Investigate: Launch a Malware Analysis Scan from the Navigate View

Document created by RSA Information Design and Development on Sep 18, 2017Last modified by RSA Information Design and Development on Oct 24, 2017
Version 8Show Document
  • View in full screen mode
 

From within Investigation, analysts can launch an on-demand Malware Analysis scan by selecting a service and meta value, and choosing an option from the context menu. When polling is complete, the scanned data is available for malware analysis.

To launch a Malware Analysis scan of data from the Investigation > Navigate view:

  1. Right-click a meta value (for example, OTHER, DNS, or FTP) and select Scan for Malware in the context menu.
    The Scan for Malware dialog is displayed with a suggested name for the on-demand scan and no service selected.
  2. In the Scan for Malware dialog, select a service to perform the scan, edit the name, and select the types of files to bypass under community and sandbox.
    Scan for Malware dialog
  3. Click Scan.
    The scan request is added to the Scan Jobs List dashlet and the Jobs Tray. The bypass settings in this dialog override the default settings in the basic Malware Analysis configuration settings.
  4. To view the jobs, do one of the following:
    1. Navigate to the Scan Jobs List in the Malware Analysis view or in the Unified dashboard. Double-click a scan to view the scan.
      Malware Analysis Scan Jobs List
    2. To view the job in the Jobs tray, click Jobs icon in the NetWitness Suite toolbar. When the job is complete, scroll to the left and click View.
      Jobs Tray
      The Malware Summary of Events for the selected scan is displayed. The scan is also added to the list of available scans in the dialog for selecting scans in the Investigation > Malware tab.
You are here
Table of Contents > Conducting an Investigation > Acting on a Drill Point in the Navigate View > Launch a Malware Analysis Scan from the Navigate View

Attachments

    Outcomes