Investigate: Select a Malware Analysis Service Dialog

Document created by RSA Information Design and Development on Sep 18, 2017Last modified by RSA Information Design and Development on Oct 24, 2017
Version 8Show Document
  • View in full screen mode
 

The Select a Malware Analysis Service dialog is accessible in the Malware Analysis view. In this dialog, Malware Analysis analysts can select a service to investigate, choose a scan on that service to investigate, upload a file to scan, and begin a continuous scan of the service.

Workflow

Investigate workflow with the Conduct Malware Analysis step highlighted

What do you want to do?

                                                
User RoleI want to ...Documentation
Threat Hunter submit a file to scan for malware * Upload Files for Malware Analysis Scanning

Threat Hunter

submit queryBeginning an Investigation of a Service or Collection
Threat Hunterview query results Conducting an Investigation

Threat Hunter

reconstruct an event

Reconstruct an Event

Threat Hunteranalyze an event Analyze Events in the Event Analysis View
Threat Hunterconduct malware analysis* Conducting Malware Analysis

Incident Responder

investigate an incident

NetWitness Respond User Guide

*You can perform this task in the current view.

Related Topics

Quick Look

This is the Select a Malware Analysis Service dialog

The Select a Malware Analysis Service dialog has a Malware Services panel on the left and a Scan Jobs List on the right. The Scan Jobs List panel has a toolbar, list, and buttons to view scans.

The Malware Services panel is a list of services available for malware analysis. In this panel, you can select the service to investigate and you set a default service using the Default Service icon. When you select a service, the available scan jobs for that service are listed in the Scan Jobs list.

These are the features in the Scan Jobs List toolbar.

                           
FeatureDescription
Scan Files button Displays the Scan for Malware dialog, in which you can upload a file to the service for scanning.
Delete scan job (Delete icon)Deletes one or more selected scan jobs, NetWitness Suite displays a confirmation dialog before deleting scan jobs.
Cancel scan job (Cancel icon)Pauses or continues one or more scan jobs.
Refresh (Refresh icon)Refreshes the list of scan jobs.

These are the columns in the Scan Jobs list. This list is also available in the Malware Scan Jobs dashlet.

                                               
FeatureDescription
NameDisplays the name of the job.
Static, Network, Community, SandboxFilters the results based on the scores for each scoring module.
Progress Displays the current progress made on the job.
  • Green: The job is finished.
  • Black: The job is in progress.
  • Red: An error occurred.
InfoProvides additional information. Displays the query for the job. If the job is not complete, it also displays more detailed description of the status.
UserDisplays the name of the user who created the job.
EventsCounts the number of events for the job.
DroppedCounts the number of files/events in the job that were dropped because the scores are below their configured threshold.
Event Type Displays the type of job: Manual Upload, On Demand, or Resubmit.
ScheduledDisplays the date and time when the job was executed.

These are the available actions in the dialog.

                       
FeatureDescription
Cancel buttonCancels the selected scan job.
View Scan buttonDisplays the Summary of Events for the selected scan with the default dashlets displayed.
View Continuous Mode buttonDisplays the Summary of Events for the selected scan with the default dashlets displayed.
You are here
Table of Contents > Investigation Reference Materials > Select a Malware Analysis Service Dialog

Attachments

    Outcomes