Views:

The Handling Process screen provides an overview of the life-cycle for a suspicious object in your environment and current effect of the suspicious object to your users or endpoints.

Important:

Viewing the handling process requires additional licensing for a product or service that includes Virtual Analyzer. Ensure that you have a valid license for at least one of the following:

  • Apex One Sandbox as a Service

  • Deep Discovery Analyzer 5.1 (or later)

  • Deep Discovery Endpoint Inspector 3.0 (or later)

  • Deep Discovery Inspector 3.8 (or later)

  1. Go to Threat Intel > Virtual Analyzer Suspicious Objects.
  2. Click the View link in the Handling Process column of the table for a specific suspicious object.

    The Handling Process screen appears.

  3. Click any of the following tabs to view more information about the suspicious object.

    Tab

    Description

    Sample Submission

    Displays information related to the first and latest analysis of the suspicious object

    Apex Central integrates with the following products, which use a Virtual Analyzer to analyze suspicious objects submitted by other managed products:

    • Deep Discovery Analyzer 5.1 (or later)

    • Deep Discovery Endpoint Inspector 3.0 (or later)

    • Deep Discovery Inspector 3.8 (or later)

    Note:

    Apex One Sandbox as a Service does not provide Sample Submission information.

    Analysis

    Displays the Virtual Analyzer analysis of the submitted object

    Virtual Analyzer determines the risk level of suspicious objects based on their potential to expose systems to danger or loss. Supported objects include files (SHA-1 hash values), IP addresses, domains, and URLs.

    Note:

    Apex One Sandbox as a Service does not provide Product, Product host name, or Product IP address information.

    Distribution

    Displays all products that synchronized the Suspicious Object list and the last synchronization time

    Apex Central consolidates Virtual Analyzer and user-defined suspicious object lists (excluding exceptions) and synchronizes the lists with integrated managed products.

    Impact Analysis & Mitigation

    Displays all endpoints and users affected by the suspicious object

    • For File detections, the Latest Action Result column displays the last action result reported from managed products.

    • For all other detection types, the Latest Action Result column displays "N/A".

    Click the Root Cause Analysis link to further investigate how the object affected the user or endpoint.
Parent topic: Suspicious Object List Management