AutoFocus™ What's New Guide
    : Sample Behavior Evidence
    Focus
    Download PDF
    Focus
    1. Home
    2. AutoFocus
    3. AutoFocus™ What's New Guide
    4. AutoFocus Release History
    5. New Features: March 2016
    6. Sample Behavior Evidence
    Download PDF

    AutoFocus™ What's New Guide

    Sample Behavior Evidence

    Table of Contents

    Sample Behavior Evidence

    AutoFocus™ provides a summary of the behaviors samples displayed in the WildFire® analysis environment. Now, for each observed behavior, you can see the specific sample activities that are evidence of that behavior.
    1. Perform an AutoFocus search and view the samples matched to the search.
    2. Select a sample hash to view sample details.
    3. Select
      Observed Behavior
      :
    4. Check the new
      Evidence
       column for the total number of sample activities that substantiate each observed behavior, and expand a single behavior for the list of matching activities.
      For each activity listed, the Type column indicates the activity category and the Value column includes activity artifacts. The artifacts displayed might vary depending on the activity category. In the example below, the File Activity artifacts provided include the parent process that showed activity, the action the process performed, and the file that was altered.
    5. (
      Optional
      ) Add the activity artifacts to an existing search or a new search.
      AutoFocus supports Multiple Active Searches. Adding the artifacts to a new search does not clear the existing search; instead, the new search is opened in a new browser tab.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.