I use Palo Alto Networks AutoFocus for threat monitoring, and it is provided by the OEM itself. I use the threat data correlation feature, which correlates with Cortex. We can use it for data correlation, but we are mostly using a third-party solution for correlation.
I use Palo Alto Networks AutoFocus ( /products/palo-alto-networks-autofocus-reviews ) for threat intelligence. Palo Alto Networks has its own threat intelligence team, Unit 42, which analyzes submissions from different Palo Alto Networks firewalls deployed globally. They provide threat intelligence feeds to Palo Alto Networks firewalls, Prisma Access ( /products/prisma-access-by-palo-alto-networks-reviews ), and VM-Series firewalls. The solution is integrated into the Palo Alto Networks ecosystem and helps with threat detection and prevention.
Consultant at a tech services company with 501-1,000 employees
Reseller
Jun 5, 2021
We have our sorting in-house. If any kind of alert has been identified, they will cross-check with the feed in AutoFocus. They will do the correlation, manual correlation, in the case of a known feed or known intelligence. So, they will identify whether any malicious activity is going on through the AutoFocus portal.
Senior Staff Security Engineer at a renewables & environment company with 1,001-5,000 employees
Real User
Mar 14, 2021
We are using AutoFocus with my playbooks. We use it on a daily basis. We receive alerts on the Playbook. We receive alerts for threat intelligence, malware alerts, and virus alerts. We use Autofocus to check if the verdict is benign malware. All playbooks are on AutoFocus. We don't log in, it gives us access.
Find out what your peers are saying about Palo Alto Networks, Cisco, Recorded Future and others in Threat Intelligence Platforms (TIP). Updated: March 2026.
We are a solution provider and this is one of the products that we implement for our clients. It makes up part of their network security, helping them to detect threats.
Threat Intelligence Platforms improve an organization's cybersecurity by collecting and analyzing threat data. They offer insights into potential cyber threats, enabling proactive security measures to protect networks.These platforms help organizations manage and analyze threat data from different sources, providing a comprehensive view of potential threats. By integrating seamlessly with existing security systems, TIPs enhance the decision-making process for security teams, enabling them to...
I use Palo Alto Networks AutoFocus for threat monitoring, and it is provided by the OEM itself. I use the threat data correlation feature, which correlates with Cortex. We can use it for data correlation, but we are mostly using a third-party solution for correlation.
I use Palo Alto Networks AutoFocus ( /products/palo-alto-networks-autofocus-reviews ) for threat intelligence. Palo Alto Networks has its own threat intelligence team, Unit 42, which analyzes submissions from different Palo Alto Networks firewalls deployed globally. They provide threat intelligence feeds to Palo Alto Networks firewalls, Prisma Access ( /products/prisma-access-by-palo-alto-networks-reviews ), and VM-Series firewalls. The solution is integrated into the Palo Alto Networks ecosystem and helps with threat detection and prevention.
The tool along with other suite of products provides us with threat and alert information.
I use the Firewall version. I create and correct rules, and configure networks. I also handle logs.
We have our sorting in-house. If any kind of alert has been identified, they will cross-check with the feed in AutoFocus. They will do the correlation, manual correlation, in the case of a known feed or known intelligence. So, they will identify whether any malicious activity is going on through the AutoFocus portal.
We are using AutoFocus with my playbooks. We use it on a daily basis. We receive alerts on the Playbook. We receive alerts for threat intelligence, malware alerts, and virus alerts. We use Autofocus to check if the verdict is benign malware. All playbooks are on AutoFocus. We don't log in, it gives us access.
We are a solution provider and this is one of the products that we implement for our clients. It makes up part of their network security, helping them to detect threats.