Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

MA User Guide: Select a Malware Analysis Service Dialog

Document created by RSA Information Design and Development Employee on Apr 10, 2019Last modified by RSA Information Design and Development Employee on Sep 3, 2020
Version 2Show Document
  • View in full screen mode
 

The Select a Malware Analysis Service dialog is accessible in the Malware Analysis view. In this dialog, Malware Analysis analysts can select a service to investigate, choose a scan on that service to investigate, upload a file to scan, and begin a continuous scan of the service.

Workflow

high-level Investigate workflow with Scan Files and Hosts for Malware and associated actions highlighted

What do you want to do?

                                                
User RoleI want to ...Show me how
Threat Hunter

browse event metadata

NetWitness Investigate User Guide

Threat Hunter

browse raw events

NetWitness Investigate User Guide

Threat Hunter

analyze raw events and metadata

NetWitness Investigate User Guide

Threat Hunter

investigate endpoints (Version 11.1)

NetWitness Endpoint User Guide

Threat Hunter

find suspicious endpoint files (Version 11.1)

NetWitness Endpoint User Guide

Threat Hunterscan files and events for malware*Conducting Malware Analysis

Incident Responder

triage an incident in Investigate

NetWitness Respond User Guide

*You can perform this task in the current view.

Related Topics

  • "How NetWitness Investigate Works" in the NetWitness Investigate User Guide
  • Begin a Malware Analysis Investigation
  • "Launch a Malware Analysis Scan from the Navigate View" in the NetWitness Investigate User Guide

Quick Look

This is the Select a Malware Analysis Service dialog

The Select a Malware Analysis Service dialog has a Malware Services panel on the left and a Scan Jobs List on the right. The Scan Jobs List panel has a toolbar, list, and buttons to view scans.

The Malware Services panel is a list of services available for malware analysis. In this panel, you can select the service to investigate and you set a default service using the Default Service icon. When you select a service, the available scan jobs for that service are listed in the Scan Jobs list.

These are the features in the Scan Jobs List toolbar.

                           
FeatureDescription
Scan Files button Displays the Scan for Malware dialog, in which you can upload a file to the service for scanning.
Delete scan job (Delete icon)Deletes one or more selected scan jobs, NetWitness Platform displays a confirmation dialog before deleting scan jobs.
Cancel scan job (Cancel icon)Pauses or continues one or more scan jobs.
Refresh (Refresh icon)Refreshes the list of scan jobs.

These are the columns in the Scan Jobs list. This list is also available in the Malware Scan Jobs dashlet.

                                               
FeatureDescription
NameDisplays the name of the job.
Static, Network, Community, Sandbox

Filters the results based on the scores for each scoring module.

Progress

Displays the current progress made on the job.

  • Green: The job is finished.
  • Black: The job is in progress.
  • Red: An error occurred.
Info

Provides additional information. Displays the query for the job. If the job is not complete, it also displays more detailed description of the status.

User

Displays the name of the user who created the job.

Events

Counts the number of events for the job.

Dropped

Counts the number of files or events in the job that were dropped because the scores are below their configured threshold.

Event Type

Displays the type of job: Manual Upload, On Demand, or Resubmit.

Scheduled

Displays the date and time when the job was executed.

These are the available actions in the dialog.

                       
FeatureDescription
Cancel buttonCancels the selected scan job.
View Scan buttonDisplays the Summary of Events for the selected scan with the default dashlets displayed.
View Continuous Mode buttonDisplays the Summary of Events for the selected scan with the default dashlets displayed.

You are here
Table of Contents > Malware Analysis Reference Materials > Select a Malware Analysis Service Dialog

Attachments

    Outcomes