About AutoFocus

The AutoFocus threat intelligence portal enables you to quickly identify threats on your network, and to contextualize such events within an industry, global, and historical context. AutoFocus harnesses data from WildFire™, the PAN-DB URL Filtering database, Unit 42, and from third-party feeds (including both closed and open-source intelligence). AutoFocus then makes the data searchable and layers the data with statistics that both highlight pervasive malware and reveal connections between malware.
Take a look at the following table for an overview of AutoFocus features that allow you to prioritize, contextualize, and address threats affecting your network.
I want to...
How can I do this with AutoFocus?
...prioritize events in my network environment.
  • Look at the dashboard.
    The AutoFocus dashboard visually weights threat Artifacts and statistics to bring focus to pervasive events.
  • Check samples for high-risk artifacts.
    When WildFire analyzes a sample, it finds certain activities, properties, and behaviors to be associated with that sample. AutoFocus indicates the
    artifacts
    that are most likely to be detected with malware as Suspicious or Highly Suspicious. You can Find High-Risk Artifacts in AutoFocus search results.
  • Create custom alerts.
    Create alerts based on Tags to keep track of samples linked to high-risk artifacts. AutoFocus can send notifications to your email account or web server.
  • Distinguish between advanced threats and commodity malware.
    Unit 42 publishes Unit 42 Tag (Alerting) and Unit 42 Informational Tag (Non-Alerting) in AutoFocus that allow you to distinguish between threats or campaigns with global impact (Unit 42 alerting tags) and less impactful threats that do not pose a direct or immediate security risk (Unit 42 informational tags).
...gain context around an event.
  • Toggle the dashboard.
    You can move between views that show the top activity for your network, for your industry, and on a global scale. You can also filter any dashboard view to display data for a specific date range.
  • Use the search editor.
    • Search results provide detailed analysis information for samples, including all artifacts found to be associated with a sample during WildFire analysis. For each artifact, the number of times that WildFire has detected the artifact with malware, benign, and grayware samples is listed.
    • Drill down and pivot through search results to discover threat variants. You can add high-risk artifacts to your search as you go.
    • You can filter your view of search results to show only results from your network or from all public samples.
...leverage AutoFocus data.
  • Enable Unit 42 alerts.
    You can enable alerts from Unit 42, the Palo Alto Networks threat intelligence team. You can also set up prioritized alerts for your private tags or for public tags shared by the AutoFocus community.
  • You can add high-risk artifacts to be used with a Palo Alto Networks firewall block list or external dynamic list, or to support a security information and event management (SIEM) solution.
Get Started

Related Documentation