Contents x
      AutoFocus 1.2.0
      • 06 Apr 2025
      • 2 Minutes to read
      • Dark
        Light
      • PDF
      Contents

      AutoFocus 1.2.0

      • Updated on 06 Apr 2025
      • 2 Minutes to read
      • Dark
        Light
      • PDF
      Article summary

      AutoFocus - 1.2.0

      tags: python | AutoFocus | Enrichment | Threat Intelligence

      Table of Contents

      Description

      Integration with AutoFocus supports CDC users by providing the ability to query the threat intelligence data provided by Palo Alto Networks’ massive repository of high-fidelity threat intelligence cloud, using AutoFocus’ Rest API. The Rest API enables CDC users to make informed decisions regarding incident response.

      AutoFocus provides threat intelligence services with unrivaled context from Palo Alto Networks Unit 42 threat researchers, which ensures that best in industry intelligence is provided to customers.

      The Autofocus API provides CyberProof with access to samples, file analysis, and aggregate data via the Rest API framework. This framework allows Security teams to enrich their existing tools in real time, to enable fast analysis and automate responses.

      We use custom adaptive cards to display large amounts of complex threat intelligence data in a meaningful and intuitive GUI, to facilitate easy understanding of that data.

      With the help of command line/automated enrichments, the detailed Indicator of Compromises, and other threat indicators information about Hash (MD5/SHA1/SHA256)/Threat Name/Filename/Malware Name/Threat Indicator Feed will be obtained based on the provided individual query parameters. The Threat Indicator Feed option provides complete a threat analysis report for the provided feed value.

      Integration Type:Enrichment
      Information read:Threat Intelligence information based on the provided input parameters.
      API Supported:API v1.0
      Input:Hash (MD5/SHA1/SHA256)/Threat Name/File Name/Malware Name
      Output:Detailed enrichment consisting of IOCs and other threat indicators related information of provided input parameters.

      CDC Command Lines

      • get_artifact_by_filetype_cli
        Get information from AutoFocus about files with a specific type.
      OptionTypeDescriptionRequired
      file_typestringThe type of files that we want to query.True
      • get_artifact_by_malware_cli
        Get information from AutoFocus about MD5 hash.
      OptionTypeDescriptionRequired
      malware_typestringThe malware type.True
      • get_artifact_by_md5_cli
        Get information from AutoFocus about MD5 hash.
      OptionTypeDescriptionRequired
      hash_valuestringMD5 value.True
      • get_artifact_by_threat_name_cli
        Get information from AutoFocus about threats.
      OptionTypeDescriptionRequired
      threat_namestringThe name of the threats that we want to query.True
      • get_sample_analysis_by_md5_cli
        Executes a query and returns analysis results.
      OptionTypeDescriptionRequired
      coveragebooleanEntity coverage bool.True
      hash_valuestringThe md5 hash of the sample to analyze.True
      sectionsstringAnalysis sections, comma separated.True
      • get_sample_analysis_by_sha256_cli
        Executes a query and returns analysis results.
      OptionTypeDescriptionRequired
      coveragebooleanEntity coverage bool.True
      hash_valuestringThe sha256 hash of the sample to analyze.True
      sectionsstringAnalysis sections, comma separated.True

      Workflows

      • post_get_artifact_by_filetype
        Post get-artifact-by-filetype in CDC by ID of incident/message/channel.

      • post_get_artifact_by_malware
        Post get-artifact-by-malware in CDC by ID of incident/message/channel.

      • post_get_artifact_by_md5
        Post get-artifact-by-md5 in CDC by ID of incident/message/channel.

      • post_get_artifact_by_threat_name
        Post get-artifact-by-threat-name in CDC by ID of incident/message/channel.

      • post_get_sample_analysis_by_md5
        Post get-sample-analysis-by-md5 in CDC by ID of incident/message/channel.

      • post_get_sample_analysis_by_sha256
        Post get-sample-analysis-by-sha256 in CDC by ID of incident/message/channel.

      Rules

      No rules

      Sensors

      No sensors

      Triggers

      No triggers

      Known Issues

      No known issues

      Was this article helpful?
      What's Next