AutoFocus® API Reference
    : AutoFocus API Overview
    Focus
    Download PDF
    Focus
    1. Home
    2. AutoFocus
    3. AutoFocus® API Reference
    4. About the AutoFocus API
    5. AutoFocus API Overview
    Download PDF

    AutoFocus® API Reference

    AutoFocus API Overview

    Table of Contents

    AutoFocus API Overview

    The AutoFocus API provides several AutoFocus API Resources to aid in the retrieval of threat intelligence.
    Depending on the resource, your requests are either indirect (asynchronous) or direct (synchronous). When you Perform AutoFocus Searches for samples, sessions, or aggregate data, you first initiate a search and then make further requests to get the results of your search. For other resources, such as when you request session details and analysis reports, you Perform Direct Searches and immediately get corresponding data. The AutoFocus API uses either JSON, which returns JSON, or XML, which returns data in XML-based STIX format. Learn more about AutoFocus API STIX Support. Using the POST method for requests, you can do the following:
    • Search for threat intelligence samples and sessions.
    • View aggregate data, such as popular malware, applications, and source countries.
    • View file analysis data related to a specified sample.
    • Get tag lists, popular tags, and tag details.
    • Export lists based on previously saved threat artifacts.
    Potential uses of the AutoFocus API include:
    • Automated feed extraction of threat analysis—Leverage the AutoFocus API to integrate key data into a third-party dashboard or service such as Splunk.
    • Automated hash extraction for blocking attacks—Use the AutoFocus API to provide a layered approach to threat prevention. For example, your organization can use the AutoFocus API in conjunction with a firewall to look up sample hashes and block identified threats.
    • Automated import of threat intelligence on your firewall—Use the AutoFocus API to look up hashes and corresponding tags to create custom block lists on your firewall.
    To make requests, you must Get Your API Key, which you use to authenticate API calls. Each license uses one API key, regardless of the number of users.
    To control the number of requests you can make, you need to observe AutoFocus API Rate Limits, which is a point system to track and rate limit API calls.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.