Source code for using Autofocus (and other applications) to discern hash coverage of known and unknown artifacts.


This is the repository that supports the development and build of the pan-tort docker container. The container is the end-user portion. If you only want to use pan-tort (not develop it) then see and use the docker-compose file in that repository to download and run pan-tort.

If you do need to develop against pan-tort, this is the right repository. Read on.

Hash Search as part of the Testing Output Response Toolkit

Install & start the hash search application

1. Clone repo

git clone

2. Change into repo directory

cd pan-tort-source

3. Create python 3.6 virtualenv

python3.6 -m venv env

4. Activate virtualenv

source env/bin/activate

5. Download required libraries

pip install -r requirements.txt

6. Edit your ~/.panrc and put in your autofocus key then link the file

cd project
ln -s ~/.panrc
cd ..

From this point on, you must have at least elasticsearch (6.2 or greater) installed and Kibana, if you wish to use visualizations.

7. Load the ES mappings

curl -XPUT -H'Content-Type: application/json' 'http://localhost:9200/hash-data/' -d @misc/hash-data-mappings.json

8. Start the tort backend

python ./

10. Populate Kibana Dashboards

  • Navigate to Kibana @ http://:5601 and go to Management -> Index Patters
  • Create a new index pattern based on "hash-data" and select "query_time" for the time field
  • Go to Managment -> Saved Objects and select Import
  • Load each of the hashdata*.json files in the misc directory (you will have to do it 3 times)
    • Use the hash-data index pattern of course

11. Goto http://:5061 to use the UI to load hashes.

Best Practices and Optional Configuration

You should be all set. For even more ideas on what you can do with the system and other things that you can download and install to get the most out of pan-tort, use the pan-tort end user Wiki

Developer Sites


Copyright © 2021 Palo Alto Networks, Inc. All rights reserved.