View and Act on AutoFocus Intelligence Summary Data

Interact with the AutoFocus Intelligence Summary to display more information about an artifact or extend your artifact research to AutoFocus. AutoFocus tags reveal if the artifact is associated with certain types of malware or malicious behavior.
  1. Confirm that the firewall is connected to AutoFocus.
    Enable AutoFocus Threat Intelligence on the firewall (active AutoFocus subscription required).
  2. Find artifacts to investigate.
    You can view an AutoFocus Intelligence Summary for artifacts when you:
  3. Hover over an artifact to open the drop-down, and click
    AutoFocus
    .
    af-logs-dropdown.png
    The AutoFocus Intelligence Summary is only available for the following types of artifacts:
    IP address
    URL
    Domain
    User agent
    Threat name (only for threats of the subtypes virus and wildfire-virus)
    Filename
    SHA-256 hash
  4. Launch an AutoFocus search for the artifact for which you opened the AutoFocus Intelligence Summary.
    Click the
    Search AutoFocus for...
    link at the top of the AutoFocus Intelligence Summary window. The search results include all samples associated with the artifact. Toggle between the
    My Samples
    and
    All Samples
    tabs and compare the number of samples to determine the pervasiveness of the artifact in your organization.
    af-artifact-link.png
  5. Launch an AutoFocus search for other artifacts in the AutoFocus Intelligence Summary.
    Click on the following artifacts to determine their pervasiveness in your organization:
    • WildFire verdicts in the Analysis Information tab
    • URLs and IP addresses in the Passive DNS tab
    • The SHA256 hashes in the Matching Hashes tab
  6. View the number of sessions associated with the artifact in your organization per month.
    Hover over the session bars.
    af-session-count.png
  7. View the number of samples associated with the artifact by scope and WildFire verdict.
    Hover over the samples bars.
    af-sample-count.png
  8. View more details about matching AutoFocus. tags.
    Hover over a matching tag to view the tag description and other tag details.
    af-tag-detail.png
  9. View other samples associated with a matching tag.
    Click a matching tag to launch an AutoFocus search for that tag. The search results include all samples matched to the tag.
    Unit 42 tags identify threats and campaigns that pose a direct security risk. Click on a Unit 42 matching tag to see how many samples in your network are associated with the threat the tag identifies.
  10. Find more matching tags for an artifact.
    Click the ellipsis ( ... ) to launch an AutoFocus search for the artifact. The Tags column in the search results displays more matching tags for the artifact, which give you an idea of other malware, malicious behavior, threat actors, exploits, or campaigns where the artifact is commonly detected.
    af-tags-ellipsis.png

Related Documentation