Enable AutoFocus Threat Intelligence

Activate the AutoFocus license, and enable the firewall to communicate with AutoFocus. Once you’re set up, you’ll be able to view the AutoFocus Intelligence Summary for a log or ACC artifact, to assess its pervasiveness in your network and any associated threats.
  1. Verify that the AutoFocus license is activated on the firewall.
    1. Select
      Device
      Licenses
      to verify that the AutoFocus Device License is installed and valid (check the expiration date).
    2. If the firewall doesn’t show the license, Activate Subscription Licenses.
  2. Connect the firewall to AutoFocus.
    1. Select
      Device
      Setup
      Management
      and edit the AutoFocus settings.
    2. Enter the
      AutoFocus URL
      :
      https://autofocus.paloaltonetworks.com:10443
    3. Use the
      Query Timeout
      field to set the duration of time for the firewall to attempt to query AutoFocus for threat intelligence data. If the AutoFocus portal does not respond before the end of the specified period, the firewall closes the connection.
      As a best practice, set the query timeout to the default value of 15 seconds. AutoFocus queries are optimized to complete within this duration.
    4. Select
      Enabled
      to allow the firewall to connect to AutoFocus.
    5. Click
      OK
      .
    6. Commit
      your changes to retain the AutoFocus settings upon reboot.
  3. Connect AutoFocus to the firewall.
    1. Log in to the AutoFocus portal: https://autofocus.paloaltonetworks.com
    2. Select
      Settings
      .
    3. Add new
      remote systems.
    4. Enter a descriptive
      Name
      to identify the firewall.
    5. Select
      PanOS
      as the System Type.
    6. Enter the firewall IP
      Address
      .
    7. Click
      Save changes
      to add the remote system.
    8. Click
      Save changes
      again on the Settings page to ensure the firewall is successfully added.
  4. Test the connection between the firewall and AutoFocus.
    1. On the firewall, select
      Monitor
      Logs
      Traffic
      .

Related Documentation