Skip to main content

AutoFocus Tags Feed (Deprecated)

This Integration is part of the AutoFocus by Palo Alto Networks Pack.#


Use Unit 42 Intel Objects Feed instead.

Configure AutoFocus Tags Feed on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for AutoFocus Tags Feed.

  3. Click Add instance to create and configure a new integration instance.

    API KeyAccount's private token.False
    AutoFocus Endpoint URLThe AutoFocus endpoint URL.False
    Fetch indicatorsFalse
    Indicator ReputationIndicators from this integration instance will be marked with this reputation.False
    Source ReliabilityReliability of the source providing the intelligence data.True
    Traffic Light Protocol ColorThe Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed.False
    Feed Fetch IntervalThe feed fetch interval.False
    Bypass exclusion listWhen selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.False
    Create RelationshipsCreate relationships between indicators as part of Enrichment.False
    Trust any certificate (not secure)Whether to trust any certificate (not secure).False
    Use system proxy settingsFalse
    TagsSupports CSV values.False
  4. Click Test to validate the URLs, token, and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Gets indicators from the feed.

Base Command#



Argument NameDescriptionRequired
limitThe maximum number of results to return. Should be 50 or less. Default is 10.Optional

Context Output#

There is no context output for this command.

Command Example#

!autofocus-tags-feed-get-indicators limit=10

Human Readable Output#

DarkHotelThreat Actorpublications: {'link': '', 'title': 'The DarkHotel APT', 'source': 'Kaspersky', 'timestamp': '2018-08-20T15:25:31'},aliases: ParasiticBeast, description: The DarkHotel attackers were most infamously behind a series of attacks between 2008 and 2014 against organizations located primarily in Japan, Taiwan, China, Russia and South Korea. This campaign infiltrated multiple hotel networks and used them as a jumping-off point to infect hotel guests., lastseenbysource: 2021-05-03T01:55:18Z, updateddate: 2019-08-28T08:56:30Z ,reportedby: Unit 42


Be aware, due to API limitations, fetch-indicators fetches only a limited number of indicators for each interval. Fetching all the indicators can take up to 13 hours.