In the Files view, a list of unique executable files found in the deployment is available. To access this view, go to INVESTIGATE > Files. By default, the Files view displays 100 files. To display more files, click Load More at the bottom of the page.
What do you want to do?
*You can perform this task in the current view
Below is an example of the Files view:
|1||Add Filter Drop-down Menu. You can filter the files by choosing an operating system (Windows, Linux, or Mac), saved filters, or by selecting the options in the Add Filters drop-down menu. For more information, see Filter Files.|
|2||Saved Filters. The Saved Filters panel lists the saved filters. For more information, see Filter Files.|
Sort Columns. You can sort the list by:
Filename - Name of the file.
First Seen Time - First time the hash was seen in the host.
Signature - Indicates if the file is signed or unsigned, valid or invalid, and provides signatory information.
Size - Size of the file.
Entropy - Determines if the contents are compressed or encrypted.
Format - Format of the file - Windows (PE), Linux (ELF and scripts), and Mac (Macho).
PE.Resources.Company - Company name.
|4||Settings Menu. You can set Files view preferences by selecting columns from the Settings menu. For more information, see Set Files Preference.|
|5||Export to CSV - Extracts global files to a CSV file. For more information, see Investigate Files.|
Pivot to Navigate and Event Analysis views. To investigate a particular filename or hash (SHA256 and MD5), you can pivot to both Navigate and Event Analysis views. For more information, see Pivot to Navigate and Event Analysis Views.