After identifying a suspicious file or URL object, you can submit the object for analysis in the Sandbox Analysis app using context menus on the TrendAI Vision One™ console.
This task is supported by the following services:
-
TrendAI Vision One™
-
Windows agent
-
macOS agent
-
-
Apex One as a Service
-
Windows agent
-
Linux agent
-
-
Cloud One - Endpoint & Workload Security
-
Windows agent
-
Linux agent
-
macOS agent
-
-
Deep Discovery Inspector
-
Virtual Network Sensor
Procedure
- After identifying the suspicious file or URL object, access the context or response
menu and click Submit for Sandbox Analysis.The Submit to Sandbox for Analysis Task screen appears.
- Specify a Description for the response or event.
- (Optional) Specify the arguments that are used when the sandbox runs the submitted
object.A maximum of 1,024 characters can be entered.
- Click Create.TrendAI Vision One™ creates the task and displays the current task status in Response Management.
- Monitor the task status.
- Go to .
- (Optional) Locate the task using the Search field or by selecting Submit for Sandbox Analysis from the Action drop-down list.
- View the task status.
-
Pending approval (
) (if applicable): The automated response task
was created on the Workbench app and is waiting for
approval -
Rejected (
) (if applicable): The automated response task created on the Workbench app was rejected -
In progress (
): TrendAI Vision One™ sent the command
and is waiting for a response. -
Queued (
): The managing server queued the
command because the agent was offline. -
Successful (
): The command was successfully
executed. -
Unsuccessful (
): An error or time-out occurred when attempting to send
the command to the managing server, the Security Agent is offline for more than 12
hours, or the command execution timed out.
-
- Check the Sandbox Analysis by selecting Check Sandbox
Analysis (
) to view the analysis result
in the Sandbox Analysis app.For more information about the Sandbox Analysis app, see Sandbox Analysis