* [Blog](https://www2.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/) * [Announcement](https://www2.paloaltonetworks.com/blog/category/announcement/) * Now Available: Open-Sourc... # Now Available: Open-Sourced AutoFocus Python Client Library [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F03%2Fnow-available-open-sourced-autofocus-python-client-library%2F) [](https://twitter.com/share?text=Now+Available%3A+Open-Sourced+AutoFocus+Python+Client+Library&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F03%2Fnow-available-open-sourced-autofocus-python-client-library%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F03%2Fnow-available-open-sourced-autofocus-python-client-library%2F&title=Now+Available%3A+Open-Sourced+AutoFocus+Python+Client+Library&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2016/03/now-available-open-sourced-autofocus-python-client-library/&ts=markdown) \[\](mailto:?subject=Now Available: Open-Sourced AutoFocus Python Client Library) Link copied By [Ben Small](https://www.paloaltonetworks.com/blog/author/ben-small/?ts=markdown "Posts by Ben Small") and [Russ Holloway](https://www.paloaltonetworks.com/blog/author/russ-holloway/?ts=markdown "Posts by Russ Holloway") Mar 15, 2016 3 minutes [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown) [Financial Services](https://www.paloaltonetworks.com/blog/category/financial-services/?ts=markdown) [SCADA \& ICS](https://www.paloaltonetworks.com/blog/category/scada-ics/?ts=markdown) [AutoFocus](https://www.paloaltonetworks.com/blog/tag/autofocus/?ts=markdown) [AutoFocus API](https://www.paloaltonetworks.com/blog/tag/autofocus-api/?ts=markdown) [Python](https://www.paloaltonetworks.com/blog/tag/python/?ts=markdown) [wildfi](https://www.paloaltonetworks.com/blog/tag/wildfi/?ts=markdown) Palo Alto Networks is proud to announce the public release of a [Python client library](https://github.com/PaloAltoNetworks/autofocus-client-library) for interacting with our AutoFocus API. [AutoFocus](https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/autofocus.html) was released last year to provide actionable threat intelligence and prioritized alerts for organizations by combining data collected from thousands of [WildFire](https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/wildfire.html) customers, Unit 42 threat research, and other cyber security intelligence feeds drawn from vendor and other third party partnerships. For many of you currently subscribed to AutoFocus, previous interaction with the service may have been purely through our user interface and alert notifications. However, it is important to remember that data is also exposed via an [API](https://www.paloaltonetworks.com/documentation/autofocus/autofocus/autofocus_api/about-the-autofocus-api.html). After our own internal research usage of querying the API, we realized the importance of creating an object-oriented library to simplify querying the data and work with the results, which led to the creation of this library. It provides a quick way to begin interacting with the AutoFocus API without requiring a detailed understanding of the API service calls, response formats and parsing, error handling, or other steps. Here's how to get started with the API so you can easily integrate AutoFocus intelligence into your own systems and applications. First, you will need an API key. You can find and manage your AutoFocus API key by [logging in](https://autofocus.paloaltonetworks.com) and clicking 'Settings' from the navigation menu. [](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/03/AutoFocus-Python-1-1.png) [![AutoFocus Python 1](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/03/AutoFocus-Python-1-1.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/03/AutoFocus-Python-1-1.png) Figure 1 Identifying your AutoFocus API key from the UI \[autofocus\] apikey=\ |-----|---------------------------------------| | 1 2 | \[autofocus\] apikey=\ | You can alternatively add your API key within any script you write rather than loading from a configuration file. from autofocus import AutoFocusAPI AutoFocusAPI.api\_key = "\" |-----|------------------------------------------------------------------------------| | 1 2 | from autofocus import AutoFocusAPI AutoFocusAPI.api\_key = "\" | Finally, install the library and you are all set. git clone https://github.com/PaloAltoNetworks/autofocus-client-library cd autofocus-client-library python setup.py install |-------|----------------------------------------------------------------------------------------------------------------------------| | 1 2 3 | git clone https://github.com/PaloAltoNetworks/autofocus-client-library cd autofocus-client-library python setup.py install | We will demonstrate usage through a simple but fully working Python example utilizing the client. This example will begin by querying for a specific sample using the sample's SHA256 hash. It continues to provide information about the file, such as the file type, WildFire verdict, and DNS queries made by the sample within the WildFire sandbox. Finally, a very simplistic search is performed to identify malicious samples found within AutoFocus. from autofocus import AutoFocusAPI, AFSample, AFSampleAbsent, AFDnsActivity AutoFocusAPI.api\_key = "\" # Query for a sample and pull DNS activity associated with it try: sample = AFSample.get("7f38fd3e55a4139d788a4475ab0a5d83bf7686a37ef5e54a65364a0d781b523c") # Print some data that's available print sample.sha256 print sample.file\_type if sample.malware: print "This is a malicious file" # Extract any DNS queries seen across WildFire analysis jobs for sample for dns in sample.get\_analyses(AFDnsActivity): print "Query: {0}".format(dns.query) except AFSampleAbsent: print "That sample wasn't found." # Run AutoFocus search to discover samples matching criteria # See AF documentation for query format, or export a query via UI to get started query = '{"operator": "all", "children": \[{"field": "sample.malware", "operator": "is", "value": 1}\]}' for sample in AFSample.search(query): print sample.sha256 |----------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | from autofocus import AutoFocusAPI, AFSample, AFSampleAbsent, AFDnsActivity AutoFocusAPI.api\_key = "\" # Query for a sample and pull DNS activity associated with it try: sample = AFSample.get("7f38fd3e55a4139d788a4475ab0a5d83bf7686a37ef5e54a65364a0d781b523c") # Print some data that's available print sample.sha256 print sample.file\_type if sample.malware: print "This is a malicious file" # Extract any DNS queries seen across WildFire analysis jobs for sample for dns in sample.get\_analyses(AFDnsActivity): print "Query: {0}".format(dns.query) except AFSampleAbsent: print "That sample wasn't found." # Run AutoFocus search to discover samples matching criteria # See AF documentation for query format, or export a query via UI to get started query = '{"operator": "all", "children": \[{"field": "sample.malware", "operator": "is", "value": 1}\]}' for sample in AFSample.search(query): print sample.sha256 | This is a basic example, but it demonstrates the ease of using the API and working with the results. Through the library, you can also search AutoFocus session data (AFSession object) just as easily using a similar syntax. Behind the scenes, the library will handle authenticating to the web service, parsing responses into objects, creation of exceptions, and more. More examples and details on the library can be found on [GitHub](https://github.com/PaloAltoNetworks/autofocus-client-library/tree/master/examples). We invite you to begin using the tool to further automate your own internal processes and usage of the [AutoFocus API](https://github.com/PaloAltoNetworks/autofocus-client-library). For more information, please visit the [AutoFocus website](https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/autofocus). *** ** * ** *** ## Related Blogs ### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### The Power of Glean and Prisma AIRS Integration](https://www2.paloaltonetworks.com/blog/2026/02/power-of-glean-and-prisma-airs-integration/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### New Year, New Program, New Opportunities](https://www2.paloaltonetworks.com/blog/2026/02/new-year-new-program-new-opportunities/) ### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/category/zero-trust-security/?ts=markdown) [#### Empowering the RAF Association with Next-Generation Cyber Resilience](https://www2.paloaltonetworks.com/blog/2026/02/raf-association-next-generation-cyber-resilience/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### 2026 Public Sector Cyber Outlook: Identity, AI and the Fight for Trust](https://www2.paloaltonetworks.com/blog/2026/01/public-sector-cyber-outlook/) ### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### Bridging Cybersecurity and AI](https://www2.paloaltonetworks.com/blog/2026/01/bridging-cybersecurity-and-ai/) ### [AI Application Security](https://www.paloaltonetworks.com/blog/network-security/category/ai-application-security/?ts=markdown), [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### Palo Alto Networks Announces Support for NVIDIA Enterprise AI Factory](https://www2.paloaltonetworks.com/blog/2026/01/support-nvidia-enterprise-ai-factory/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language