* [Blog](https://www2.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/) * [DevSecOps](https://www2.paloaltonetworks.com/blog/cloud-security/category/devsecops/) * Bringing High-Fidelity Th... # Bringing High-Fidelity Threat Intelligence to Prisma Cloud [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F07%2Fcloud-autofocus-prisma-integration%2F) [](https://twitter.com/share?text=Bringing+High-Fidelity+Threat+Intelligence+to+Prisma+Cloud&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F07%2Fcloud-autofocus-prisma-integration%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F07%2Fcloud-autofocus-prisma-integration%2F&title=Bringing+High-Fidelity+Threat+Intelligence+to+Prisma+Cloud&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2020/07/cloud-autofocus-prisma-integration/&ts=markdown) \[\](mailto:?subject=Bringing High-Fidelity Threat Intelligence to Prisma Cloud) Link copied By [Jonathan Bregman](https://www.paloaltonetworks.com/blog/author/jonathan-bregman/?ts=markdown "Posts by Jonathan Bregman") Jul 13, 2020 3 minutes [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown) [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown) [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown) [AutoFocus](https://www.paloaltonetworks.com/blog/tag/autofocus/?ts=markdown) [Prisma Cloud](https://www.paloaltonetworks.com/blog/tag/prisma-cloud/?ts=markdown) [threat intelligence](https://www.paloaltonetworks.com/blog/tag/threat-intelligence/?ts=markdown) This post is also available in: [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/2020/07/cloud-autofocus-prisma-integration/?lang=ja "Switch to Japanese(日本語)") We've integrated AutoFocus threat intelligence into Prisma Cloud. This will allow users to [realize the promise of threat intelligence](https://www.paloaltonetworks.com/blog/2019/11/cortex-threat-intelligence/) for their cloud security. Users will get the intelligence, analytics and context required to detect attacks and understand which ones require an immediate response --- you'll even gain the ability to predict and prevent future attacks. We hear often that cloud SOCs are overwhelmed with alerts. In addition to their sheer volume, alerts lack context or clarity, making risk prioritization and remediation slow, ultimately exposing vulnerabilities for too long. Of course, we know that accurate threat intelligence is the key to high-fidelity alerts. But most solutions today require the collection of multiple, disparate feeds for accurate threat management and risk prioritization. ## **What AutoFocus Provides** [AutoFocus](https://www.paloaltonetworks.com/cortex/autofocus) provides a massive repository of high-fidelity threat intelligence, crowdsourced from a massive footprint of network, endpoint and cloud intelligence sources. Every threat is enriched with the deepest context from our own Unit 42 threat researchers. ![Auto Focus brings threat intelligence to Prisma Cloud, and the numbers show it. Crowdsourced from a massive footprint of network, endpoint and cloud intelligence sources, AutoFocus brings together more than 14 billion suspicious samples, 7 trillion artifacts, 65,000 enterprise customers, 2 billion daily URL queries, 46 million daily DNS queries and 300 million monthly never before seen samples. The image displays these numbers and intelligence sources in a chart.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/07/suspicious.png) Prisma Cloud now leverages the power of AutoFocus to: * **Detect:** Automatically detect and alert across over 15 categories of common public cloud threats including cryptomining, ransomware, Linux malware, backdoor malware, hacking tools and more. This is achieved through new out-of-the-box policies that leverage the curated AutoFocus IP Threat Intel Feed. * **Investigate** : Gain the ability to use [Resource Query Language](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/rql.html) (RQL) to run network investigations and discover cloud-specific threats detected by AutoFocus. * **Understand:** See detailed context on identified threats based on AutoFocus intelligence, allowing SOC teams to fully understand the depth and scope of threats. AutoFocus is bundled with Prisma Cloud Enterprise Edition and enables [threat hunters](https://www.paloaltonetworks.com/blog/2020/06/cortex-start-threat-hunting/) to seamlessly search for even more details based on the investigation results from Prisma Cloud. ## **How It Works** Threat intelligence from AutoFocus will automatically populate in the Prisma Cloud Console. The screenshot below shows how AutoFocus surfaces deeper insight for a suspicious resource within a public cloud account: ![AutoFocus brings threat intelligence to Prisma Cloud in part by surfacing deep insight for a suspicious resource within a public cloud account, as shown in this screenshot of the AutoFocus threat feed in Prisma Cloud.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/07/volume.png) AutoFocus threat feed in Prisma Cloud With AutoFocus integrated into Prisma Cloud, users can obtain deep insight into any flagged suspicious IP connections: ![With the integration of AutoFocus, bringing threat intelligence to Prisma Cloud, users can obtain deep insight into any flagged suspicious IP connections, as shown in this screenshot.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/07/investigate.png) Detailed investigative information in Prisma Cloud With the addition of AutoFocus, [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud) provides users with comprehensive threat intelligence and vulnerability data sourced across multiple unique sources: * **Prisma Cloud Intelligence Stream:** Our own collection of 30-plus upstream data sources across commercial, open-source and proprietary feeds; offering vulnerability data for hosts, containers and functions as well as malware and IP-reputation lists. * **Palo Alto Networks sources:** In addition to AutoFocus, Prisma Cloud integrates with [WildFire](https://www.paloaltonetworks.com/products/secure-the-network/wildfire) for malware scanning as part of data security capabilities. * **Third-party sources:** Prisma Cloud integrates with data provided from Qualys, Tenable, AWS Inspector and others to provide a single view into risk within cloud environments. When combined with AutoFocus, Prisma Cloud lets users experience unmatched alert accuracy with the risk clarity required to effectively protect today's [highly dynamic](https://www.paloaltonetworks.com/blog/2020/06/cloud-native-security-genome/), distributed cloud environments. ## **How to Begin Using AutoFocus in Prisma Cloud** The AutoFocus integration is now available for existing Prisma Cloud Enterprise Edition users, providing the powerful insights discussed above. New users can begin a [free trial of Prisma Cloud](https://marketplace.paloaltonetworks.com/s/product-rdl) today. *** ** * ** *** ## Related Blogs ### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown) [#### Call for Papers for Ignite 2020: Share Your Cybersecurity Expertise](https://www2.paloaltonetworks.com/blog/2020/08/call-for-papers-ignite-2020/) ### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown) [#### Palo Alto Networks Expands Cortex, Prisma Cloud Hosting to Singapore](https://www2.paloaltonetworks.com/blog/2020/07/cortex-singapore-cloud-hosting/) ### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown) [#### Achieving End-to-End Zero Trust](https://www2.paloaltonetworks.com/blog/2020/05/network-end-to-end-zero-trust/) ### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown) [#### The Art of Automation: Creating Threat Intelligence Bots in the Cloud](https://www2.paloaltonetworks.com/blog/2020/03/cloud-threat-intelligence-bot/) ### [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [#### Prisma Cloud 2.0 Just Launched: Why a Comprehensive CNSP is Essential](https://www2.paloaltonetworks.com/blog/2020/10/cloud-comprehensive-cnsp-essential/) ### [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown) [#### Prisma Cloud 2.0: The Industry's Most Comprehensive CNSP](https://www2.paloaltonetworks.com/blog/2020/10/cloud-evolution-comprehensive-cnsp/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language