Investigation: Malware Analysis Events List and Files List

Document created by RSA Information Design and Development on Jul 28, 2016
Version 1Show Document
  • View in full screen mode
 

The Malware Analysis Events List and Files List provide a detailed view of events or files. You can double-click on an event or file in either of the lists to display the Analysis Results view in a new browser tab.

To access this view:

  1. In the Security Analytics menu, select Investigation > Malware Analysis.
  2. In the Select a Malware Analysis Service dialog, select a service from the left panel, then select a job from the right panel.
  3. Click View Scan.
    The Summary of Events view is displayed.
  4. In either the Total panel or the High Confidence panel, click the number in the Events Created section.
    If you want to view the Files List, click the number in the Files Processed section.
  5. Depending on your choice, the Events List or the Files List is displayed.

This is an example of the Events List view.

EvtLst.png

This is an example of the Files List view.
FlsLst.png

Related procedures are available in Examine Scan Files and Events in List Form.

Features

The Events List and Files List each have a grid and a toolbar.

Events List Toolbar

These are the features in the Events List toolbar. 

                         
FeatureDescription
Back to SummaryReturns to the Summary of Events view.
Delete EventsDeletes one or more selected events. Security Analytics displays a confirmation dialog before deleting events.
Download FilesDisplays the Malware File Download dialog, which allows you to download available files.
Sort1.pngDisplays a drop-down menu from which you can decide how to sort the list. These are the options for sorting:
  • High Confidence
  • Static
  • Network
  • Community
  • Sandbox
  • AV
  • File Name
  • File Type
  • Hash
  • Date Archived
  • Size 
The button directly to the right of this drop-down indicates whether the list will be sorted by ascending or descending values.
Sort2.pngDisplays a drop-down menu from which you can select a secondary sorting order. This menu includes an option for None, so selecting a secondary sorting order is not necessary.
FltIcon.pngDisplays a drop-down window in which you can filter the list by filename or MD5 Hash.

Events List Grid

These are the features in the Events List grid.

                                                       
FeatureDescription
InflHighConf.pngIndicates whether the event is influenced by the high confidence flag.
Static, Network, Community, SandboxDisplays the scores for each scoring module.
AVIndicates whether the AV flagged this event as suspicious.
InflCustRule.pngIndicates whether the event is influenced by a customized rule.
Date ArchivedDisplays the date and time the event was archived.
Session TimeDisplays the time of the event's session.
HVTI.pngIndicates whether the hash value is marked as trusted.
# FilesDisplays the number of files included in the event.
Source AddressDisplays the address of the event source.
IdentityDisplays the identity of the event source.
Destination AddressDisplays the address of the event destination.
Destination CountryDisplays the country of the event destination.
Alias HostDisplays the hostname of the alias.
Event TypeDisplays the type of event. For example, Manual Upload.
ServiceDisplays the service on which the event occurred.
Destination OrganizationDisplays the organization of the destination.

Files List Toolbar

These are the features in the Files List toolbar.

                      
FeatureDescription
Back to SummaryReturns to the Summary of Events view.
Download FilesDisplays the Malware File Download dialog, which allows you to download available files.
Sort1.pngDisplays a drop-down menu from which you can decide how to sort the list. These are the options for sorting:
  • High Confidence
  • Static
  • Network
  • Community
  • Sandbox
  • AV
  • File Name
  • File Type
  • Hash
  • Date Archived
  • Size
The button directly to the right of this drop-down indicates whether the list will be sorted by ascending or descending values.
Sort2.pngDisplays a drop-down menu from which you can select a secondary sorting order. This menu includes an option for None, so selecting a secondary sorting order is not necessary.
FltIcon.pngDisplays a drop-down window in which you can filter the list by filename or MD5 Hash.

Files List Grid

These are the features in the Files List grid.

                                  
FeatureDescription
InflHighConf.pngIndicates whether the event is influenced by high confidence flag.
Static, Network, Community, SandboxDisplays the scores for each scoring module.
AVIndicates whether the AV flagged this event as suspicious.
File NameDisplays the name of the file.
File TypeDisplays the type of the file (for example, PDF or x86 PE)
MD5 HashDisplays the MD5 hash.
Source AddressDisplays the address of the file source.
Destination AddressDisplays the address of the file destination.
Date ArchivedDisplays the date and time the file was archived.
SizeIndicates the size of the file.
You are here: Investigation Reference Materials > Malware Analysis Events List and Files List

Attachments

    Outcomes