Correlated Events - Detection Details - Connection Details

The Connection Details section of the Correlated Events - Detection Details screen can contain the following information:

Click View in Threat Connect to connect with Threat Connect, where you can search for current information about the threat.

Click Download and then select Detected File to download a password protected ZIP archive containing the detected file.

If a packet capture has been enabled and the detection matched a packet capture rule, click Download and then select PCAP File to download a password protected ZIP archive containing the pcap file. In the pcap file, the comment "Detected Packet" in the "pkt_comment" field marks the packet that triggered the detection.

Click Download and then select All to download a password protected ZIP archive containing the detected file and the packet capture file.

Important:
  • Suspicious files and pcap files must always be handled with caution. Extract the detected file and pcap file at your own risk. Trend Micro recommends analyzing the files in an isolated environment.

  • The password for the zip archive is "virus".