The following figure depicts the Malware Spectrum process flow and the interactions between all the components that exist in Security Analytics.
The overall workflow for continuous submission is detailed in the below steps:
- NextGen Session Query at specific interval: Malware Analysis collects sessions from the NextGen service that are tagged with a spectrum meta key (spectrum.consume or spectrum.consume11).
Malware Analysis service requests the NextGen Source to pre-cache the sessions. The session contents are pre-cached at the Decoder.
Malware Analysis service queries the pre-cached content from the NextGen service.
If the session content contains files, the Malware Analysis service proceeds with Static, Community, and Sandbox Analysis.
- If the threatgrid is enabled in the config, any file uploaded to the Malware Analysis will automatically be sent to the threatgrid up to the limit of your account. When the threatgrid reaches the limit for your account, it will stop sending the data for the day.