PCCET - 4.6 Explain how Autofocus gains threat intelligence for security analysis and response 2023

PCCET - 4.6 Explain how Autofocus gains threat intelligence for security analysis and response 2023Palo Alto Networks AutoFocus enables what? - correct answer a proactive, prevention-based approach to network security that puts automation to work for security professionals. AutoFocus is built on a large-scale, distributed computing environment hosted where? - correct answer in the Palo Alto Networks Threat Intelligence Cloud AutoFocus correlates and gains intelligence from where? - correct answer ● WildFire ● URL filtering with the PAN-DB service ● Palo Alto Networks global passive DNS network ● Palo Alto Networks Unit 42 threat intelligence and research team ● Third-party feeds, including closed-source and open-source intelligence How does AutoFocus work? - correct answer AutoFocus uses tags that enrich your visibility into the most critical threats. When a tag matches an event on your network, a priority alert is sent via email, within the AutoFocus dashboard or via HTTP post, with the full tag context included. AutoFocus is the primary analysis tool used by which unit to to identify new threats correlate global data, identify connections between malicious samples, and build adversary or campaign profiles? - correct answer Unit 42 With AutoFocus and the product portfolio, security teams can do what? - correct answer ● Determine how targeted or unique a threat seen on their network is ● Investigate related malicious samples ● Identify suspicious DNS queries with domain resolution history AutoFocus enables you to create new protections for the product portfolio by doing what? - correct answer by exporting high-value IoCs from the service into PAN-OS software External Dynamic Lists to instantly block malicious URLs, domains, and IP addresses. AutoFocus also can export IoCs to third-party security devices, how? - correct answer via a standard CSV format AutoFocus can dramatically reduce the time required to investigate by enriching third-party services through what? - correct answer ● Open API support ● Remote sweeping capability ● Support for STIX data format Why does AutoFocus supprt Open API? name one example - correct answer sending threat intelligence data to existing SIEM tools. Why does AutoFocus supprt Remote sweeping capability? name one example - correct answer Correlate third-party external systems directly from AutoFocus. What does"STIX" mean? - correct answer Structured Threat Information Expression What is "STIX"? - correct answer an Extensible Markup Language (XML) format for conveying data about