You can now use AutoFocus™ to find suspicious
IP addresses, SHA256 hashes, URLs, user agents, and filenames in
a specific Palo Alto Networks® firewall or a set of Panorama-managed
firewalls. AutoFocus looks for matches to the suspicious artifacts
in the firewall log entries. When you launch a remote search, the
firewall or Panorama™ web interface opens in a new window and displays
the search results in Unified log view.
remote search feature is only supported in firewalls running PAN-OS®
7.1 or later release versions.
AutoFocus also now supports
the ability to integrate with third-party log management systems.
When you configure your custom system to work with AutoFocus remote
search, you can filter log or event repositories with AutoFocus
Log in to the firewall or Panorama you want to
search with your administrator username and password.
Configure the settings of the remote system.
on the management interface of your firewall or Panorama. Select the service that
matches the address of the remote system you want to search.
Add a remote system to search with AutoFocus.
the navigation pane.
Enter a descriptive
the remote system.
Select a System Type:
add a firewall or Panorama.
to add a custom system
that has been configured to integrate with AutoFocus remote search.
Enter the IP
of the remote system.
again to finish
adding the remote system. You can add up to ten remote systems.
For Panorama Device Group and Template Administrators
) For Panorama Device Group and Template administrators
(not superusers), an AutoFocus remote search targeted to Panorama
returns results based on the current Panorama