Learn how to use AutoFocus to gain visibility into the
malware on your SaaS apps and malware propagation.
SaaS Security API leverages the WildFire service
to detect known and unknown malware by file type. AutoFocus provides
a centralized view of all your sources, including SaaS Security
API, to help your organization assess the attack surface and specific
attack vectors that make your organization vulnerable to threats.
When you configure WildFire
SaaS Security API by configuring SaaS Security API to send contextual
information with the files SaaS Security API sends to WildFire for
analysis, your global administrator on your SOC team has the necessary
data to determine if an asset is part of a larger threat and details
to investigate the scope of that activity.
AutoFocus Behaviors with SaaS Security API
The most common behaviors related to SaaS
Security API assets (artifacts) on AutoFocus are as follows:
Some SaaS Security API assets do not display
at all in AutoFocus.
If you previously enabled WildFire analysis prior
to March 2020, those scanned files do not display in AutoFocus because
SaaS Security API does not retroactively send files. However, after
you enable file types for WildFire analysis, future assets display
as expected. Your audit log indicates when you enabled WildFire analysis.
Some SaaS Security API assets in AutoFocus
do not have
If you previously enabled WildFire analysis, contextual
information was not included—that’s a new capability as of March
2020. SaaS Security API does not retroactively send files. However,
after you enable contextual information, all future assets along
with the specified contextual information display as expected. Your
audit log indicates when you enabled (or disabled) contextual information.