Detailed Workflow

Document created by RSA Information Design and Development Employee on Oct 23, 2017Last modified by Deepak Morey on Jun 28, 2018
Version 2Show Document
  • View in full screen mode

The following figure depicts the Malware Spectrum process flow and the interactions between all the components that exist in Security Analytics.

malware spectrum workflow

The overall workflow for continuous submission is detailed in the below steps:

  1. NextGen Session Query at specific interval: Malware Analysis collects sessions from the NextGen service that are tagged with a spectrum meta key (spectrum.consume or spectrum.consume11).
  2. Malware Analysis service requests the NextGen Source to pre-cache the sessions. The session contents are pre-cached at the Decoder.

  3. Malware Analysis service queries the pre-cached content from the NextGen service.

  4. If the session content contains files, the Malware Analysis service proceeds with Static, Community, and Sandbox Analysis.

  5. If the threatgrid is enabled in the config, any file uploaded to the Malware Analysis will automatically be sent to the threatgrid up to the limit of your account. When the threatgrid reaches the limit for your account, it will stop sending the data for the day.

Note: Events will be saved only if at least one score is greater than or equal to 41.


Next Topic:Scoring Modules
You are here

Table of Contents > How Malware Analysis Works > Detailed Workflow