Sessions artifacts are artifacts that WildFire associates with sessions only. You can find the following artifact types when you view Sample Details. Note that you can only view the details of sessions associated with your support account. For this reason, when you search with artifact types that refer to firewall-related properties (for example, firewall serial number or hostname), AutoFocus filters the search results by the properties of the Palo Alto Networks firewall(s) that initiated the session.
The following session artifact types refer to private session information: Device Hostname, Device Serial, Device vsys, Destination IP, Email Recipient Address, Email Charset, Email Sender Address, Email Subject, File Name, File URL, Recipient User ID, and Source IP. If any of your private tags use these artifact types as tag conditions, you cannot make these tags public.
Search with this Artifact Type to Find...
The country to which the IP address on a firewall is registered.
A name that identifies a Palo Alto Networks firewall. To view the hostname for a firewall, log in to the firewall web interface, select
, and view the General Settings.
The serial number of a firewall.
The name of the virtual system on the firewall associated with the session.
The country of the IP address to which the session was destined.
The destination IP address of the session.
The destination port that the session used.
Email Recipient Address
For email samples, the email address of the user who received the email.
For email samples, the character set used to display the message body of an email. Examples of character sets are
Email Sender Address
For email samples, the email address of the sender.
For email samples, the subject of the email.
The filename of the sample sent during the session.
The URL path for the source that hosts the sample.
The 15-digit unique International Mobile Equipment Identity number assigned to a mobile phone.
Industry indicates the field that the source of the session (you or another AutoFocus support account) is associated with. Examples are
Aerospace and Defense,
High Tech, and
Education. Industry is a field you select when you initially set up your AutoFocus account. Contact Palo Alto Networks Support to change it.
Recipient User ID
The username of the user who received an email sample.
The WildFire cloud (global or regional) to which a sample is submitted for analysis. A session in the AutoFocus search results provides information about how a source submitted a sample to WildFire. Since each session corresponds to a single WildFire submission, it can only be associated with a single WildFire cloud.
The SHA-256 hash for the sample associated with the session.
The country to which the IP address that initiated the session is registered.
The IP address of the session source.
The source port that the session used.
All samples that a Palo Alto firewall blocked. The Status for blocked samples is
Blocked, while the status for allowed samples is blank. To find all allowed samples, search with the condition
The time and date when the session started.
The source that requested a WildFire verdict for a sample or submitted a sample to WildFire for analysis.
Choose from a list of possible upload sources: