AutoFocus™ Administrator’s Guide
    : Start a Quick Search
    Focus
    Download PDF
    Focus
    1. Home
    2. AutoFocus
    3. AutoFocus™ Administrator’s Guide
    4. AutoFocus Search
    5. Start a Quick Search
    Download PDF

    AutoFocus™ Administrator’s Guide

    Start a Quick Search

    Table of Contents

    Start a Quick Search

    Start a simple search for an artifact from any page in AutoFocus™, or use the AutoFocus search editor to perform complex searches, with conditions that allow you to narrow or broaden the scope of your search.
    Toggle your view of search results to find:
    • The samples matched to your search conditions (WildFire tab).
    • The sessions during which the samples were detected (Activity tab).
    • The threat indicators found in the returned samples and the DNS history and PAN-DB categorization of the results (Indicators tab).
    After performing a search, you can drill down in sample results to find artifacts seen with that sample. For each artifact associated with a sample, AutoFocus lists the number of times the artifact has been detected with benign (
    ), grayware (
    ), and malware (
    ) samples. Artifacts that are seen disproportionately with malware are indicated to be Suspicious or Highly Suspicious. AutoFocus also makes it easy to view indicators that are found with your search results.
    Start searching through samples and sessions for matches to an artifact from any page on the AutoFocus portal.
    1. Click the spyglass icon in the support account area of the portal.
      You can also press Alt+s to open quick search. To close quick search, click the x on the top right corner of the search box or click anywhere on the dimmed area of the interface.
    2. Enter an artifact to search.
      When an artifact is incomplete, quick search suggests a list of artifact types that it recognizes.
    3. Select the scope of the search based on the artifact type.
      For example, the string ImASampleFile.pl can be a Filename, a Domain, or a URL. To search for the file ImASampleFile.pl, select an area to search under the category Filename.
      The areas to choose from vary depending on the artifact entered.
      • PanDB/pDNS—View PAN-DB categorization entries, WildFire™ active DNS history, and passive DNS history that match the artifact.
      • Go to Sample Detail—(SHA256, SHA1, and MD5 artifacts only) View details about the sample, such as its WildFire verdict (benign, grayware, malware, phishing, or benign) and analysis information.
      • Search for My Samples—Search for the artifact in your organization’s private samples.
      • Search for Public Samples—Search for the artifact in all samples that are shared to the AutoFocus community.
      • Search for All Samples—Search for the artifact in private and public samples.
      • Search for Sessions—Search for the artifact in session information.
      • Show Session Stats—View statistics based on sessions that contain the artifact.
    4. View the search results in the search editor.
    5. Choose from the following options:

    © 2024 Palo Alto Networks, Inc. All rights reserved.