View and Act on AutoFocus Intelligence Summary Data
Interact with the AutoFocus Intelligence Summary to display more information about an artifact or extend your artifact research to AutoFocus. AutoFocus tags reveal if the artifact is associated with certain types of malware or malicious behavior.
- Confirm that the firewall is connected to AutoFocus.Enable AutoFocus Threat Intelligence on the firewall (active AutoFocus subscription required).
- Find artifacts to investigate.
- Hover over an artifact to open the drop-down, and click AutoFocus.The AutoFocus Intelligence Summary is only available for the following types of artifacts:IP addressURLDomainUser agentThreat name (only for threats of the subtypes virus and wildfire-virus)FilenameSHA-256 hash
- Launch an AutoFocus search for the artifact for which
you opened the AutoFocus Intelligence Summary.Click the Search AutoFocus for... link at the top of the AutoFocus Intelligence Summary window. The search results include all samples associated with the artifact. Toggle between the My Samples and All Samples tabs and compare the number of samples to determine the pervasiveness of the artifact in your organization.
- Launch an AutoFocus search for other artifacts in the
AutoFocus Intelligence Summary.Click on the following artifacts to determine their pervasiveness in your organization:
- WildFire verdicts in the Analysis Information tab
- URLs and IP addresses in the Passive DNS tab
- The SHA256 hashes in the Matching Hashes tab
- View the number of sessions associated with the artifact
in your organization per month.Hover over the session bars.
- View the number of samples associated with the artifact
by scope and WildFire verdict.Hover over the samples bars.
- View more details about matching AutoFocus. tags.Hover over a matching tag to view the tag description and other tag details.
- View other samples associated with a matching tag.Click a matching tag to launch an AutoFocus search for that tag. The search results include all samples matched to the tag.Unit 42 tags identify threats and campaigns that pose a direct security risk. Click on a Unit 42 matching tag to see how many samples in your network are associated with the threat the tag identifies.
- Find more matching tags for an artifact.Click the ellipsis ( ... ) to launch an AutoFocus search for the artifact. The Tags column in the search results displays more matching tags for the artifact, which give you an idea of other malware, malicious behavior, threat actors, exploits, or campaigns where the artifact is commonly detected.
AutoFocus Intelligence Summary
AutoFocus Intelligence Summary You can view a graphical overview of threat intelligence that AutoFocus compiles to help you assess the pervasiveness and risk of the ...
Assess Firewall Artifacts with AutoFocus
AutoFocus Threat Intelligence for Network Traffic With a valid AutoFocus subscription, you can compare the activity on your network with the latest threat data available ...
AutoFocus Intelligence Summary
AutoFocus Intelligence Summary The AutoFocus Intelligence Summary offers a centralized view of information about an artifact that AutoFocus has extracted from threat intelligence gathered from ...
Assess Network Traffic
Assess Network Traffic Now that you have a basic security policy, you can review the statistics and data in the Application Command Center (ACC), traffic ...
Enable AutoFocus Threat Intelligence
Enable AutoFocus Threat Intelligence Activate the AutoFocus license, and enable the firewall to communicate with AutoFocus. Once you’re set up, you’ll be able to view ...
Log Types Monitor Logs The firewall displays all logs so that role-based administration permissions are respected. Only the information that you are permitted to see ...
Enforce Policy using External Dynamic Lists and AutoFocus A...
Enforce Policy using External Dynamic Lists and AutoFocus Artifacts (API) This use case allows you to use data from AutoFocus threat intelligence to create an ...
Learn More About and Assess Threats
Monitor and Get Threat Reports Features of Threat Vault and AutoFocus are integrated into the firewall to provide visibility into the nature of the threats ...
Log Actions The following table describes log actions. Action Description Filter Logs Each log page has a filter field at the top of the page. ...