This article describes the Intelligence Card Extension for Palo Alto Networks' AutoFocus.
About Palo Alto Networks' Autofocus
AutoFocus™ threat intelligence service accelerates analysis, hunting and response workflows. Unique, targeted attacks are automatically prioritized with full context, enabling security teams to respond to critical attacks faster, without additional IT security resources.
You must have commercial access to Palo Alto Networks - AutoFocus™ to use this extension. Please also see the Getting Started With Intelligence Card Extensions page if you're interested in enabling this extension.
Extending Hash Intelligence Cards
You can enrich any Hash Intelligence Card with the following threat intelligence from AutoFocus™:
- Tags associated with the Hash
- Wildfire Verdict
- Other hashes for the file (e.g., SHA1, SHA256, MD5)
- Sample file stats
- Anti-Virus (AV) Scanner summary and detailed results
- Link to sample report in AutoFocus™
You can pivot in Recorded Future on these elements of the AutoFocus™ response:
- File Hashes
Example:
Other Resources
AutoFocus Overview: https://www.youtube.com/watch?v=FsT7rzKB8vE