Viewing All Detections - Detection Details Parent topic

Procedure

  1. To view All Detections detection details for any event, click the icon under the Details column on the All Detections screen.
    Detection details about the event are displayed.
    All Detections - Detection Details
  2. In the Connection Details section, you may do the following:
    • Click View in Threat Connect to connect with Threat Connect, where you can search for current information about the threat.
    • Click Download and then select Detected File to download a password protected ZIP archive containing the detected file.
    • Click Download and then select Connection Details to download a CSV file of the connection details.
    • If a packet capture has been enabled and the detection matched a packet capture rule, click Download and then select PCAP File to download a password protected ZIP archive containing the pcap file.
      In the pcap file, the comment "Detected Packet" in the "pkt_comment" field marks the packet that triggered the detection.
      For details about packet capture, see Packet Capture.
    • Click Download and then select All to download a password protected ZIP archive containing the detected file, the packet capture file, and the connection details.
    Important
    Important
    Suspicious files must always be handled with caution. Extract the detected file and pcap file at your own risk.
    The password for the zip archive is "virus".
  3. In the File Analysis Result section, you may do the following:
    • Click View Virtual Analyzer Report to view the Virtual Analyzer report.
    • Click Download and then select Virtual Analyzer Report to download the Virtual Analyzer report.
    • Click Download and then select Investigation Package to download a password protected ZIP archive containing the investigation package.
    • Click Download and then select Detected File to download a password protected ZIP archive containing the detected file.
    • Click Download and then select All to download a password protected ZIP archive containing the detected file, the Virtual Analyzer report, and the investigation package.
    Important
    Important
    Suspicious files must always be handled with caution. Extract the detected file at your own risk.
    The password for the zip archive is "virus".
  4. In the Suspicious Object and Related File Analysis Result section, view suspicious object and related analyzed file information.
  5. In the Mitigation Suggestions section, view a description of the threat, its impact on the host, and the recommended actions to protect against the threat.