WildFire Cloud Artifacts
AutoFocus™ receives sample and session information
from WildFire™ clouds. Now,
sample and session information in AutoFocus includes the WildFire
cloud to which a sample was submitted for analysis.
- Find samples submitted to a specific WildFire cloud.
- Start an AutoFocus search with the sample artifact typeRegion.
- Select a WildFire cloud, and clickSearch.
- Click on a sample hash, and verify that the Region associated with the sample matches your selection.
It’s possible for different users to forward the same sample to more than one WildFire cloud; in this case, the Region information for the sample lists all WildFire clouds that received the sample.To find samples that have been submitted to only a single WildFire cloud (and no other WildFire clouds), set up a search for a WildFire cloud. Then, add another search condition excluding samples submitted to the other clouds from the search results. For example, to search for samples that users submitted to the WildFire global cloud only, search with the condition combined with the condition for each of the other WildFire clouds.
- Find sessions associated with a specific WildFire cloud.
- Start an AutoFocus search with the session artifact type Region.
- Select a WildFire cloud, and clickSearch.
- ClickSessionsto view session search results.
- Click on a session time stamp to view sessions details, and verify that the Region listed for the session matches your selection. A session can only be associated with a single WildFire cloud.
