Assess AutoFocus Artifacts

WildFire™ classifies previously unknown samples as either malware, grayware, benign, or phishing, so that you can then block or enforce the newly-identified traffic according to your security policy needs. When WildFire observes and executes a sample in a WildFire analysis environment, artifacts (such as file properties, behaviors, and activities) are revealed to be associated with the sample.
AutoFocus™ provides a new lens through which you can view the artifacts collected by WildFire. AutoFocus layers statistics over artifacts found to be associated with a sample, to show the number of times the artifact has been seen with other malware, grayware, or benign samples. High-risk artifacts seen frequently with malware are labeled Suspicious or Highly Suspicious, and artifacts associated with high-risk behaviors are indicated. If you Forward MineMeld Indicators to AutoFocus, AutoFocus calls attention to sample indicators that match the threat indicators you’ve forwarded.
Find high-risk artifacts in the File Analysis details of a sample. By default, AutoFocus groups similar artifacts into WildFire static and dynamic analysis sections for easy reference, though you can also view artifacts based on the sample activity timeline in the WildFire analysis environment. Add high-risk artifacts to a search, or use them to Build an AutoFocus Export List.

Related Documentation