-
To view Affected Hosts detection details for any event, click the icon under the Details column on the Affected Hosts - Host Details screen.
Detection details about the event are displayed.
-
In the Connection Details section, you may do the following:
-
Click View in Threat Connect to connect with Threat Connect, where you can search for current information about the threat.
-
Click Download and then select Detected File to download a password protected ZIP archive containing the detected file.
-
If a packet capture has been enabled and the detection matched a packet capture rule, click Download and then select PCAP File to download a password protected ZIP archive containing the pcap file.
In the pcap file, the comment "Detected Packet" in the "pkt_comment" field marks the packet that triggered the detection.
-
Click Download and then select All to download a password protected ZIP archive containing the detected file, the packet capture file, and the connection details.
Important:Suspicious files must always be handled with caution. Extract the detected file and pcap file at your own risk.
The password for the zip archive is "virus".
-
-
In the File Analysis Result section, you may do the following:
-
Click View Virtual Analyzer Report to view the Virtual Analyzer report.
-
Click Download and then select Virtual Analyzer Report to download the Virtual Analyzer report.
-
Click Download and then select Investigation Package to download a password protected ZIP archive containing the investigation package.
-
Click Download and then select Detected File to download a password protected ZIP archive containing the detected file.
-
Click Download and then select All to download a password protected ZIP archive containing the detected file, the Virtual Analyzer report, and the investigation package.
Important:Suspicious files must always be handled with caution. Extract the detected file at your own risk.
The password for the zip archive is "virus".
-
- In the Suspicious Object and Related File Analysis Result section, view suspicious object and related analyzed file information.
Views: