Viewing Network Detections - Detection Details

  1. To view Network Detections detection details for any event, click the icon under the Details column on the Network Detections screen.

    Detection details about the event are displayed.

  2. In the Connection Details section, you may do the following:
    • Click View in Threat Connect to connect with Threat Connect, where you can search for current information about the threat.

    • Click Download and then select Detected File to download a password protected ZIP archive containing the detected file.

    • If a packet capture has been enabled and the detection matched a packet capture rule, click Download and then select PCAP File to download a password protected ZIP archive containing the pcap file.

      In the pcap file, the comment "Detected Packet" in the "pkt_comment" field marks the packet that triggered the detection.

    • Click Download and then select All to download a password protected ZIP archive containing the detected file, the packet capture file, and the connection details.

    Important:

    Suspicious files must always be handled with caution. Extract the detected file and pcap file at your own risk.

    The password for the zip archive is "virus".

  3. In the File Analysis Result section, you may do the following:
    • Click View Virtual Analyzer Report to view the Virtual Analyzer report.

    • Click Download and then select Virtual Analyzer Report to download the Virtual Analyzer report.

    • Click Download and then select Investigation Package to download a password protected ZIP archive containing the investigation package.

    • Click Download and then select Detected File to download a password protected ZIP archive containing the detected file.

    • Click Download and then select All to download a password protected ZIP archive containing the detected file, the Virtual Analyzer report, and the investigation package.

    Important:

    Suspicious files must always be handled with caution. Extract the detected file at your own risk.

    The password for the zip archive is "virus".

  4. In the Suspicious Object and Related File Analysis Result section, view suspicious object and related analyzed file information.