https://live.paloaltonetworks.com/t5/general-topics/history-of-groups-involved-in-an-attack/m-p/530266#M109428 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/271178">@jermomiu</a> ,</P> <P>&nbsp;</P> <P>You can manually go through all the logs but that's quite troublesome and time consuming.</P> <P>&nbsp;</P> <P>Autofocus can help you with that. It enables you to easily identify critical attacks, so that you can triage effectively and take action without requiring additional IT resources. It correlates data from <A href="https://docs.paloaltonetworks.com/wildfire/10-2/wildfire-admin" target="_blank" rel="noopener nofollow noreferrer">WildFire</A>, the <A href="https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/url-filtering/url-filtering-overview" target="_blank" rel="noopener nofollow noreferrer">PAN-DB</A> URL Filtering database, <A href="https://unit42.paloaltonetworks.com/" target="_blank" rel="noopener nofollow noreferrer">Unit 42</A>, and from third-party feeds.</P> <P>&nbsp;</P> <P>However, Autofocus is end-of-sale as of September 2022 (but still supported until 2025).</P> <P>&nbsp;</P> <P>For alternatives to Autofocus you might want to look into <A href="https://www.paloaltonetworks.com/cortex/threat-intel-management" target="_blank" rel="noopener">Cortex XSOAR TIM</A> or <A href="https://docs.paloaltonetworks.com/aiops/aiops-for-ngfw" target="_blank" rel="noopener">AIOps for NGFW</A></P> <P>&nbsp;</P> <P><A href="https://live.paloaltonetworks.com/t5/blogs/autofocus-end-of-sale-faq-and-alternatives/ba-p/516051" target="_blank" rel="noopener">Autofocus end-of-sale FAQ and Alternatives</A>&nbsp;</P> <P>&nbsp;</P> <P>Kind regards,</P> <P>-Kiwi</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Wed, 08 Feb 2023 10:55:14 GMT kiwi 2023-02-08T10:55:14Z https://live.paloaltonetworks.com/t5/general-topics/history-of-groups-involved-in-an-attack/m-p/529490#M109311 <P>Hello,</P> <P>&nbsp;</P> <P>when an attack occurs, where can I find the entire history of groups that where involved in that attack? Can I see that in Wildifre maybe or is it AutoFocus that is needed for that?</P> <P>&nbsp;</P> <P>Thanks.</P> Wed, 01 Feb 2023 15:25:21 GMT https://live.paloaltonetworks.com/t5/general-topics/history-of-groups-involved-in-an-attack/m-p/529490#M109311 jermomiu 2023-02-01T15:25:21Z https://live.paloaltonetworks.com/t5/general-topics/history-of-groups-involved-in-an-attack/m-p/530266#M109428 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/271178">@jermomiu</a> ,</P> <P>&nbsp;</P> <P>You can manually go through all the logs but that's quite troublesome and time consuming.</P> <P>&nbsp;</P> <P>Autofocus can help you with that. It enables you to easily identify critical attacks, so that you can triage effectively and take action without requiring additional IT resources. It correlates data from <A href="https://docs.paloaltonetworks.com/wildfire/10-2/wildfire-admin" target="_blank" rel="noopener nofollow noreferrer">WildFire</A>, the <A href="https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/url-filtering/url-filtering-overview" target="_blank" rel="noopener nofollow noreferrer">PAN-DB</A> URL Filtering database, <A href="https://unit42.paloaltonetworks.com/" target="_blank" rel="noopener nofollow noreferrer">Unit 42</A>, and from third-party feeds.</P> <P>&nbsp;</P> <P>However, Autofocus is end-of-sale as of September 2022 (but still supported until 2025).</P> <P>&nbsp;</P> <P>For alternatives to Autofocus you might want to look into <A href="https://www.paloaltonetworks.com/cortex/threat-intel-management" target="_blank" rel="noopener">Cortex XSOAR TIM</A> or <A href="https://docs.paloaltonetworks.com/aiops/aiops-for-ngfw" target="_blank" rel="noopener">AIOps for NGFW</A></P> <P>&nbsp;</P> <P><A href="https://live.paloaltonetworks.com/t5/blogs/autofocus-end-of-sale-faq-and-alternatives/ba-p/516051" target="_blank" rel="noopener">Autofocus end-of-sale FAQ and Alternatives</A>&nbsp;</P> <P>&nbsp;</P> <P>Kind regards,</P> <P>-Kiwi</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Wed, 08 Feb 2023 10:55:14 GMT https://live.paloaltonetworks.com/t5/general-topics/history-of-groups-involved-in-an-attack/m-p/530266#M109428 kiwi 2023-02-08T10:55:14Z