New Features September 2020

The following topics provide a snapshot of the AutoFocus features introduced in September 2020. This list provides context for the new features, with steps to get started.
Support for Prisma Access Sample Uploads
Prisma Access can now forward suspicious samples to WildFire for analysis. You can search for these samples within AutoFocus to view the WildFire analysis details, as well as their related sessions.
If you filter your AutoFocus Dashboard to display artifacts from only Prisma Access, the Top Firewall and Source Countries widgets are not displayed in the report, as these data points are not applicable to Prisma Access.
  • Configure your search to find samples that were sent to WildFire from Prisma Access. For example, create a search matching the condition
    Upload Source > is > Prisma Access
    , and then click
    Search
    .
    af-prisma-saas-match-condition.png
  • Click on a sample hash to view the sample details. For more information about reviewing and understanding your search results, see Drill Down in Search Results.
Additionally, the
Device Serial
session artifact has been changed to
Observed In
for logical consistency with the new Prisma Access upload source. All instances where device serial would normally appear, including as search conditions and session results, have been updated with the new phrasing.
  • af-session-observed-in-dropdown.png
  • af-session-observed-in-search.png
For more information about the concepts referenced in this feature, refer to: AutoFocus Search
DNS Security Logging Enhancements
AutoFocus™ now displays additional DNS Security logging information based on your organization’s firewall security policy rules, associated action, and the DNS query details. These new fields include:
  • Action
    —Displays the policy action taken on the DNS query.
  • Type
    —Displays the DNS record type.
  • Response
    —The IP address that the domain in the DNS query got resolved to.
  • Response Code
    —The DNS response code that was received as an answer to your DNS query.
  • Source IP
    —The IP address of the system that made the DNS request.
  • Source User
    —When the firewall User-ID feature is enabled, the identity of the DNS requester is shown.
  • Source Zone
    —The configured source zone referenced in your security policy rule.
The
Firewall SN
column label has been changed to
Observed In
for logical consistency with the new Prisma Access upload source.
Additionally, the
Domain
column label and been changed to
Request
to more accurately reflect possible entry types.
For more information about the concepts referenced in this feature, refer to: AutoFocus DNS Security Dashboard

Recommended For You