Track Down Threats with AutoFocus
Learn how to use AutoFocus to gain visibility into the malware on your SaaS apps and malware propagation.
Prisma SaaS leverages the WildFire service to detect known and unknown malware by file type. AutoFocus provides a centralized view of all your sources, including Prisma SaaS, to help your organization assess the attack surface and specific attack vectors that make your organization vulnerable to threats.
When you configure WildFire analysis on Prisma SaaS by configuring Prisma SaaS to send contextual information with the files Prisma SaaS sends to WildFire for analysis, your global administrator on your SOC team has the necessary data to determine if an asset is part of a larger threat and details to investigate the scope of that activity.
AutoFocus Behaviors with Prisma SaaS
The most common behaviors related to Prisma SaaS assets (artifacts) on AutoFocus are as follows:
Some Prisma SaaS assets do not display at all in AutoFocus.
If you previously enabled WildFire analysis prior to March 2020, those scanned files do not display in AutoFocus because Prisma SaaS does not retroactively send files. However, after you enable file types for WildFire analysis, future assets display as expected. Your audit log indicates when you enabled WildFire analysis.
Some Prisma SaaS assets in AutoFocus do not have
If you previously enabled WildFire analysis, contextual information was not included—that’s a new capability as of March 2020. Prisma SaaS does not retroactively send files. However, after you enable contextual information, all future assets along with the specified contextual information display as expected. Your audit log indicates when you enabled (or disabled) contextual information.
Some Prisma SaaS assets in AutoFocus are missing certain contextual information.
If Prisma SaaS doesn’t have information for a file, it cannot sent that information for that file. Prisma SaaS can only send the information that’s available.
Nothing. This behavior is expected.
You might need to perform additional configuration steps to complete your integration.
Hub tenants do not require additional configuration steps.
Contact Prisma SaaS Support.
Recommended For You
Recommended videos not found.