: Track Down Threats with AutoFocus
Focus
Focus

Track Down Threats with AutoFocus

Table of Contents

Track Down Threats with AutoFocus

Learn how to use AutoFocus to gain visibility into the malware on your SaaS apps and malware propagation.
Data Security
leverages the WildFire service to detect known and unknown malware by file type. AutoFocus provides a centralized view of all your sources, including
Data Security
, to help your organization assess the attack surface and specific attack vectors that make your organization vulnerable to threats.
When you configure WildFire analysis on
Data Security
by configuring
Data Security
to send contextual information with the files
Data Security
sends to WildFire for analysis, your global administrator on your SOC team has the necessary data to determine if an asset is part of a larger threat and details to investigate the scope of that activity.

AutoFocus Behaviors with
Data Security

The most common behaviors related to
Data Security
assets (artifacts) on AutoFocus are as follows:
Symptom
Explanation
Solution
Some
Data Security
assets do not display at all in AutoFocus.
If you previously enabled WildFire analysis prior to March 2020, those scanned files do not display in AutoFocus because
Data Security
does not retroactively send files. However, after you enable file types for WildFire analysis, future assets display as expected. Your audit log indicates when you enabled WildFire analysis.
Nothing. This behavior is expected. configure WildFire Analysis to include all file types, even if you do not currently have an AutoFocus subscription.
Some
Data Security
assets in AutoFocus do not have
any
contextual information.
If you previously enabled WildFire analysis, contextual information was not included—that’s a new capability as of March 2020.
Data Security
does not retroactively send files. However, after you enable contextual information, all future assets along with the specified contextual information display as expected. Your audit log indicates when you enabled (or disabled) contextual information.
Nothing. This behavior is expected. enable all contextual information, even if you do not currently have an AutoFocus subscription.
Some
Data Security
assets in AutoFocus are missing certain contextual information.
If
Data Security
doesn’t have information for a file, it cannot sent that information for that file.
Data Security
can only send the information that’s available.
Nothing. This behavior is expected.
Your
Data Security
tenant is not a hub tenant and your assets do not display in AutoFocus.
You might need to perform additional configuration steps to complete your integration.
Hub tenants do not require additional configuration steps.
Contact SaaS Security Technical Support.

Recommended For You