Focus

View and Act on AutoFocus Intelligence Summary Data

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Enable AutoFocus Threat Intelligence

Share Threat Intelligence with Palo Alto Networks

View and Act on AutoFocus Intelligence Summary Data

Interact with the AutoFocus Intelligence Summary to display more information about an artifact or extend your artifact research to AutoFocus. AutoFocus tags reveal if the artifact is associated with certain types of malware or malicious behavior.

Confirm that the firewall is connected to AutoFocus.
Enable AutoFocus Threat Intelligence on the firewall (active AutoFocus subscription required).
Find artifacts to investigate.
You can view an AutoFocus Intelligence Summary for artifacts when you:
- View Logs (Traffic, Threat, URL Filtering, WildFire Submissions, Data Filtering, and Unified logs only).
- View External Dynamic List Entries.
Hover over an artifact to open the drop-down, and click AutoFocus.

The AutoFocus Intelligence Summary is only available for the following types of artifacts:
IP address
URL
Domain
User agent
Threat name (only for threats of the subtypes virus and wildfire-virus)
Filename
SHA-256 hash
Launch an AutoFocus search for the artifact for which you opened the AutoFocus Intelligence Summary.
Click the Search AutoFocus for... link at the top of the AutoFocus Intelligence Summary window. The search results include all samples associated with the artifact. Toggle between the My Samples and All Samples tabs and compare the number of samples to determine the pervasiveness of the artifact in your organization.
Launch an AutoFocus search for other artifacts in the AutoFocus Intelligence Summary.
Click on the following artifacts to determine their pervasiveness in your organization:
- WildFire verdicts in the Analysis Information tab
- URLs and IP addresses in the Passive DNS tab
- The SHA256 hashes in the Matching Hashes tab
View the number of sessions associated with the artifact in your organization per month.
Hover over the session bars.
View the number of samples associated with the artifact by scope and WildFire verdict.
Hover over the samples bars.
View more details about matching AutoFocus. tags.
Hover over a matching tag to view the tag description and other tag details.
View other samples associated with a matching tag.
Click a matching tag to launch an AutoFocus search for that tag. The search results include all samples matched to the tag.
Unit 42 tags identify threats and campaigns that pose a direct security risk. Click on a Unit 42 matching tag to see how many samples in your network are associated with the threat the tag identifies.
Find more matching tags for an artifact.
Click the ellipsis ( ... ) to launch an AutoFocus search for the artifact. The Tags column in the search results displays more matching tags for the artifact, which give you an idea of other malware, malicious behavior, threat actors, exploits, or campaigns where the artifact is commonly detected.