Targeted threats, at your fingertips

AutoFocus™ contextual threat intelligence service accelerates analysis, correlation and prevention workflows. Unique, targeted attacks are automatically prioritized with full context, allowing security teams to respond to critical attacks faster, without additional IT security resources.

Threat context you have never seen before

Gain visibility into the most critical threats with contextual intelligence on malware families, campaigns, threat actors, malicious behaviors and exploits used. AutoFocus allows you to answer questions like: “Who is attacking me?” “What tools are they using?” and “How targeted or unique is this threat?”

Extend the platform with threat intelligence

AutoFocus helps the entire IT security team become advanced threat hunters, instead of relying on a small group of highly specialized security operations professionals. Threat intelligence from the service is made directly accessible in the Palo Alto Networks platform, including PAN-OS and Panorama, without requiring a separate tool.

Security teams are inundated by alerts and threat data, lacking the time to follow up on each event, let alone investigate advanced, targeted attacks. The issue isn’t a lack of information, but rather the ability to surface high-impact threats and drive automated prevention from the intelligence you already have.

Our Most Intelligent Service Yet

AutoFocus enables you to distinguish the most important threats from everyday commodity attacks. Now, instead of seeing that a malicious event has occurred, you immediately know the context around an attack, such as the malware family, campaign, or malicious actor targeting your organization. When identified, AutoFocus will alert your security team about high-priority events, enabling you to take swift action to mitigate their impact. 

Visibility Into the Unknown

AutoFocus provides unprecedented visibility into unknown threats, with the collective insight of thousands of global enterprises, service providers, and governments feeding the service. AutoFocus correlates and gains intelligence from:

  • WildFire™ service – the industry’s largest threat analysis environment
  • PAN-DB URL filtering service
  • MineMeld application for AutoFocus, enabling aggregation and correlation of any third-party threat intelligence source directly in AutoFocus
  • Traps™ advanced endpoint protection
  • Aperture™ SaaS-protection service
  • Unit 42 threat intelligence and research team
  • Intelligence from technology partners
  • Palo Alto Networks global passive DNS network

Accelerated Analysis and Hunting Workflows

Legacy approaches to securing the organization rely on aggregating an increasing number of detection-focused alerts with complex analysis workflows after the event.

AutoFocus puts the entire wealth of Palo Alto Networks threat intelligence at your fingertips, dramatically cutting the time it takes to conduct analysis, forensics or hunting efforts. Threat intelligence and context are available directly in PAN-OS® security operating system, Panorama™ network security management, or the AutoFocus portal for in-depth searching across indicators of compromise (IoCs).

Aggregate Any Third-Party Intelligence Source

Organizations rely on multiple source of threat intelligence to ensure the widest possible visibility into emerging threats, but they struggle to aggregate, correlate, validate and share indicators across different feeds. As part of AutoFocus, the MineMeld application provides a single, unified, threat feed and indicator management system.


Threat Intelligence Drives Prevention

Security teams require more than just raw threat intelligence – they need to automatically transform it into actionable controls that prevent future attacks. AutoFocus simplifies workflows to create and enforce new controls, from fully automated to user directed, within the same unified security platform.



AutoFocus Datasheet

Overview of the AutoFocus threat intelligence service.

Palo Alto Networks,
  • 1
  • 10436

AutoFocus Quick Demo

Watch a short overview video how of the AutoFocus threat intelligence service helps security teams identify and prevent targeted attacks. We will explain the key concepts of AutoFocus and benefits the service provides.

  • 3
  • 4318

AutoFocus At A Glance

The AutoFocus threat intelligence service allows security teams to prioritize their response to unique, targeted attacks. Gain the intelligence, analytics, and context needed to protect your organization. View the At-a-Glance for a high-level view into the AutoFocus service and key use-cases.

Palo Alto Networks,
  • 3
  • 4171

Operation Lotus Blossom

Operation Lotus Blossom describes a persistent cyber espionage campaign against government and military organizations in Southeast Asia. The report exposes the targets, tools, and attack techniques, and provides full details on the Lotus Blossom campaign, including all indicators of compromise. Unit 42 discovered these attacks using the Palo Alto Networks AutoFocus platform, which enables analysts to correlate the results of the hundreds of millions of reports generated by WildFire.

Santa Clara, CA
  • 11
  • 5312

Telkom Indonesia

Telkom Indonesia chose Palo Alto Networks to strengthen the security operations center as the company prepares for global expansion.

  • 0
  • 224

AutoFocus Actionable Threat Intelligence

View the key benefits of the AutoFocus threat intelligence service with an in-depth UI demo. You will gain an understanding of how security operations, analysis, and research teams can use the service to prioritize unique, targeted attacks.

  • 2
  • 2325