Transform Guides
- Maltego Standard Transforms
- Standard Transforms Add-on (CTAS) Server Transforms
  - Maltego Standard Transforms Add-on (CTAS) Server Transforms
- Transform Hub Items

Palo Alto Networks - AutoFocus

Modified on: Wed, 7 Sep, 2022 at 7:03 PM

Overview

AutoFocus is a cloud-based threat intelligence service that correlates threat data from immediate network, industry, and global intelligence feeds.

With Auto Focus Transforms, investigators can pivot on data accessed via AutoFocus to visualize links between threats in observed environment.

To read more click here.

Palo Alto Networks - AutoFocus Transforms

AutoFocus - Explode Tags (Actor)

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Explode Tags (Actor)
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFExplodeTagsActor
Input Entities	maltego.Hash
Output Entities	Phrase
Short Description

AutoFocus - Explode Tags (All)

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Explode Tags (All)
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFExplodeTagsAll
Input Entities	maltego.Hash
Output Entities	Phrase
Short Description

AutoFocus - Explode Tags (Campaign)

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Explode Tags (Campaign)
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFExplodeTagsCampaign
Input Entities	maltego.Hash
Output Entities	Phrase
Short Description

AutoFocus - Explode Tags (Malware)

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Explode Tags (Malware)
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFExplodeTagsMalware
Input Entities	maltego.Hash
Output Entities	Phrase
Short Description

AutoFocus - Explode Tags (U42)

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Explode Tags (U42)
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFExplodeTagsU42
Input Entities	maltego.Hash
Output Entities	Phrase
Short Description

AutoFocus - Fetch File Metadata

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Fetch File Metadata
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFFetchFileMetadata
Input Entities	maltego.Hash
Output Entities	Phrase
Short Description

AutoFocus - Get C2 By Sample

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get C2 By Sample
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetC2BySample
Input Entities	maltego.Hash
Output Entities	Phrase
Short Description

AutoFocus - Get C2 URLS by sample

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get C2 URLS by sample
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetC2URLBySample
Input Entities	maltego.Hash
Output Entities	Phrase
Short Description

AutoFocus - Get Digtial Signer By Sample

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Digtial Signer By Sample
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetDigSigBySample
Input Entities	maltego.Hash
Output Entities	Phrase
Short Description

AutoFocus - Get Imphash by Sample

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Imphash by Sample
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetImphashBySample
Input Entities	maltego.Hash
Output Entities	Phrase
Short Description

AutoFocus - Get ITW data as metadata

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get ITW data as metadata
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetITWDataAsMeta
Input Entities	maltego.Hash
Output Entities	Phrase
Short Description

AutoFocus - Get ITW Filename by Sample

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get ITW Filename by Sample
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetITWFileBySample2
Input Entities	maltego.Hash
Output Entities	Phrase
Short Description

AutoFocus - Get ITW Filename by Session

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get ITW Filename by Session
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetITWFilenameBySession
Input Entities	PaloAltoNetworks.WildfireSession
Output Entities	Phrase
Short Description

AutoFocus - Get ITW Host by Session

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get ITW Host by Session
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetITWHostBySession
Input Entities	PaloAltoNetworks.WildfireSession
Output Entities	Phrase
Short Description

AutoFocus - Get ITW Hosts

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get ITW Hosts
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetITWHosts
Input Entities	maltego.Hash
Output Entities	Phrase
Short Description

AutoFocus - Get ITW URLs as entities

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get ITW URLs as entities
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetITWURLBySample
Input Entities	maltego.Hash
Output Entities	Phrase
Short Description

AutoFocus - Get ITW URL by Session

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get ITW URL by Session
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetITWURLBySession
Input Entities	PaloAltoNetworks.WildfireSession
Output Entities	Phrase
Short Description

AutoFocus - Get Mutex By Sample

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Mutex By Sample
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetMutexBySample
Input Entities	maltego.Hash
Output Entities	Phrase
Short Description

AutoFocus - Get Sample By Digital Signer

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Sample By Digital Signer
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSampleByDigSig
Input Entities	PaloAltoNetworks.DigitalCertificateCN
Output Entities	Phrase
Short Description

AutoFocus - Get Sample by FileActivity

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Sample by FileActivity
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSampleByFileActivity
Input Entities	maltego.Filename
Output Entities	Phrase
Short Description

AutoFocus - Get Sample by Hostname

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Sample by Hostname
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSampleByHostname
Input Entities	maltego.Domain
Output Entities	Phrase
Short Description

AutoFocus - Get Sample by Imphash

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Sample by Imphash
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSampleByImphash
Input Entities	maltego.Imphash
Output Entities	Phrase
Short Description

AutoFocus - Get Sample by C2 IP

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Sample by C2 IP
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSampleByIP
Input Entities	maltego.IPv4Address
Output Entities	Phrase
Short Description

AutoFocus - Get Sample by ITW Filename

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Sample by ITW Filename
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSampleByITWFilename
Input Entities	maltego.Filename
Output Entities	Phrase
Short Description

AutoFocus - Get Samples by ITW Hostname

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Samples by ITW Hostname
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSampleByITWHostname
Input Entities	maltego.Domain
Output Entities	Phrase
Short Description

AutoFocus - Get Samples by ITW IP address

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Samples by ITW IP address
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSampleByITWIP
Input Entities	maltego.IPv4Address
Output Entities	Phrase
Short Description

AutoFocus - Get Sample by Mutex

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Sample by Mutex
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSampleByMutex
Input Entities	maltego.Mutex
Output Entities	Phrase
Short Description

AutoFocus - Get Sample by Query

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Sample by Query
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSampleByQuery
Input Entities	PaloAltoNetworks.AutoFocusQuery
Output Entities	Phrase
Short Description

AutoFocus - Get Sample by Service

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Sample by Service
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSampleByService
Input Entities	maltego.ServiceName
Output Entities	Phrase
Short Description

AutoFocus - Get Sample by Session

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Sample by Session
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSampleBySession
Input Entities	PaloAltoNetworks.WildfireSession
Output Entities	Phrase
Short Description

AutoFocus - Get Sample by Full URL

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Sample by Full URL
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSampleByURL
Input Entities	maltego.URL
Output Entities	Phrase
Short Description

AutoFocus - Get Sample by URL Path

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Sample by URL Path
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSampleByURLPath
Input Entities	maltego.URL
Output Entities	Phrase
Short Description

AutoFocus - Get Samples by ITW URL

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Samples by ITW URL
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSamplesByITWURL
Input Entities	maltego.URL
Output Entities	Phrase
Short Description

AutoFocus - Get Sample by Tag

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Sample by Tag
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSamplesByTag
Input Entities	PaloAltoNetworks.Tag
Output Entities	Phrase
Short Description

AutoFocus - Get Service created by Sample

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Service created by Sample
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetServiceBySample
Input Entities	maltego.Hash
Output Entities	Phrase
Short Description

AutoFocus - Get Sessions by Query

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Sessions by Query
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSessionByQuery
Input Entities	PaloAltoNetworks.AutoFocusQuery
Output Entities	Phrase
Short Description

AutoFocus - Get Sessions by Sample

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Sessions by Sample
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSessionBySample
Input Entities	maltego.Hash
Output Entities	Phrase
Short Description

AutoFocus - Get Sessions by Tag

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Sessions by Tag
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSessionsByTag
Input Entities	PaloAltoNetworks.Tag
Output Entities	Phrase
Short Description

AutoFocus - Get Sessions by URL Path

Transform Settings

Display Name	Setting Type	Default Value	Optional	Popup	Authentication
AutoFocusAPIKey	string		false	false	false

Transform Meta Info

Information	Value
Display Name	AutoFocus - Get Sessions by URL Path
Owner	Tom Lancaster
Author	tlancaster@paloaltonetworks.com
Data Source	AutoFocus
Transform Name	AFGetSessionsByURLPath
Input Entities	maltego.URL
Output Entities	Phrase
Short Description