End-of-Life (EoL)
View and Act on AutoFocus Intelligence Summary Data
Interact with the AutoFocus Intelligence Summary
to display more information about an artifact or extend your artifact
research to AutoFocus. AutoFocus tags reveal if the artifact is
associated with certain types of malware or malicious behavior.
- Confirm that the firewall is connected to AutoFocus.Enable AutoFocus Threat Intelligence on the firewall (active AutoFocus subscription required).
- Find artifacts to investigate.You can view an AutoFocus Intelligence Summary for artifacts when you:
- View Logs (Traffic, Threat, URL Filtering, WildFire Submissions, Data Filtering, and Unified logs only).
- Hover over an artifact to open the drop-down, and clickAutoFocus.The AutoFocus Intelligence Summary is only available for the following types of artifacts:IP addressURLDomainUser agentThreat name (only for threats of the subtypes virus and wildfire-virus)FilenameSHA-256 hash
- Launch an AutoFocus search for the artifact for which you opened the AutoFocus Intelligence Summary.Click theSearch AutoFocus for...link at the top of the AutoFocus Intelligence Summary window. The search results include all samples associated with the artifact. Toggle between theMy SamplesandAll Samplestabs and compare the number of samples to determine the pervasiveness of the artifact in your organization.
- Launch an AutoFocus search for other artifacts in the AutoFocus Intelligence Summary.Click on the following artifacts to determine their pervasiveness in your organization:
- WildFire verdicts in the Analysis Information tab
- URLs and IP addresses in the Passive DNS tab
- The SHA256 hashes in the Matching Hashes tab
- View the number of sessions associated with the artifact in your organization per month.Hover over the session bars.
- View the number of samples associated with the artifact by scope and WildFire verdict.Hover over the samples bars.
- View more details about matching AutoFocus. tags.Hover over a matching tag to view the tag description and other tag details.
- View other samples associated with a matching tag.Click a matching tag to launch an AutoFocus search for that tag. The search results include all samples matched to the tag.Unit 42 tags identify threats and campaigns that pose a direct security risk. Click on a Unit 42 matching tag to see how many samples in your network are associated with the threat the tag identifies.
- Find more matching tags for an artifact.Click the ellipsis ( ... ) to launch an AutoFocus search for the artifact. The Tags column in the search results displays more matching tags for the artifact, which give you an idea of other malware, malicious behavior, threat actors, exploits, or campaigns where the artifact is commonly detected.
Recommended For You
Recommended Videos
Recommended videos not found.