Investigation: Launch a Malware Analysis Scan from the Navigate View

Document created by RSA Information Design and Development on Jun 26, 2017Last modified by RSA Information Design and Development on Jul 28, 2017
Version 2Show Document
  • View in full screen mode
  

From within Investigation, analysts can launch an on-demand Malware Analysis scan by selecting a service and meta value, and choosing an option from the context menu. When polling is complete, the scanned data is available for malware analysis.

To launch a Malware Analysis scan of data from the Investigation > Navigate view:

  1. Right-click a meta value (for example, OTHER, DNS, or FTP) and select Scan for Malware in the context menu.
    The Scan for Malware dialog is displayed with a suggested name for the on-demand scan and no service selected.
  2. In the Scan for Malware dialog, select a service to perform the scan, edit the name, and select the types of files to bypass under community and sandbox.
    ScanForMWDg.png
  3. Click Scan.
    The scan request is added to the Scan Jobs List dashlet and the Jobs Tray. The bypass settings in this dialog override the default settings in the basic Malware Analysis configuration settings.
  4. To view the jobs, do one of the following:
    1. Navigate to the Scan Jobs List in the Malware Analysis view or in the Unified dashboard. Double-click a scan to view the scan.
      MwaFileScanJobList.png
    2. To view the job in the Jobs tray, click ic-jobs.png in the Security Analytics toolbar. When the job is complete, scroll to the left and click View.
      JobsTrayjobs.png
      The Malware Summary of Events for the selected scan is displayed. The scan is also added to the list of available scans in the dialog for selecting scans in the Investigation > Malware tab.
You are here
Table of Contents > Conduct an Investigation > Act on a Drill Point in the Navigate View > Launch a Malware Analysis Scan from the Navigate View

Attachments

    Outcomes