With a valid AutoFocus subscription, you can compare the activity on your network with the latest threat data available on the AutoFocus portal. Connecting your firewall and AutoFocus unlocks the following features:
Ability to view an AutoFocus intelligence summary for session artifacts recorded in the firewall logs.
Ability to open an AutoFocus search for log artifacts from the firewall.
The AutoFocus intelligence summary reveals the prevalence of an artifact on your network and on a global scale. The WildFire verdicts and AutoFocus tags listed for the artifact indicate whether the artifact poses a security risk.
Enable AutoFocus Threat Intelligence on the Firewall
Verify that the AutoFocus license is activated on the firewall.
Device > Licenses
to verify that the AutoFocus Device License is installed and valid (check the expiration date).
If the firewall doesn’t detect the license, see
Activate Licenses and Subscriptions.
Connect the firewall to AutoFocus.
Device > Setup > Management
and edit the AutoFocus settings.
field to set the duration of time for the firewall to attempt to query AutoFocus for threat intelligence data. If the AutoFocus portal does not respond before the end of the specified period, the firewall closes the connection.
As a best practice, set the query timeout to the default value of 15 seconds. AutoFocus queries are optimized to complete within this duration.
to allow the firewall to connect to AutoFocus.
your changes to retain the AutoFocus settings upon reboot.
Connect AutoFocus to the firewall.
Log in to the AutoFocus portal: https://autofocus.paloaltonetworks.com
Enter a descriptive
to identify the firewall.
as the System Type.
Enter the firewall IP
to add the remote system.
again on the Settings page to ensure the firewall is successfully added.
Test the connection between the firewall and AutoFocus.
Unified Logs The firewall now provides a single Unified log set that enables you to monitor and filter events regardless of log type. The new ...
PAN-OS Log Integration with AutoFocus
PAN-OS Log Integration with AutoFocus AutoFocus threat intelligence data is now integrated with the PAN-OS logs to provide context analysis for firewall events on network, ...
Work with Logs
Work with Logs View Logs Filter Logs Export Logs View AutoFocus Threat Data for Logs View Logs You can view the different log types on ...
Monitor > Logs
Monitor > Logs The following topics provide additional information about monitoring logs. What do you want to know? See: Tell me about the different types ...
Management Features New Management Feature Description Commit Queues The firewall and Panorama™ now queue commit operations so that you can initiate a new commit while ...
Monitor Applications and Threats
Monitor Applications and Threats All Palo Alto Networks next-generation firewalls come equipped with the App-ID technology, which identifies the applications traversing your network, irrespective of ...
Assess Network Traffic
Assess Network Traffic Now that you have a basic security policy, you can review the statistics and data in the Application Command Center (ACC), traffic ...
Activate Licenses and Subscriptions
Activate Licenses and Subscriptions Before you can start using your firewall to secure the traffic on your network, you must activate the licenses for each ...
Device > Setup > Management
Device > Setup > Management Device > Setup > Management Panorama > Setup > Management On a firewall, select Device > Setup > Management to ...
Monitor WildFire Activity
Monitor WildFire Activity Depending on your WildFire® deployment—public, private, or hybrid—you can view samples submitted to WildFire and analysis results for each sample using the ...