we've been working on... |
Spotlight
Documentation
AutoFocus™ Administrator’s Guide
AutoFocus™ is a threat intelligence service that provides an interactive, graphical interface for analyzing and contextualizing the threats your network faces. AutoFocus especially helps you to keep up with threat trends related to targeted cyberattacks, so that you can take a preventive approach to securing your network. The AutoFocus Administrator's Guide gives you everything you need to get started with AutoFocus: learn about how AutoFocus works, set up meaningful alerts for advanced attacks, and even use AutoFocus IoCs to enforce security policy on a Palo Alto Networks firewall.
AutoFocus™ What's New Guide
Learn all about the latest features in AutoFocus, the Palo Alto Networks threat intelligence service. For each new feature we describe, we've also included steps to get started. You'll also find a list of open issues that we’re working on to improve your AutoFocus experience.
AutoFocus™ API References
The AutoFocus™ API extends the ability to query the threat intelligence cloud through a programmatic, RESTful API. You can integrate this API into a third-party service, application, or script that accesses AutoFocus outside of the web portal. API responses are in JSON or XML-based STIX format.
Videos
Become a Threat Hunter: AutoFocus Innovations
Intro to the AutoFocus API
AutoFocus Integration With Firewall Logs
Finding Ransomware with AutoFocus and Aperture
