Virtual Analyzer widgets help you monitor activity that may become an emerging
threat.
Virtual Analyzer is a cloud sandbox designed for analyzing suspicious files and URLs.
Sandbox
images allow observation of file and URL behavior in an environment that simulates
endpoints on
your network without any risk of compromising the network.
Cloud App Security sends suspicious files (including email
attachments and uploaded files) and URLs (included in files and email message bodies)
to Virtual
Analyzer when a file or URL exhibits suspicious characteristics and signature-based
scanning
technologies cannot find a known threat. Virtual Analyzer performs static analysis
and behavior
simulation in various runtime environments to identify potentially malicious characteristics.
During analysis, Virtual Analyzer rates the characteristics in context and then assigns
a risk
level to the sample based on the accumulated ratings.
Virtual Analyzer works in conjunction with Threat Connect, the Trend Micro global intelligence network that provides actionable
information and recommendations for dealing with threats.
 |
NoteA suspicious object is a known malicious or potentially malicious IP
address, domain, URL, SHA-1 value, SHA-256 value, or sender address found in submitted
samples.
Trend Micro Threat Connect correlates suspicious objects detected in your environment
and threat
data from the Trend Micro Smart Protection Network to provide relevant and actionable
intelligence.
|
Virtual Analyzer risk levels
The following table explains the Virtual Analyzer risk levels after sample analysis.
View the table to understand why a suspicious object was classified as high, medium,
or low risk.
|
Risk Level
|
Description
|
|
High risk
|
The sample exhibited highly suspicious characteristics that are commonly associated
with malware.
Examples:
|
|
Medium risk
|
The sample exhibited moderately suspicious characteristics that are also associated
with benign applications.
Examples:
|
|
Low risk
|
The sample exhibited mildly suspicious characteristics that are most likely benign.
|
|
No risk
|
The sample did not exhibit suspicious characteristics.
|
|
Unrated
|
The sample was not analyzed by Virtual Analyzer for a certain reason.
Possible reasons include:
If you need technical assistance, contact Trend Micro technical
support.
|
Processed threats widget
This widget shows the number of files and/or URLs that were sent to Virtual Analyzer
and
processed for threats for each protected application or service. It also shows the
total number
of files and/or URLs processed for all applications and services, and the average
time spent on
analyzing each file or URL to help evaluate the Virtual Analyzer capability.
|
NoteAverage analysis time is calculated based on the time for processing
only the files or URLs that are finally rated as High risk, Medium risk, Low risk,
or No
risk.
|
The graph is based on the selected time period. The Y-axis represents the
number of detections for each protected application or service. The X-axis represents
the time
period moving backwards in time from right to left. Mouse-over an area on the graph
to learn more
about a metric.
Use the drop-down menus to select the detection type and time period to view.
Click a service in the widget legend to show or hide data related to that
service.
Advanced Threat Protection policies affect Cloud App Security
scanning behavior for suspicious URLs and files found in Virtual Analyzer. To configure
Virtual
Analyzer policies, see Configuring Virtual Analyzer.
Virtual Analyzer risk summary widget
This widget summarizes the risk levels that Virtual Analyzer assigned to suspicious
files and
URLs found in submitted samples. For details about Virtual Analyzer risk levels, see
Virtual Analyzer risk levels.
Use the drop-down menu to select the time period to view.
Click the icon on the top right to switch between the table view and chart view.
Click the number under Detections to view logs related to
the corresponding time period (last 24 hours, 7 days, or 30 days).
Top 5 users affected by suspicious files widget
This widget shows the users most affected by suspicious files found in Virtual
Analyzer and when the suspicious file was last detected.
Use the drop-down menu to select the time period to view.
Click the number under Detections to view logs related to
the corresponding time period (last 24 hours, 7 days, or 30 days).
Most frequent suspicious files widget
This widget shows the most frequent suspicious files found and their risk levels
rated by Virtual Analyzer over the selected time period.
Use the drop-down menu to select the time period to view.
Click the number under Detections to view logs related to
the corresponding time period (last 24 hours, 7 days, or 30 days).
Most frequent suspicious URLs widget
This widget shows the most frequent suspicious URLs found and their risk levels
rated by Virtual Analyzer over the selected time period.
Use the drop-down menu to select the time period to view.
Click the number under Detections to view logs related to
the corresponding time period (last 24 hours, 7 days, or 30 days).
Suspicious objects found widget
This widget shows the suspicious files and URLs found in Virtual Analyzer for all
protected
applications and services over the selected time period.
The graph is based on the selected time period. The Y-axis represents the
number of detections for each protected application or service. The X-axis represents
the time
period moving backwards in time from right to left. Mouse-over an area on the graph
to learn more
about a metric.
Use the drop-down menu to select the time period to view.
Click a detection type in the widget legend to show or hide data related to that detection
type.