AutoFocus™ Administrator’s Guide
    : Build an AutoFocus Export List
    Focus
    Download PDF
    Focus
    1. Home
    2. AutoFocus
    3. AutoFocus™ Administrator’s Guide
    4. Export AutoFocus Content
    5. Export AutoFocus Artifacts
    6. Build an AutoFocus Export List
    Download PDF

    AutoFocus™ Administrator’s Guide

    Build an AutoFocus Export List

    Table of Contents

    Build an AutoFocus Export List

    To Create a CSV File that contains AutoFocus artifacts, first add the artifacts to an export list. You can build multiple export lists in AutoFocus. Grouping artifacts into different export lists allows you to easily generate separate CSV files for them.
    1. Drill down to view the details for
      WildFire
       samples returned in an AutoFocus search.
      2. Click a sample hash to view sample details.
      3. Select an operating system to view activities and behaviors observed when the sample was executed in that WildFire analysis environment.
    2. Add artifacts to an export list:
      To add a single artifact to an export list, click the drop-down for the artifact and select
      Add to Export List
      :
      Select multiple artifacts from a WildFire analysis category to add to an export list.
      1. Click the drop-down for a WildFire analysis category and select
        Select for Export List
        . This turns the drop-downs next to the artifacts into checkboxes.
      2. Select one or more artifacts from the list.
      3. Re-open the options for the category and select
        Add Selected to Export List
        .
      Add all artifacts, all suspicious artifacts, or all highly suspicious artifacts listed for an activity or behavior category to an export list.
      Only artifacts that were observed for the selected operating system are added to the export list. To add sample artifacts from a different operating system, repeat Step 1.3 using a different OS option and continue.
    3. Select an export list for the artifacts.
      Add artifacts to a new export list:
      1. Enter a name for the new export list.
      2. Click
        create new
        . This adds the artifact to the new export list.
      Add an artifact to an existing export list:
    4. View all artifacts added to an export list.
      Click
      Exports
       on the navigation pane and select the export list to which the artifacts were added in Step 3.
      • To view the latest artifacts added, select
        Sort by: Added Time
        , and click
        Sort Descending
        .
      • You can also view artifacts based on the WildFire analysis
        Section
         from which the artifact is derived. For example, a domain in the export list might have been added from the DNS Activity that WildFire detected for the sample. See the Artifact Types that can appear in each WildFire analysis section.
      • You can click any of the column headers to sort the export list in ascending (up arrow) or descending (down arrow) order.
    5. (
      Optional
      ) Remove artifacts from an export list.
      • Select artifacts you want to remove and click
        Delete Selected Items
        .
      • To remove all artifacts from an export list, you do not have to select all the artifacts; you can simply click
        Delete All Items
        . Deleting all artifacts also automatically deletes the export list.
    6. Prepare a version of the export list to export out of AutoFocus.
      Create a CSV File from the export list.

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.