AutoFocus threat intelligence data is now integrated with the PAN-OS logs to provide context analysis for firewall events on network, industry, and global scales. On firewalls with an active AutoFocus license, you can now click any IP address, URL, user agent, filename, or hash included in a log entry to open an AutoFocus Threat Intelligence Summary of the latest findings for that artifact. The summary includes (but is not limited to):
The total number of malware, grayware, and benign samples with which WildFire found the artifact. The latest WildFire submissions from your network that included the artifact. Passive DNS history for URLs, domains, and IP addresses. Threats that include the artifact that Unit 42 has identified as posing a direct security risk.
This immediate access to AutoFocus intelligence within the firewall or Panorama context enables you to quickly assess the pervasiveness and risk of an artifact along with the option to then add the artifact directly to an AutoFocus search.
Find AutoFocus Threat Intelligence in PAN-OS Logs
Enable AutoFocus threat intelligence on the firewall.
Find the latest AutoFocus threat intelligence for firewall events. Select Monitor. View Traffic, Threat, URL Filtering, WildFire Submissions, Data Filtering, or Unified logs. Hover over any IP Address, URL, User-ID, filename, or hash included in any log entry and click the arrow icon:
Click AutoFocus:
Next Steps... Review the AutoFocus threat intelligence summary for a log entry artifact. Explore more ways to use AutoFocus with a Palo Alto Networks firewall.

Related Documentation