AutoFocus® API Reference
    : Analysis Artifacts
    Focus
    Download PDF
    Focus
    1. Home
    2. AutoFocus
    3. AutoFocus® API Reference
    4. Perform AutoFocus Searches
    5. Search Field Names
    6. Analysis Artifacts
    Download PDF

    AutoFocus® API Reference

    Analysis Artifacts

    Table of Contents

    Analysis Artifacts

    The following table provides field names and related information for analysis artifacts.
    Field Name
    Artifact Type as it Appears on AutoFocus Web Portal
    Field Type
    Acceptable Values and Examples
    sample.tasks.connection
    Connection Activity
    StringProx
    Network activity including connections, IP addresses, and country codes.
    Example:
    tcp-connection, 46.254.18.90:80 , , RU
    sample.tasks.dns
    DNS Activity
    StringProx
    DNS activity including query, response, and type.
    Example:
    a0ce.akamaiedge.net
    sample.tasks.file
    File Activity
    StringProx
    Parent process, action, and file path.
    Example:
    Program Files\Zona\utils.jar,
    sample.tasks.http
    HTTP Activity
    StringProx
    HTTP request including host, method, URL, and user agent string.
    Example:
    /T/a93E_X.jpeg
    sample.tasks.metadata_sectionsPE Metadata
    StringProx
    Metadata from PE files, including the name, virtual address, virtual size, and raw size.
    Example:
    .text , 15872 , 4096 , 15866
    sample.tasks.japi
    Java API Activity
    StringProx
    Java runtime activity.
    Example:
    load, class barcode.Get2D not found.
    sample.tasks.behavior_typeObserved Behavior
    StringProx
    Behaviors seen when a sample is analyzed by WildFire.
    Example:
    pe_sa_abnl_sect_name
    sample.tasks.miscOther API Behavior
    StringProx
    Non-Java API activity seen when a sample is analyzed by WildFire.
    Example:
    sample.exe , ZwProtectVirtualMemoryFailed , 0xc0000045 , 0xffffffff , pid=1516 , 0x0012fed8 , 0x0012fedc , 0x00000000
    sample.tasks.processProcess Activity
    StringProx
    Processes that showed activity when the sample was analyzed by WildFire.
    Example:
    cmd.exe , terminated , , Users\\Administratorexp lorer.exe"
    sample.tasks.service
    Service Activity
    StringProx
    Services that showed activity when the sample was analyzed by WildFire.
    Example:
    WINWORD.EXE , StartService , ,
    sample.tasks.user_agentUser Agent Fragments
    StringProx
    The user agent header for HTTP requests sent when the sample was analyzed by Wildfire.
    Example:
    Microsoft-CryptoAPI/6.1

    © 2024 Palo Alto Networks, Inc. All rights reserved.