New AutoFocus Features for April 2020

Community Team Member

New AutoFocus Features April 2020New AutoFocus Features April 2020

Palo Alto Networks provides details about the AutoFocus new features for April 2020 with a lot of new great features, including a new DNS Security Dashboard and new WildFire reports. Find answers on LIVEcommunity.

 

This list provides context for the new features, with steps to get started.

For information about past releases, refer to this article in TechDocs: AutoFocus Release History.*

 

 

LATEST AUTOFOCUS FEATURES

Feature Description
DNS Security Dashboard

AutoFocus™ now consumes additional statistics data generated by the DNS Security Cloud service to provide a fast, visual assessment report of your organization’s DNS usage.

af-dns-security-dashboard1.png

You can use this report to:

  • View a breakdown of DNS requests passing through your network based on DNS traffic types.
  • Compare your organization’s DNS usage to other organizations within the industry as well as against globally collected data, including a list of domain requests found exclusively in your network.
  • Cross reference and analyze suspicious domains using the cumulative threat data managed by AutoFocus.
  • See which firewalls in your network have DNS Security enabled, at a glance.
  • For expanded information, you can click on See all> to pivot into a complete results list with additional filtering options.
The DNS Security data available to you depends on which license(s) you currently possess.
  • If you have active DNS Security and AutoFocus licenses, you have full access to all content within the AutoFocus portal.
  • If you have an active DNS Security license, but no AutoFocus license, you can only access your organization’s DNS statistics data from the DNS Security content tab. Additionally, your AutoFocus search options are limited to IP address and domain searches.
  • If you have an active AutoFocus license, but no DNS Security license, the DNS Security content tab will not be available in the AutoFocus portal.

 

For more information about the concepts referenced in this feature, refer to: The DNS Security Service

Embedded WildFire Reports

AutoFocus™ now provides the full contents of WildFire analysis reports as part of your AutoFocus sample search results. The added information enables you to delve deeper into the operational details of WildFire analysis for additional context on the sample threat posture, behavior, introduction into your network, as well as correlated threat data.

af-2-search-wildfire-report.png

New threat data contexts include:

    • Causality Chain
      Displays a visualization of all processes, files, and network calls and their associated behaviors, actions and detection reasons, for samples determined to be part of a larger sequence of events using analysis data provided by WildFire.
      af-3-wildfire-report-causality-chain.png

    • Detection Reasons
      Lists the determining factors why WildFire has reached a particular verdict for a given sample.
      af-4-wildfire-report-detection-reasons.png

    • Indicators of Compromise
      Lists threat indicators that AutoFocus detected in the sample’s WildFire analysis details.
      af-5-wildfire-report-ioc.png

    • Detected sample processes and behaviors
      Lists the file behavior activities and various identifier objects observed by WildFire during sample analysis.
      af-6-wildfire-report-analyst-behavior.png

For more information about the concepts referenced in this feature, refer to:

AutoFocus Searches

* - Information reprinted from the AutoFocus release notes page in TechDocs.

 

More information

For even more information about AutoFocus, please see the TechDocs page here: AutoFocus TechDocs page
 
For all of the latest AutoFocus features, known issues, changes to default behavior and System Requirements: AutoFocus Release Information 
 

Thanks for taking time to read my blog.
If you enjoyed this, please hit the Like (thumb up) button, don't forget to subscribe to the LIVEcommunity Blog area.

 

As always, we welcome all comments and feedback in the comments section below.

 

Stay Secure,
Joe Delio
End of line

982 Views
Labels