AutoFocus™ Administrator’s Guide
    : Create a CSV File
    Focus
    Download PDF
    Focus
    1. Home
    2. AutoFocus
    3. AutoFocus™ Administrator’s Guide
    4. Export AutoFocus Content
    5. Export AutoFocus Artifacts
    6. Create a CSV File
    Download PDF

    AutoFocus™ Administrator’s Guide

    Create a CSV File

    Table of Contents

    Create a CSV File

    Generate a CSV file from the artifacts that were added to an export list. By default, the CSV file is formatted to contain a single row for each artifact; the row includes full WildFire analysis details for the artifact, and commas separate the WildFire analysis details within each row.
    You can format the CSV file to support a block list for a Palo Alto Networks firewall and to export additional artifact metadata.
    1. Build an AutoFocus Export List.
    2. Click Exports on the navigation pane.
    3. Select an export list to open, and choose artifacts to export:
      Export all artifacts in an export list:
      1. Click Export All Items.
      2. Verify that the Export Rows option is set to All.
        To quickly export all artifacts from the Exports page, click Export in the Actions column of the export list.
      Export artifacts based on the time period they were added to an export list:
      1. Click Export All Items.
      2. Set Export Rows to In Date Range.
      3. Use the Added Time fields to export artifacts based on the date and time range that the artifact was added to the export list.
        To quickly export artifacts within a date range from the Exports page, click Export in the Actions column of the export list.
      Export selected artifacts:
      1. Select one or more artifacts to export:
      2. Click Export Selected Items.
    4. (Optional) Format the CSV file to be compatible with a Palo Alto Networks firewall.
      Select Formatted for PAN-OS block list.
      You can use the CSV file as a dynamic block list (PAN-OS 7.0 or earlier) or an external dynamic list (PAN-OS 7.1 or later), but the firewall only supports certain types of artifacts. Learn more about how to Use Export Lists with the Palo Alto Networks Firewall.
    5. (Optional) Export additional artifact data.
      Select Export Metadata.
      This option adds the following columns to each artifact row:
      • Added Time—The date and time that the artifact was added to the export list.
      • Section—The artifact activitycategory.
      • Label—The name of the export list.
      • Value—The artifact that was added to the export list.
      • SHA256—The SHA256 hash of the sample that the artifact was found with.
      • SHA1—The SHA1 hash of the sample that the artifact was found with.
      • MD5—The MD5 hash of the sample that the artifact was found with.
      • Author Email—The email address of the user who added the artifact to the list.
    6. Select Export to generate the CSV file.
      Use the CSV file to import AutoFocus data into a security information and event management (SIEM) tool, or Use Export Lists with the Palo Alto Networks Firewall.

    © 2025 Palo Alto Networks, Inc. All rights reserved.