Investigation: Configure Malware Summary of Events View

Document created by RSA Information Design and Development on May 5, 2016Last modified by Susan Ewald on May 5, 2016
Version 4Show Document
  • View in full screen mode
 

The Summary of Events provides a summary of the scan being investigated, and below the summary are configurable dashlets such as visualization charts and listings. By default, the Summary of Events for a scan opens with the default dashlets displayed. You can customize the view by adding, modifying, and deleting default dashlets. The configured customization of dashlets persists through different scan investigations, and you can restore default dashlets at any time. The default dashlets are:

  • Summary of Events (Fixed)
  • Event Timeline
  • Top Listing of Highly Suspicious Malware
  • Meta Treemap
  • Score Wheel
  • Meta Breakdowns

The following figure is an example of the default Summary of Events.

104MWSumEvents2.png

The rest of this topic provides instructions for managing and configuring dashlets.

Add a Dashlet

You can add multiple copies of dashlets in the Malware Analysis Summary of Events. To add a dashlet:

  1. In the toolbar, select Add.
    The drop-down list of dashlets is displayed. There are four visualization options: Score Wheel, Meta Treemap, Meta Breakdowns, and Event Timeline. The other three dashlets are the same dashlets available in the Unified dashboard: Malware with high Confidence IOCs and High Scores, Top Listing of Highly Suspicious Malware, Top Listing of Possible Zero Day Malware.
    104MWADdDshltMn.png
  2. Select a dashlet.
    The new dashlet is added as the last dashlet below the existing dashlets.
  3. If the dashlet is a duplicate of an existing dashlet, change the name of the new dashlet so that it is unique.

Modify or Delete a Dashlet Using Toolbar Options

Each dashlet has a toolbar that offers options for modifying the dashlet. The visualization charts have the same configuration settings, while some of the other dashlets have different additional settings.

104DshletTb.png

To use the toolbar options:

  • To close a dashlet so that only the title bar is displayed, click 104DshletClos.png.
  • To open a dashlet that is closed, click 104DshletExp.png.
  • To display the configurable settings for a dashlet, click 104DshletSet.png.
    The settings dialog for the dashlet is displayed.
  • To delete a dashlet, click 104DshletDel.png.

Apply Threshold Filter to Multiple Dashlets

Within dashlets, you can set a threshold to show only events equal to, above, or below a certain score in the four categories (Static, Network, Community, and Sandbox). This procedure sets the thresholds by dashlet type for these dashlets: Event Timeline, Score Wheel, and Meta Treemap. You can also set the threshold for individual dashlets.

  1. In the toolbar, select ic-actns.png > Apply Threshold Filter.
    The Apply Threshold Filter dialog is displayed.
    MAThrFilDg.png
  2. Select one or more dashlet types: Event Timeline, Score Wheel, and Meta Treemap.
  3. Drag the corresponding slider or enter a numeric value, then select an operator in the drop-down list: =, >=, or <=.
  4. Click Apply.
    The threshold filters are applied to the selected dashlet types in the Summary of Events.

Set Title and Category Options for a Dashlet

  1. To display the configurable settings for a dashlet, click 104DshletSet.png.
    The Options dialog for the dashlet is displayed.
    104ScrWheelOpt.png
  2. Type a new title for the dashlet in the Title field.
  3. If you want to see only events that are influenced by a High Confidence tag, which means there is high confidence that the event contains harmful code, check the Influenced By High Confidence Only option.
  4. If you want to see only events that were given a score above a certain score in the four categories (Static, Network, Community, and Sandbox), drag the corresponding slider or enter a numeric value, then select an operator in the drop-down list: =, >=, or <=.
  5. Click Apply.
    The title and filters are applied to the dashlet.

Order Dashlets

To change the order of dashlets as they appear beneath the Summary of Events:

  1. In the toolbar, select ic-actns.png > Order Dashlets.
    The Order Dashlets dialog is displayed.
    104OrderDshltDg.png
  2. Select a dashlet that you want to move up or down, and click 104UpBtn.png or 104DownBt.png.
  3. When you are satisfied with the order, click Apply.
    The dialog closes and the order of dashlets below the Summary of Events is changed to match your choices.

Restore Default Dashlets

Once you have added, modified, and arranged dashlets, you can revert to the default settings for dashlet display. To restore the default dashlets:

  1. In the toolbar, select ic-actns.png > Restore Default Configuration.
    A dialog requests confirmation that you want to restore the configuration.
  2. Do one of the following:
    1. If you decide to keep the dashlet arrangement you have configured, click No.
    2. If you are sure that you want to restore the defaults, click Yes,
      The dashlet display reverts to the default display.

 

You are here: Configure Investigation Views and Preferences > Configure Malware Summary of Events View

Attachments

    Outcomes