Remote Search
Table of Contents
Expand all | Collapse all
-
- New Features October 2020
- New Features September 2020
- New Features: August 2020
- New Features: April 2020
- New Features: November 2019
- New Features: May 2019
- New Features: March 2019
- New Features: February 2019
- New Features: November 2018
- New Features: October 2018
- New Features: September 2018
- New Features: August 2018
- New Features: July 2018
- New Features: June 2018
Remote Search
You can now use AutoFocus™ to find suspicious
IP addresses, SHA256 hashes, URLs, user agents, and filenames in
a specific Palo Alto Networks® firewall or a set of Panorama-managed
firewalls. AutoFocus looks for matches to the suspicious artifacts
in the firewall log entries. When you launch a remote search, the
firewall or Panorama™ web interface opens in a new window and displays
the search results in Unified log view.
The
remote search feature is only supported in firewalls running PAN-OS®
7.1 or later release versions.
AutoFocus also now supports
the ability to integrate with third-party log management systems.
When you configure your custom system to work with AutoFocus remote
search, you can filter log or event repositories with AutoFocus
search conditions.
- Log in to the firewall or Panorama you want to search with your administrator username and password.
- Add a remote system to search with AutoFocus.
- SelectSettingson the navigation pane.
- Add newremote systems.
- Enter a descriptiveNamefor the remote system.
- Select a System Type:
- SelectPanOSto add a firewall or Panorama.
- SelectCustomto add a custom system that has been configured to integrate with AutoFocus remote search.
- Enter the IPAddressor URL of the remote system.
- Save changes.
- Save changesagain to finish adding the remote system. You can add up to ten remote systems.
- (For Panorama Device Group and Template Administrators Only) For Panorama Device Group and Template administrators (not superusers), an AutoFocus remote search targeted to Panorama returns results based on the current PanoramaAccess Domainsetting. Panorama administrators with role-based access control must first open the Panorama web interface, selectand set theMonitorLogsAccess Domainfor which to view search results. Return to the AutoFocus portal to execute your remote search.
- Start a remote search.
- SelectSearchon the navigation pane.
- ClickRemote Search.
- Add IP addresses, URLs, user agents, SHA256 hashes, or filenames to the remote search.You can add artifacts from the results of an existing search to the remote search. OpenRemote Searchagain to verify that the artifact was added as a search condition.
- Set the remote search to findAnyorAllof the artifacts on the targeted system.
- Select one or moreRemote systems to search.
- ClickSearch.
- View the search results. A new browser tab opens for each remote system.If no browser tabs open when you launch remote search, change the settings on your browser to allow pop-ups from AutoFocus.The Unified log displays all log entries that contain the artifacts added to the remote search.If the remote search is for Panorama, the Unified log displays log entries from all managed firewalls, including those that are running PAN-OS 7.0 and earlier release versions.If the remote search is for a custom system, the custom system opens in a new tab, with the URL formatted to include the conditions specified in the remote search.
- Next steps:
- Learn more about working with Unified logs on the firewall.
- View more details on how to set up remote search.
- Explore more ways to use AutoFocus with the PaloAlto Networks firewall.