Palo Alto Networks provides details about the AutoFocus new features for April 2020 with a lot of new great features, including a new DNS Security Dashboard and new WildFire reports. Find answers on LIVEcommunity.
This list provides context for the new features, with steps to get started.
AutoFocus™ now consumes additional statistics data generated by the DNS Security Cloud service to provide a fast, visual assessment report of your organization’s DNS usage.
You can use this report to:
View a breakdown of DNS requests passing through your network based on DNS traffic types.
Compare your organization’s DNS usage to other organizations within the industry as well as against globally collected data, including a list of domain requests found exclusively in your network.
Cross reference and analyze suspicious domains using the cumulative threat data managed by AutoFocus.
See which firewalls in your network have DNS Security enabled, at a glance.
For expanded information, you can click on See all> to pivot into a complete results list with additional filtering options.
The DNS Security data available to you depends on which license(s) you currently possess.
If you have active DNS Security and AutoFocus licenses, you have full access to all content within the AutoFocus portal.
If you have an active DNS Security license, but no AutoFocus license, you can only access your organization’s DNS statistics data from the DNS Security content tab. Additionally, your AutoFocus search options are limited to IP address and domain searches.
If you have an active AutoFocus license, but no DNS Security license, the DNS Security content tab will not be available in the AutoFocus portal.
AutoFocus™ now provides the full contents of WildFire analysis reports as part of your AutoFocus sample search results. The added information enables you to delve deeper into the operational details of WildFire analysis for additional context on the sample threat posture, behavior, introduction into your network, as well as correlated threat data.
New threat data contexts include:
Causality Chain Displays a visualization of all processes, files, and network calls and their associated behaviors, actions and detection reasons, for samples determined to be part of a larger sequence of events using analysis data provided by WildFire.
Detection Reasons Lists the determining factors why WildFire has reached a particular verdict for a given sample.
Indicators of Compromise Lists threat indicators that AutoFocus detected in the sample’s WildFire analysis details.
Detected sample processes and behaviors Lists the file behavior activities and various identifier objects observed by WildFire during sample analysis.
For more information about the concepts referenced in this feature, refer to: