Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Investigate: Launch a Malware Analysis Scan from the Navigate View

Document created by RSA Information Design and Development Employee on Sep 18, 2017Last modified by RSA Information Design and Development Employee on Jan 6, 2021
Version 35Show Document
  • View in full screen mode

From within Investigate, analysts can launch an on-demand Malware Analysis scan by selecting a service and meta value, and choosing an option from the context menu. When polling is complete, the scanned data is available for malware analysis.

To launch a Malware Analysis scan of data from the INVESTIGATE > Navigate view:

  1. Right-click a meta value (for example, OTHER, DNS, or FTP) and select Scan for Malware in the context menu.

    The Scan for Malware dialog is displayed with a suggested name for the on-demand scan and no service selected.

  2. In the Scan for Malware dialog, select a service to perform the scan, edit the name, and select the types of files to bypass under community and sandbox.

    Scan for Malware dialog

  3. Click Scan.

    The scan request is added to the Scan Jobs List dashlet and the Jobs Tray. The bypass settings in this dialog override the default settings in the basic Malware Analysis configuration settings.

  4. To view the jobs, do one of the following:

    1. Go to the Scan Jobs List in the Malware Analysis view or in the Unified dashboard. Double-click a scan to view the scan.

      Malware Analysis Scan Jobs List

    2. To view the job in the Jobs tray, click  the Jobs icon in the NetWitness Platform toolbar. When the job is complete, scroll to the left and click View.

      Jobs Tray

      The Malware Summary of Events for the selected scan is displayed. The scan is also added to the list of available scans in the dialog for selecting scans in the Investigation > Malware tab.

You are here
Table of Contents > Reconstructing and Analyzing Events > Launch a Malware Analysis Scan from the Navigate View