Sandbox Analysis

The Sandbox Analysis app allows you to view information about objects that has been obtained by analyzing the objects in a sandbox, a secure virtual environment.

Important:

This is a “Pre-release” feature and is not considered an official release. Please review the Pre-release Disclaimer before using the feature.

The following table outlines the information available for each object.

Data

Description

Object

The name of the object.

Click on the object name to display the details panel.

Status

The analysis status of the object.

Can display either In progress or Done.

Submitter

The product or method that submitted the object to the sandbox.

For more information, see Consolidated Analysis Results.

Submitted

The date and time the object was submitted to the sandbox

SHA-1

The SHA-1 hash value of the object

Risk level

The risk level assigned to the object by the sandbox

Threat type

The threat type as detected by the sandbox

Threat name

The name of the threat as detected by the sandbox

Action

The following actions are available.

  • Click the Download PDF report icon () to download the sandbox analysis report in PDF format.

  • Click the Open in Threat Connect icon ( ) to open Trend Micro Threat Connect. The page contains detailed information about the object.

The following table outlines the actions available on the Sandbox Analysis screen.

Action

Description

Submit Object

Click Submit Object to manually submit an object for analysis in the sandbox.

For more information, see Submitting Objects for Analysis.

Filter objects

Use the Submitted, Object type, Risk level, and Submitter drop-down lists to filter objects.

Search object

Use the Search field to search for an object.

  • Applies partial matching for Object, Threat type, or Threat name.

  • Applies exact matching for SHA-1 and Submission ID.

View object details

Click on any object name to display the Object Details panel where you can find additional hash values and perform actions.

For manually submitted objects with High, Medium, and Low risk levels, the investigation package can be downloaded.

Refresh the table

Click in the upper-right corner to refresh the table.