AutoFocus 1.3.0

Updated on 22 May 2022
2 Minutes to read

Dark
Light
PDF

Article summary

Did you find this summary helpful?

Thank you for your feedback!

tags: python | AutoFocus | Enrichment | Threat Intelligence

Description

Integration with AutoFocus supports CDC users by providing the ability to query the threat intelligence data provided by Palo Alto Networks’ repository of high-fidelity threat intelligence cloud, using AutoFocus’ Rest API. The Rest API enables CDC users to make informed decisions regarding incident response.

AutoFocus provides threat intelligence services with unrivaled context from Palo Alto Networks Unit 42 threat researchers, which ensures that best in industry intelligence is provided to customers.

The Autofocus API provides CyberProof with access to samples, file analysis, and aggregate data via the Rest API framework. This framework allows Security teams to enrich their existing tools in real time, to enable fast analysis and automate responses.

We use custom adaptive cards to display large amounts of complex threat intelligence data in a meaningful and intuitive GUI, to facilitate easy understanding of that data.

With the help of command line/automated enrichments, the detailed Indicator of Compromises, and other threat indicators information about Hash (MD5/SHA1/SHA256)/Threat Name/Filename/Malware Name/Threat Indicator Feed will be obtained based on the provided individual query parameters. The Threat Indicator Feed option provides a complete threat analysis report for the provided feed value.


Integration Type:	Enrichment
Information read:	Threat intelligence information based on the provided input parameters
API Supported:	API v1.0
Input:	Hash (MD5/SHA1/SHA256)/Threat Name/File Name/Malware Name
Output:	Detailed enrichment consisting of IOCs and other threat indicator-related information of provided input parameters.

CDC Command Lines

get_artifact_by_filetype_cli
Get information from AutoFocus about files with a specific type.

Option	Type	Description	Required
file_type	string	The type of files that we want to query.	True

get_artifact_by_malware_cli
Get information from AutoFocus about MD5 hash.

Option	Type	Description	Required
malware_type	string	The malware type.	True

get_artifact_by_md5_cli
Get information from AutoFocus about MD5 hash.

Option	Type	Description	Required
hash_value	string	MD5 value.	True

get_artifact_by_threat_name_cli
Get information from AutoFocus about threats.

Option	Type	Description	Required
threat_name	string	The name of the threats that we want to query.	True

get_sample_analysis_by_md5_cli
Executes a query and returns analysis results.

Option	Type	Description	Required
coverage	boolean	Entity coverage bool.	True
hash_value	string	The md5 hash of the sample to analyze.	True
sections	string	Analysis sections, comma-separated.	True

get_sample_analysis_by_sha256_cli
Executes a query and returns analysis results.

Option	Type	Description	Required
coverage	boolean	Entity coverage bool.	True
hash_value	string	The sha256 hash of the sample to analyze.	True
sections	string	Analysis sections, comma-separated.	True

Workflows

post_get_artifact_by_filetype
Post get-artifact-by-filetype in the CDC by the ID of the incident/message/channel.
post_get_artifact_by_malware
Post get-artifact-by-malware in the CDC by the ID of the incident/message/channel.
post_get_artifact_by_md5
Post get-artifact-by-md5 in the CDC by the ID of the incident/message/channel.
post_get_artifact_by_threat_name
Post get-artifact-by-threat-name in the CDC by the ID of the incident/message/channel.
post_get_sample_analysis_by_md5
Post get-sample-analysis-by-md5 in the CDC by the ID of the incident/message/channel.
post_get_sample_analysis_by_sha256
Post get-sample-analysis-by-sha256 in the CDC by the ID of the incident/message/channel.

Rules

No rules

Sensors

No sensors

Triggers

No triggers

Known Issues

No known issues

Was this article helpful?

What's Next

VirusTotal 3.0.0

Table of contents

Description
CDC Command Lines
Workflows
Rules
Sensors
Triggers
Known Issues