: General Artifacts
Focus
Focus

General Artifacts

Table of Contents

General Artifacts

The following table provides field names and related information for general artifacts.
Field Name
Artifact Type as it Appears on AutoFocus Web Portal
Field Type
Acceptable Values and Examples
alias.domain
Domain
domain
Domain seen within DNS Activity, HTTP Activity, or File URL.
alias.email
Email Address
alias
Email address seen within email recipient address or email sender address.
alias.filename
Filename
alias
Valid filename as detected within a session or File Activity field.
alias.hash
Hash
alias
Valid SHA256, SHA1, or MD5 hash
Example:
eb4559d2debb5de11b3a90536ef36709de394b91c1e9a981e4987c4c02036b52
alias.ip_address
IP Address
alias
A IP address as it appears in connection activity, DNS activity, or HTTP activity.
sample.tag
Tag
tagList
Valid AutoFocus tag.
Example:
Parite
sample.tag_alias
Tag Alias
typeAheadSelect
Valid AutoFocus tag alias.
Example:
CryptoHost
sample.tag_class
Tag Class
simpleSelect
Actor: actor
Campaign: campaign
Malware Family: family
Exploit: exploit
Malicious Behavior: malicious_behavior
sample.tag_group
Tag Group
simpleSelect
Valid AutoFocus tag group.
Example:
Ransomware
sample.tag_scope
Tag Scope
simpleSelect
Private: private
Public: public
Information: commodity
Unit 42: unit42
sample.tag_source
Tag Source
simpleSelect
Valid tag source.
Example:
Unit 42
sample.threat_name
Threat Name
typeAheadSelect
Valid threat name.
Example:
TDSS/Win32.fey.a
alias.url
URL
url
Valid File URL or URL as detected in HTTP activity.
alias.user_agent
User Agent
alias
Valid browser user agent as detected in HTTP Activity or User Agent Fragments.