This topic introduces the configuration settings in the Service Config view > General tab for Security Analytics Malware Analysis, which has parameters specific to the Malware Analysis service. In this tab, you configure:
- The processing parameters for Core services that are capturing data.
- The repository for captured data.
- The static, community, and sandbox scoring categories used to analyze data.
The following task provides detailed procedures: Configure General Malware Analysis Settings.
This is an example of the General tab.
This tab has four sections: Continuous Scan Configuration, Repository Configuration, Miscellaneous, and Modules Configuration.
Continuous Scan Configuration Section
This table describes the features of the Continuous Scan Configuration section.
Repository Configuration Section
Security Analytics Malware Analysis stores all of the files that are analyzed for future use. These files can be downloaded through the user interface or accessed via one of the file sharing protocols.
This table describes the features of the Repository Configuration section.
Miscellaneous Configuration Section (10.3 SP2 and Later)
This table describes the features of the Miscellaneous Configuration section.
Modules Configuration Section
The Modules Configuration section allows configuration of the static, community, and sandbox scoring categories.
Static Analysis Configuration
The static module is the only scoring category that is enabled by default. This table describes the parameters for configuring static analysis.
Community Analysis Configuration
By default, the community module is disabled and the options are selected to prevent PDFs and MS Office documents from being processed. The intent is to default the settings to the most restrictive choices so that no sensitive documents leave the network unless the user chooses. This table describes the parameters for configuring Community analysis.
Sandbox Analysis Configuration
By default, the sandbox module is disabled and MS Office and PDF files are prevented from being processed. The intent is to set the most restrictive settings to force the user to specifically choose whether or not potentially sensitive information is sent outside of the network for processing. If the document type is not prevented from being processed, the file is sent to the destination sandbox server in its entirety (not limited to a hash of the file contents).
This table describes the parameters for configuring Sandbox analysis.
GFI Sandbox Settings
In the GFI Sandbox section, you can enable sandbox processing by GFI and configure the locally installed GFI sandbox. The table describes the parameters for configuring the GFI sandbox.
ThreatGrid Sandbox Settings
In the ThreatGrid Sandbox section, you can enable sandbox processing by ThreatGrid and choose whether to use the locally installed ThreatGrid or the ThreatGrid Cloud for sandbox analysis.
- If you have a local copy of ThreatGrid, configure sandbox processing to use the local copy.
- If no local instance of ThreatGrid has been purchased and installed, configure the ThreatGrid Cloud.
The table describes the parameters for configuring the ThreatGrid sandbox.