You can configure AutoFocus HTTP/HTTPS alerts to send notifications as plain text to a web server using standard HTTP requests or within a secure communications channel using HTTPS requests. Additionally, AutoFocus can authenticate a user on the web server receiving the HTTPS alerts with basic user authentication, providing another layer of security. All HTTPS requests use TLS 1.2 ciphers to negotiate security settings.
Use HTTP alerts to publish information about detected samples on a web page or a threat feed.
When creating an HTTP/HTTPS alert, provide the URL of a server that has been preconfigured to parse the name-value pairs from the alert. If you are configuring an HTTPS alert with basic authentication, provide the user credentials of an account on the server receiving the notifications. Refer to the following table of field names and possible data types for the field values. The data type describes how a value should be interpreted and stored by the server.
The number of unique samples detected within the alert period
The date and time that the alert was sent in the following format: Month DD, YYYY hh:mm [AM/PM]
A list of each sample detected and the details associated with it
The date and time that the sample was detected in the following format: Month DD, YYYY hh:mm [AM/PM]
The SHA256, SHA1, and MD5 hashes of the sample
The specific tag that triggered the alert for the sample
The tag type that triggered the alert. The different alert_type values that can be displayed are:
The WildFire verdict assigned to the sample: malware or grayware.
To focus your attention on samples that exhibit malicious behavior, AutoFocus does not send alerts for benign samples.
The name of the support account that created the alert
Email Alerts AutoFocus can send alerts to your email account. In an email alert, the SHA256 hash displays as a hyperlink that opens the WildFire™ ...
Define Alert Actions
Define Alert Actions Define alert actions that you can then select to Enable Alerts by Tag Type . Defining alert actions includes choosing to receive ...
Enable Alerts by Tag Type
Enable Alerts by Tag Type Enable alerts based on Tag Types . You can choose to generate an alert for all samples in your network ...
View Alerts in AutoFocus
View Alerts in AutoFocus The Alerts Log on the dashboard displays alerts that were generated within the selected dashboard date range, beginning with the most ...
Alert Types An alert is a notification about samples that match a set of defined criteria. When you Create Alerts in AutoFocus, you have the ...
Edit Alerts Alerts are highly customizable and can be changed or deleted anytime. Change the settings of an existing alert action or alert exception as ...
New Alert Filters
New Alert Filters Select Alerts on the left-hand navigation pane to view the Alerts Log. Select the filter icon: Search for alerts based on the ...
Create Alerts Create alerts to monitor samples based on their tags. The following steps walk you through the process of creating alerts in AutoFocus: Select ...
About AutoFocus The AutoFocus threat intelligence portal enables you to quickly identify threats on your network, and to contextualize such events within an industry, global, ...