I use Palo Alto Networks AutoFocus for threat monitoring, and it is provided by the OEM itself. I use the threat data correlation feature, which correlates with Cortex. We can use it for data correlation, but we are mostly using a third-party solution for correlation.
I use Palo Alto Networks AutoFocus ( /products/palo-alto-networks-autofocus-reviews ) for threat intelligence. Palo Alto Networks has its own threat intelligence team, Unit 42, which analyzes submissions from different Palo Alto Networks firewalls deployed globally. They provide threat intelligence feeds to Palo Alto Networks firewalls, Prisma Access ( /products/prisma-access-by-palo-alto-networks-reviews ), and VM-Series firewalls. The solution is integrated into the Palo Alto Networks ecosystem and helps with threat detection and prevention.
Consultant at a tech services company with 501-1,000 employees
Reseller
Jun 5, 2021
We have our sorting in-house. If any kind of alert has been identified, they will cross-check with the feed in AutoFocus. They will do the correlation, manual correlation, in the case of a known feed or known intelligence. So, they will identify whether any malicious activity is going on through the AutoFocus portal.
Senior Staff Security Engineer at a renewables & environment company with 1,001-5,000 employees
Real User
Mar 14, 2021
We are using AutoFocus with my playbooks. We use it on a daily basis. We receive alerts on the Playbook. We receive alerts for threat intelligence, malware alerts, and virus alerts. We use Autofocus to check if the verdict is benign malware. All playbooks are on AutoFocus. We don't log in, it gives us access.
Find out what your peers are saying about Palo Alto Networks, Cisco, Recorded Future and others in Threat Intelligence Platforms (TIP). Updated: December 2025.
We are a solution provider and this is one of the products that we implement for our clients. It makes up part of their network security, helping them to detect threats.
Threat Intelligence Platforms provide comprehensive solutions for collecting, analyzing, and managing threat data. They enhance security teams' understanding and response capabilities, ensuring proactive defense against emerging threats.These platforms aggregate vast amounts of threat data from multiple sources, offering a centralized interface for organizations to manage and analyze security threats efficiently. By automating threat data collection and enhancing threat analysis, they enable...
I use Palo Alto Networks AutoFocus for threat monitoring, and it is provided by the OEM itself. I use the threat data correlation feature, which correlates with Cortex. We can use it for data correlation, but we are mostly using a third-party solution for correlation.
I use Palo Alto Networks AutoFocus ( /products/palo-alto-networks-autofocus-reviews ) for threat intelligence. Palo Alto Networks has its own threat intelligence team, Unit 42, which analyzes submissions from different Palo Alto Networks firewalls deployed globally. They provide threat intelligence feeds to Palo Alto Networks firewalls, Prisma Access ( /products/prisma-access-by-palo-alto-networks-reviews ), and VM-Series firewalls. The solution is integrated into the Palo Alto Networks ecosystem and helps with threat detection and prevention.
The tool along with other suite of products provides us with threat and alert information.
I use the Firewall version. I create and correct rules, and configure networks. I also handle logs.
We have our sorting in-house. If any kind of alert has been identified, they will cross-check with the feed in AutoFocus. They will do the correlation, manual correlation, in the case of a known feed or known intelligence. So, they will identify whether any malicious activity is going on through the AutoFocus portal.
We are using AutoFocus with my playbooks. We use it on a daily basis. We receive alerts on the Playbook. We receive alerts for threat intelligence, malware alerts, and virus alerts. We use Autofocus to check if the verdict is benign malware. All playbooks are on AutoFocus. We don't log in, it gives us access.
We are a solution provider and this is one of the products that we implement for our clients. It makes up part of their network security, helping them to detect threats.