Simplified AutoFocus Searches

Start an AutoFocus search.
AutoFocus defaults to the search mode that was last used. If AutoFocus is in the advanced search mode, switch to
Simple mode
.
Configure your search by selecting the desired search variables from the drop-down menus. You can select from the following categories: Verdict, First Seen, Time, Source, Tags, and IOC (indicators of compromise). AutoFocus automatically refreshes after each variable is selected or modified.
Verdict
—Select from
Malware
,
Grayware
,
Benign
,
Phishing
, and
Any Verdict
to search for samples based on a verdict.
First Seen
and
Time
—First configure the search to find samples based on when it was
First Seen
(the time stamp of when the sample was first forwarded or uploaded to WildFire for analysis) or by
Time
(the time stamp of when the session started), then set the search to display data for the last 1, 7, 30, 90, or 180 days. You can also set the search to display data by setting the time range to
Any Time
.
The time setting for a search does not filter the scope (My Samples, (private), Public Samples, or All Samples (private and public samples)) of the sample data set.
Source
—Select from
Firewall
,
Proofpoint
,
Traps
,
Magnifier
,
Manual API
,
Traps Android
,
WF Appliance
, and
Any Source
to search for samples based on the upload source.
Tag
—Select from a list of tags or filter the list by entering a keyword to search for samples associated with a tag.
IOC
—Search based on the following indicators of compromise:
Hash
,
IP Address
,
Domain
,
URL
,
User Agent
,
Email Address
, and
Filename

If you want to add other conditions to the search, you can switch to
Advanced
mode. Switching to advanced mode retains the condition values selected from the simple search mode. From here, you can add additional search conditions that are not available in simple search mode.

If you add search conditions that are not available in simple mode while in advanced mode, you will be prompted to reset your search when returning to simple mode.