Support for URL Analysis
The AutoFocus™ search now incorporates analysis data derived from the improved URL analysis capabilities found in the WildFire global cloud. Additionally, this service aggregates threat analysis details from all Palo Alto Networks services, enabling AutoFocus to deliver consistent web page verdicts with additional report details for more context when investigating anomalous web activity.
Report details for URLs processed by the new URL analyzers are viewable when performing an AutoFocus indicator search.
The following improvements are now available for URL searches:
Support for Cortex XDR Sample Uploads
Cortex XDR can forward suspicious samples to WildFire for analysis in addition to using its built-in local analysis engine, to provide detailed sample information and behavior analysis. Now in this release, you can search for sessions and their associated samples within AutoFocus to view the WildFire analysis details. You can also filter the contents of your dashboard based on an upload source to create reports with greater specificity.
While Magnifier has been re-branded as Cortex XDR, some of the legacy session data recorded during the Magnifier operating period (and up to 7/13/2020) remains classified as Magnifier; however, Cortex XDR began recording session data starting on 4/7/2020, resulting in a session data overlap. You can configure an AutoFocus search to produce results from both upload sources to get the combined dataset.