AutoFocus™ Administrator’s Guide
    : General Artifacts
    Focus
    Download PDF
    Focus
    1. Home
    2. AutoFocus
    3. AutoFocus™ Administrator’s Guide
    4. AutoFocus Search
    5. Artifact Types
    6. General Artifacts
    Download PDF

    AutoFocus™ Administrator’s Guide

    General Artifacts

    Table of Contents

    General Artifacts

    General artifacts are artifacts that WildFire associates with both samples and sessions. For example, you can use the artifact type Domain to search based on domains found in samples and sessions.
    Some general artifacts are tag-related. If you search with a tag-related artifact, the search results display all samples that have one or more tags that meet the search criteria, and their related sessions.
    The following general artifact types refer to private session information: Domain, Email Address, Filename, IP Address, and URL. If any of your private tags use these artifact types as tag conditions, you cannot make these tags public.
    Artifact Type
    Search with this Artifact Type to Find...
    Domain
    A domain detected in the DNS Activity or HTTP Activity of a sample, or the File URL.
    Email Address
    An Email Recipient Address or Email Sender Address.
    Filename
    The File Name of the sample or a filename that AutoFocus found in the File Activity of a sample.
    Hash
    The sample’s MD5, SHA1, or SHA256 hash. The search results also include samples in which AutoFocus found the hash in the File Activity of the sample.
    • SHA1 hashes are only available for samples submitted after 10-17-2014.
    • Macros contained within a sample do not support SHA1 hashing.
    Hash Lookup
    The sample’s MD5, SHA1, or SHA256 hash. The search results only include samples based strictly on the primary sample hash value. Samples in which matching hashes are found in the File Activity of the sample are not included in the results.
    IP Address
    A File URL, Source IP, or Destination IP in a session, or an IP address detected in the Connection Activity, DNS Activity, or HTTP Activity of a sample.
    Tag
    Samples with a specific tag.
    Tag Alias
    Samples filtered by Tag Alias.
    Tag Class
    Samples filtered by Tag Class: a malware family, a campaign, an actor, an exploit, or a type of malicious behavior.
    Tag Group
    Samples filtered by the specified Tag Group.
    Tag Scope
    Samples filtered by Tag Scope: private, public, Unit 42 (alerting), or Unit 42 informational (non-alerting).
    Tag Source
    Samples with tags that are attributed to a particular Tag Source.
    Threat Name
    Samples that match a particular threat signature.
    URL
    A File URL or a URL detected in the HTTP Activity of a sample.
    User Agent
    A user agent header detected in the HTTP Activity or User Agent Fragments of a sample. The user agent header indicates your browser type and version and your operating system and version. During a session, your browser sends this information to the site you are visiting to determine the best way to deliver the information you requested. Examples of user agent strings include Mozilla/4.0 and Windows NT 6.1.
    Saved Search
    A user-configured search setting used to quickly apply search conditions.

    © 2024 Palo Alto Networks, Inc. All rights reserved.