AutoFocus Known Issues
Table of Contents
Expand all | Collapse all
- New Features October 2020
- New Features September 2020
- New Features: August 2020
- New Features: April 2020
- New Features: November 2019
- New Features: May 2019
- New Features: March 2019
- New Features: February 2019
- New Features: November 2018
- New Features: October 2018
- New Features: September 2018
- New Features: August 2018
- New Features: July 2018
- New Features: June 2018
- Search Keyboard Shortcuts
- Export AutoFocus Tag, Search, and Indicator Data
- Indicator Page Enhancements
- API Support for Sample Behavior Evidence
- API Support for Signature Coverage
- WildFire DNS History for Domains, URLs, and IP Addresses
- Process Tree
- Default Search Scope
- Sort by Column Headers
- Find Tags with the Most Recent Comments
AutoFocus Known Issues
The following list includes known issues found in the current AutoFocus release.
In some instances, AutoFocus search results might not properly display when paging through an undetermined number of samples with the error: No data to display.
Accessing AutoFocus Threat Intelligence data from the firewall might fail with a 500 server error.
The AutoFocus Dashboard and Report widgets might fail to load data.
The Top Tags widget fails to load data in the Total # Samples and Last Hit columns.
The Top Sample widget fails to load properly in the My Industry and All reports.
AutoFocus advanced searches using the Threat Name indicator do not properly generate results.
AutoFocus sample and session search results cannot be sorted, with the exception of a Sort Descending / First Seen option for sample searches.
Changes to the Preferred Scope setting on the AutoFocus Settings page does not take affect until you perform one of the following tasks:
When using the AutoFocus advanced search, the show search history feature does not display any entries.
The timestamp shown on email report titles do not accurately reflect when the report was actually sent because report scheduling is based on a PDT system, while reports are generated using UTC time. As a result, an email report configured to be sent on Monday, 9:00 PM will be display Tuesday, 5:00 AM on the report cover.
A private sample cannot be changed to a public sample from an AutoFocus Wildfire (sample) search.
When viewing the API request of an AutoFocus search, the Python and Curl commands might not properly reflect the from, size, and sort, parameters.
Attempting to add or remove the configured preferred hash column from the WildFire (samples) or Activity (sessions) page might result in: the de-selection of some or all other columns in the list or the inability to remove the configured preferred hash.
Tag labels might not be displayed in it’s entirety depending on the widget configuration and the length of the tag name.
In some instances, the
Searchoption on the custom feeds page takes some time to reload the new query results.
Changes made to the preferred hash setting does not have any effect on AutoFocus searches. Instead, only
SHA256results display regardless of the preferred hash setting.
If the required query parameters are missing when issuing a Threat Indicator Card API call, the API returns in the incorrect status codes.
Time stamps shown in various AutoFocus queries are displayed in a non-human readable format when editing custom feeds.
When editing the
Remote Systemconfiguration, the verification check used to find duplicate settings, is not properly executed. Make sure to manually check for duplicate settings before editing your existing remote systems.
If AutoFocus experiences a supporting service outage when configuring a custom feed query or when initiating a search, the UI erroneously displays No Results or No Data instead of Service Temporarily Unavailable.
The search condition that is automatically populated by AutoFocus when performing a
Quick Searchis not refreshed when followed up by another
AutoFocus automatically populates the search condition field when pivoting from an
Indicatorssearch to a
Activitysearch, however, returning to the
Indicatorssearch results in an empty search string.
Error message banners shown under AutoFocus
Feedsdo not automatically close.
Some samples might be missing the ssdeep and imp_hash values on the
File Analysistab of a WildFire (sample) search.
The session artifact API call is unable to decode special characters.
Some of the identifiers contained in the AutoFocus advanced search drop down list are not listed in alphabetical order.
Certain samples do not properly display matching YARA file analysis details.
Some threat signatures might not be available to view in AutoFocus under certain operational conditions.
Malware Session Percentage By Daywidget does not auto-zoom to the proper level when opened using a saved search.
The AutoFocus license exception page does not correctly display the user entity name.
In some instances, AutoFocus might not allow you to create a new private tag because it erroneously believes the 100 tag limit was reached.
In some instances, an AutoFocus search using the
Tagidentifier might produce results that do not match the selected tag(s).
In some instances, the
Updatedfield in the AutoFocus tag detail page might not properly reflect the actual revision date.
In some instances, creating a search using the File Type indicator and subsequently adding an additional indicator before the first one finishes loading, might result in the second indicator converting to a File Type indicator.
MineMeld might send double the number of entries in an EDL link to a connected firewall running PAN-OS 8.0.
When the AutoFocus interface font size is increased, some elements of the information panel (such as the
Give Feedbacklink) might not display correctly.
The filetype counts shown in the
Top Filetypeswidget do not always match the figures provided through the API.
When the maximum allowable tag limit of 100 is reached, subsequent attempts to add tags will fail without an displaying an error.
In some instances, deleted scheduled reports might continue to automatically generate and send reports to specified recipients.
Certain APK samples might not show the
Suspicious Patternsection in the
In some instances, scheduled email reports might not be sent as configured.
New custom reports are not displayed in
Reportsuntil the page is refreshed.
Threat Namesearches using the
is in the listoperator do not generate consistent search results.
The sort functionality present in
Open Saved Searchdoes not properly display content, depending on the sort settings used.
Certain widgets displaying verdicts are not impacted by the dashboard and report verdict filter settings.
Top Malware Family Tags,
Top Campaign Tags, and
Top Malicious Behavior Tagswidgets are preconfigured to display only Unit 42, Private, and Commodity tags. However, the
Top Tagswidget can be configured using any and all tags.
In some instances, exported PDF reports containing a
Malware Percentage by Daywidget might result in the data graph overlapping with the explanatory key, depending on the browser used.
External links contained in exported PDF reports have limited functionality.
Diskwidget located in the MineMeld System tab does not show accurate disk space usage.