Enricher - Palo Alto Autofocus#

Note

This article describes how to configure a particular enrichment source. To see how to configure enrichers in general, see Configure enrichers.

Specifications

Enricher name

Palo Alto Autofocus Hash Enricher

Input

Hashes (hash-md5, hash-sha1, and hash-sha256).

Output

Hash indicators enriched with related hash observables.

API endpoint

https://autofocus.paloaltonetworks.com

Requirements#

The Palo Alto Networks Autofocus Hash Enricher is compatible with EclecticIQ Platform release 2.3 and later.
Users need an API key for their own configuration. Sign up and subscribe to the service to obtain the required API key credentials to access the API endpoint exposing the service.

Configure the enricher parameters#

  1. Edit the enricher.

  2. From the Observable types drop-down menu, select one or more hash observables.

  3. The API URL field is automatically filled in with the default domain for the endpoint.
    You can add a proxy or set up ports according to your needs.
    Default value: https://autofocus.paloaltonetworks.com/.

  4. In the API key field, enter the API key associated with your API user profile, so that you can log in and consume the API service.

  5. The SSL verification checkbox is automatically selected.

  6. In the Path to SSL certificate field, if you have client side certification: enter the path to your PEM file.
    If not, leave the field empty.

  7. To store your changes, click Save; to discard them, click Cancel.