AutoFocus™ Administrator’s Guide
    : Domain, URL, and IP Address Information
    Focus
    PDF Cover Image
    Download PDF
    Focus
    1. Home
    2. AutoFocus
    3. AutoFocus™ Administrator’s Guide
    4. Domain, URL, and IP Address Information
    PDF Cover Image
    Download PDF

    AutoFocus™ Administrator’s Guide

    Domain, URL, and IP Address Information

    Table of Contents

    Domain, URL, and IP Address Information

    When searching for a domain, URL, or IP address artifact, the Domain, URL & IP Address Information tab displays information about the artifact from PAN-DB, the global URL database that Palo Alto Networks uses for its URL filtering service. The tab also provides logs of DNS activity from all samples analyzed with WildFire and passive DNS history where AutoFocus detected instances of the artifact. This information can help you assess whether a specific domain, URL, or IP address is associated with suspicious behavior.
    Domain, URL, and IP Address Details
    PAN-DB Categorization
    View URLs associated with the domain, URL, or IP address through PAN-DB and the PAN-DB category for each URL.
    WildFire DNS History
    View a log of domain to IP address mappings based on all samples that launched a request to connect to a domain during Wildfire Analysis.
    Passive DNS History
    View a passive history of domain to IP address mappings that contain matches to the artifact your searched for.
    1. Find domain, URL, and IP address information for an artifact.
      Find information for a specific domain, URL, or IP address:
      1. Work with the Search Editor to set up a search with the following types of artifacts: Domain, URL, IP Address, DNS Activity, or APK Embedded URL.
      2. Click the target icon or expand the search result listed under the Domain, URL & IP Address Information tab.
      Find information from the file analysis details for a sample:
      1. Begin a new advanced search.
      2. Click a sample hash to view sample details.
      3. View the full DNS Activity details for the sample.
      4. Click the drop-down for any domains, URLs, or IP addresses, and select Domain and URL info...
        See Assess AutoFocus Artifacts for details on drilling down in the file analysis details for a sample.
    2. Review the Domain, URL, and IP Address Details for the artifact.
      Find matches to the artifact in the Request and Response columns.
    3. Choose from the following next steps.

    © 2024 Palo Alto Networks, Inc. All rights reserved.