New Features: April 2020

The following topics provide a snapshot of the AutoFocus features introduced in April 2020. This list provides context for the new features, with steps to get started.
DNS Security Dashboard
AutoFocus™ now consumes additional statistics data generated by the DNS Security Cloud service to provide a fast, visual assessment report of your organization’s DNS usage.
af-dns-security-dashboard.png
You can use this report to:
  • View a breakdown of DNS requests passing through your network based on DNS traffic types.
  • Compare your organization’s DNS usage to other organizations within the industry as well as against globally collected data, including a list of domain requests found exclusively in your network.
  • Cross reference and analyze suspicious domains using the cumulative threat data managed by AutoFocus.
  • See which firewalls in your network have DNS Security enabled, at a glance.
  • For expanded information, you can click on
    See all>
    to pivot into a complete results list with additional filtering options.
The DNS Security data available to you depends on which license(s) you currently possess.
  • If you have active DNS Security and AutoFocus licenses, you have full access to all content within the AutoFocus portal.
  • If you have an active DNS Security license, but no AutoFocus license, you can only access your organization’s DNS statistics data from the DNS Security content tab. Additionally, your AutoFocus search options are limited to IP address and domain searches.
  • If you have an active AutoFocus license, but no DNS Security license, the DNS Security content tab will not be available in the AutoFocus portal.
For more information about the concepts referenced in this feature, refer to: The DNS Security Service
Embedded WildFire Reports
AutoFocus™ now provides the full contents of WildFire analysis reports as part of your AutoFocus sample search results. The added information enables you to delve deeper into the operational details of WildFire analysis for additional context on the sample threat posture, behavior, introduction into your network, as well as correlated threat data.
af-search-wildfire-report.png
New threat data contexts include:
  • Causality Chain
    —Displays a visualization of all processes, files, and network calls and their associated behaviors, actions and detection reasons, for samples determined to be part of a larger sequence of events using analysis data provided by WildFire.
    wildfire-report-causality-chain.png
  • Detection Reasons
    —Lists the determining factors why WildFire has reached a particular verdict for a given sample.
    wildfire-report-detection-reasons.png
  • Indicators of Compromise
    —Lists threat indicators that AutoFocus detected in the sample’s WildFire analysis details.
    wildfire-report-ioc.png
  • Detected sample processes and behaviors
    —Lists the file behavior activities and various identifier objects observed by WildFire during sample analysis.
    wildfire-report-analyst-behavior.png
For more information about the concepts referenced in this feature, refer to:
AutoFocus API Changes
The following AutoFocus™ API updates and additions have been introduced in this release.
  • New AutoFocus API Endpoints
    —Additional APIs have been added to AutoFocus as part of a larger initiative to integrate ThreatVault functionality into Autofocus. With these APIs, you can perform GET and POST requests for antivirus, anti-spyware (DNS), vulnerability signatures, as well retrieve geolocation information based on the IP address and DNS signatures.
    For more information on these APIs, refer to the AutoFocus API Guide.

Recommended For You