Investigate: Select a Malware Analysis Service Dialog

Document created by RSA Information Design and Development on Sep 18, 2017Last modified by RSA Information Design and Development on May 8, 2018
Version 14Show Document
  • View in full screen mode
 

The Select a Malware Analysis Service dialog is accessible in the Malware Analysis view. In this dialog, Malware Analysis analysts can select a service to investigate, choose a scan on that service to investigate, upload a file to scan, and begin a continuous scan of the service.

Workflow

high-level Investigate workflow with Scan Files and Hosts for Malware and associated actions highlighted

What do you want to do?

                                                
User RoleI want to ...11.1 Documentation
Threat Hunter

browse event metadata

Begin an Investigation in the Navigate or Events View

Threat Hunter

browse raw events

Begin an Investigation in the Navigate or Events View

Threat Hunter

analyze raw events and metadata

Begin an Investigation in the Event Analysis View

Threat Hunterinvestigate endpoints (Version 11.1)Investigate Hosts

Threat Hunter

find suspicious endpoint files (Version 11.1)

Investigate Files

Threat Hunterscan files and events for malware*Conducting Malware Analysis

Incident Responder

triage an incident in Investigate

NetWitness Respond User Guide

*You can perform this task in the current view.

Related Topics

Quick Look

This is the Select a Malware Analysis Service dialog

The Select a Malware Analysis Service dialog has a Malware Services panel on the left and a Scan Jobs List on the right. The Scan Jobs List panel has a toolbar, list, and buttons to view scans.

The Malware Services panel is a list of services available for malware analysis. In this panel, you can select the service to investigate and you set a default service using the Default Service icon. When you select a service, the available scan jobs for that service are listed in the Scan Jobs list.

These are the features in the Scan Jobs List toolbar.

                           
FeatureDescription
Scan Files button Displays the Scan for Malware dialog, in which you can upload a file to the service for scanning.
Delete scan job (Delete icon)Deletes one or more selected scan jobs, NetWitness Suite displays a confirmation dialog before deleting scan jobs.
Cancel scan job (Cancel icon)Pauses or continues one or more scan jobs.
Refresh (Refresh icon)Refreshes the list of scan jobs.

These are the columns in the Scan Jobs list. This list is also available in the Malware Scan Jobs dashlet.

                                               
FeatureDescription
NameDisplays the name of the job.
Static, Network, Community, SandboxFilters the results based on the scores for each scoring module.
Progress Displays the current progress made on the job.
  • Green: The job is finished.
  • Black: The job is in progress.
  • Red: An error occurred.
InfoProvides additional information. Displays the query for the job. If the job is not complete, it also displays more detailed description of the status.
UserDisplays the name of the user who created the job.
EventsCounts the number of events for the job.
DroppedCounts the number of files/events in the job that were dropped because the scores are below their configured threshold.
Event Type Displays the type of job: Manual Upload, On Demand, or Resubmit.
ScheduledDisplays the date and time when the job was executed.

These are the available actions in the dialog.

                       
FeatureDescription
Cancel buttonCancels the selected scan job.
View Scan buttonDisplays the Summary of Events for the selected scan with the default dashlets displayed.
View Continuous Mode buttonDisplays the Summary of Events for the selected scan with the default dashlets displayed.
You are here
Table of Contents > Investigate Reference Materials > Select a Malware Analysis Service Dialog

Attachments

    Outcomes