Enable AutoFocus Threat Intelligence
Activate the AutoFocus license, and enable the firewall to communicate with AutoFocus. Once you’re set up, you’ll be able to view the AutoFocus Intelligence Summary for a log or ACC artifact, to assess its pervasiveness in your network and any associated threats.
- Verify that the AutoFocus license is activated on the firewall.
- Selectto verify that the AutoFocus Device License is installed and valid (check the expiration date).DeviceLicenses
- If the firewall doesn’t show the license, Activate Subscription Licenses.
- Connect the firewall to AutoFocus.
- Selectand edit the AutoFocus settings.DeviceSetupManagement
- Enter theAutoFocus URL:https://autofocus.paloaltonetworks.com:10443
- Use theQuery Timeoutfield to set the duration of time for the firewall to attempt to query AutoFocus for threat intelligence data. If the AutoFocus portal does not respond before the end of the specified period, the firewall closes the connection.As a best practice, set the query timeout to the default value of 15 seconds. AutoFocus queries are optimized to complete within this duration.
- SelectEnabledto allow the firewall to connect to AutoFocus.
- Commityour changes to retain the AutoFocus settings upon reboot.
- Connect AutoFocus to the firewall.
- Log in to the AutoFocus portal: https://autofocus.paloaltonetworks.com
- Add newremote systems.
- Enter a descriptiveNameto identify the firewall.
- SelectPanOSas the System Type.
- Enter the firewall IPAddress.
- ClickSave changesto add the remote system.
- ClickSave changesagain on the Settings page to ensure the firewall is successfully added.
- Test the connection between the firewall and AutoFocus.
- On the firewall, select.MonitorLogsTraffic
- Verify that you can Assess Firewall Artifacts with AutoFocus.
Assess Firewall Artifacts with AutoFocus
AutoFocus Threat Intelligence for Network Traffic With a valid AutoFocus subscription, you can compare the activity on your network with the latest threat data available ...
View and Act on AutoFocus Intelligence Summary Data
View and Act on AutoFocus Intelligence Summary Data Interact with the AutoFocus Intelligence Summary to display more information about an artifact or extend your artifact ...
Subscriptions You Can Use With the Firewall
Subscriptions You Can Use With the Firewall The following Palo Alto Networks subscriptions unlock certain firewall features or enable the firewall to leverage a Palo ...
Enforce Policy using External Dynamic Lists and AutoFocus A...
Enforce Policy using External Dynamic Lists and AutoFocus Artifacts (API) This use case allows you to use data from AutoFocus threat intelligence to create an ...
Log Types Monitor Logs The firewall displays all logs so that role-based administration permissions are respected. Only the information that you are permitted to see ...
AutoFocus Intelligence Summary
AutoFocus Intelligence Summary You can view a graphical overview of threat intelligence that AutoFocus compiles to help you assess the pervasiveness and risk of the ...
Learn More About and Assess Threats
Monitor and Get Threat Reports Features of Threat Vault and AutoFocus are integrated into the firewall to provide visibility into the nature of the threats ...
Objects > External Dynamic Lists
Objects > External Dynamic Lists An external dynamic list is an address object based on an imported list of IP addresses, URLs, or domain names ...
Monitor Applications and Threats
Monitor Applications and Threats All Palo Alto Networks next-generation firewalls come equipped with the App-ID technology, which identifies the applications traversing your network, irrespective of ...