Investigation: Conduct Malware Analysis

Document created by RSA Information Design and Development on Jul 28, 2016
Version 1Show Document
  • View in full screen mode
 

This article provides information and procedures for analysts who are using the RSA Security Analytics Malware Analysis service to detect malware.

Once you initiate a Malware Analysis investigation, there is no specific order in which to conduct the investigation. Instead, Security Analytics offers various methods of displaying the data, filtering the data, querying the data, acting on a drill point, and inspecting specific events. This topic provides information and procedures for analysts who are using the RSA Security Analytics Malware Analysis service to detect malware in selected data and files.

Prerequisites

Analysts who conduct analysis using Security Analytics Malware Analysis need to have the appropriate system roles and permissions set up for their user accounts. An administrator must configure roles and permissions. See Roles and Permissions for Analysts in the Malware Analysis Configuration Guide for details.

Malware Analysis Tasks

This document groups investigation tasks according to high-level functions of an Investigation:

  • Begin a Malware Analysis Investigation.
  • Upload Files for Malware Scanning.
  • Upload Files from a Watched Folder.
  • Implement Custom YARA Content.
  • Filter Information in the Summary of Events View.
  • Examine Scan Files and Events in List Form.
  • View Detailed Malware Analysis of an Event.
You are here: Investigation: Conduct Malware Analysis

Attachments

    Outcomes