This topic describes the features available in Security Analytics Services Stats view for Malware Analysis.
The Services Stats view provides a way to monitor the status and operations of a service.
To access the Service Stats view for Malware Analysis:
- In the Security Analytics menu, select Administration > Services.
The Services view is displayed.
- Select a service and select > View > Stats.
The following figure shows the Services Stats view for Malware Analysis. The default tab is the Events tab.
The following figure shows the Analysis Threads tab.
The Services Stats view for Malware Analysis has two tabs:
- Events tab
- Analysis Threads tab
The Events tab contains the Timeline chart, which displays the number of events at various times throughout the day.
The following table describes the features of the Events tab.
Analysis Threads Tab
Malware Analysis is capable of analyzing many files simultaneously, each represented by a thread. Each file goes through a linear process when it is analyzed:
- Network meta analysis
- Request file from Decoder
- Community (if enabled)
- Sandbox (if enabled)
This tab gives you the status of each thread to see where the file is currently residing in the analysis process. Thread statuses are sorted by the type of file analysis, which is the method in which Malware Analysis received the file, such as a Network session, Manually Uploaded file, or an On Demand scan.
This is useful particularly for finding which part of analysis is the limiting factor for time. For example, you might go to the tab and see all 20 threads Requesting Files from NextGen. This means the Decoder is having problems or is overwhelmed, and cannot deliver quickly.
If threads have not updated their status for long periods of time, it may indicate that Malware Analysis is stuck.
The following table provides descriptions of the list columns.