This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Malware Analysis criteria

JeffFulford
New Contributor
New Contributor

‎2017-09-26 02:30 PM

Hello

 

When investigating the download of a file, I can see the file listed under Meta field attachment. However I do not see this file under Malware Analysis?I assumed I would at least see the static analysis? I do see a large number of files under Malware Analysis.

 

Thanks

Jeff

0 Likes
1 REPLY 1

JeffFulford
New Contributor
New Contributor

‎2017-09-26 02:46 PM

Here is some of the event Meta...

 

attachment : ***********.doc
extension : doc
alert.id : nw32520
risk.info : common document formats
threat.category : informational
threat.source : netwitness
analysis.file : common document formats
feed.name : hunting
inv.category : operations
inv.context : event analysis
feed.name : investigation
server : Apache
filetype : windows msi installer
filetype : office 95-2003 word document
content : spectrum.analyze
filetype : jpg
filetype : jpg
filetype : zip
content : spectrum.analyze
filename : [Content_Types].xml
extension : xml
alert.id : nw32520
risk.info : common document formats
threat.category : informational
threat.source : netwitness
analysis.file : common document formats
feed.name : hunting
inv.category : operations
inv.context : event analysis
feed.name : investigation
filetype : zip
content : spectrum.analyze
filename : [Content_Types].xml
extension : xml
alert.id : nw32520

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.