AutoFocus complements Cortex XDR (formerly Magnifier). AutoFocus provides contextual threat intelligence to accelerate investigations. Security analysts can look up information about suspicious files, URLs, or IP addresses with AutoFocus. Plus, AutoFocus can alert customers’ security teams about high-priority events, enabling them to take swift action to mitigate attacks. It is a resource for threat hunters to get additional information about incidents that they are already investigating.
Cortex XDR, in contrast, is designed to detect attacks—especially command and control, lateral movement, exfiltration, and compromised endpoints—by analyzing network activity. Cortex XDR also helps security analysts confirm threats with Pathfinder endpoint analysis. Although both products help organizations investigate threats, they provide different types of data—threat intelligence information with AutoFocus versus network security alerts with Cortex XDR—and are designed for different stages in incident response processes.