1. Home
    2. PAN-OS
    3. PAN-OS® Administrator's Guide
    4. Threat Prevention
    5. Learn More About and Assess Threats
    6. Assess Firewall Artifacts with AutoFocus
    7. View and Act on AutoFocus Intelligence Summary Data

    View and Act on AutoFocus Intelligence Summary Data

    Interact with the AutoFocus Intelligence Summary to display more information about an artifact or extend your artifact research to AutoFocus. AutoFocus tags reveal if the artifact is associated with certain types of malware or malicious behavior.
    1. Confirm that the firewall is connected to AutoFocus.
      Enable AutoFocus Threat Intelligence on the firewall (active AutoFocus subscription required).
    2. Find artifacts to investigate.
      You can view an AutoFocus Intelligence Summary for artifacts when you:
    3. Hover over an artifact to open the drop-down, and click AutoFocus.
      af-logs-dropdown.png
      The AutoFocus Intelligence Summary is only available for the following types of artifacts:
      IP address
      URL
      Domain
      User agent
      Threat name (only for threats of the subtypes virus and wildfire-virus)
      Filename
      SHA-256 hash
    4. Launch an AutoFocus search for the artifact for which you opened the AutoFocus Intelligence Summary.
      Click the Search AutoFocus for... link at the top of the AutoFocus Intelligence Summary window. The search results include all samples associated with the artifact. Toggle between the My Samples and All Samples tabs and compare the number of samples to determine the pervasiveness of the artifact in your organization.
      af-artifact-link.png
    5. Launch an AutoFocus search for other artifacts in the AutoFocus Intelligence Summary.
      Click on the following artifacts to determine their pervasiveness in your organization:
      • WildFire verdicts in the Analysis Information tab
      • URLs and IP addresses in the Passive DNS tab
      • The SHA256 hashes in the Matching Hashes tab
    6. View the number of sessions associated with the artifact in your organization per month.
      Hover over the session bars.
      af-session-count.png
    7. View the number of samples associated with the artifact by scope and WildFire verdict.
      Hover over the samples bars.
      af-sample-count.png
    8. View more details about matching AutoFocus. tags.
      Hover over a matching tag to view the tag description and other tag details.
      af-tag-detail.png
    9. View other samples associated with a matching tag.
      Click a matching tag to launch an AutoFocus search for that tag. The search results include all samples matched to the tag.
      Unit 42 tags identify threats and campaigns that pose a direct security risk. Click on a Unit 42 matching tag to see how many samples in your network are associated with the threat the tag identifies.
    10. Find more matching tags for an artifact.
      Click the ellipsis ( ... ) to launch an AutoFocus search for the artifact. The Tags column in the search results displays more matching tags for the artifact, which give you an idea of other malware, malicious behavior, threat actors, exploits, or campaigns where the artifact is commonly detected.
      af-tags-ellipsis.png

    Related Documentation

    AutoFocus Intelligence Summary

    AutoFocus Intelligence Summary You can view a graphical overview of threat intelligence that AutoFocus compiles to help you assess the pervasiveness and risk of the ...

    Assess Firewall Artifacts with AutoFocus

    Assess Firewall Artifacts with AutoFocus Use the AutoFocus Intelligence Summary for an artifact to assess its pervasiveness in your network and the threats associated with ...

    AutoFocus Intelligence Summary

    AutoFocus Intelligence Summary The AutoFocus Intelligence Summary offers a centralized view of information about an artifact that AutoFocus has extracted from threat intelligence gathered from ...

    Assess Network Traffic

    Assess Network Traffic Now that you have a basic security policy, you can review the statistics and data in the Application Command Center (ACC), traffic ...

    Enable AutoFocus Threat Intelligence

    Enable AutoFocus Threat Intelligence With a valid AutoFocus subscription, you can compare the activity on your network with the latest threat data available on the ...

    Enforce Policy using External Dynamic Lists and AutoFocus Artifacts (API)

    Enforce Policy using External Dynamic Lists and AutoFocus Artifacts (API) This use case allows you to use data from AutoFocus threat intelligence to create an ...

    Log Types

    Log Types The firewall displays all logs so that role-based administration permissions are respected. Only the information that you have permission to see is included, ...

    Log Actions

    Log Actions The following table describes log actions. Action Description Filter Logs Each log page has a filter field at the top of the page. ...

    Monitor WildFire Activity

    Monitor WildFire Activity Depending on your WildFire™ deployment—public, private, or hybrid—you can view samples submitted to WildFire and analysis results for each sample using the ...

    Monitor Applications and Threats

    Monitor Applications and Threats All Palo Alto Networks next-generation firewalls come equipped with the App-ID technology, which identifies the applications traversing your network, irrespective of ...

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo