2017-09-26 02:30 PM
Hello
When investigating the download of a file, I can see the file listed under Meta field attachment. However I do not see this file under Malware Analysis?I assumed I would at least see the static analysis? I do see a large number of files under Malware Analysis.
Thanks
Jeff
2017-09-26 02:46 PM
Here is some of the event Meta...
attachment : ***********.doc
extension : doc
alert.id : nw32520
risk.info : common document formats
threat.category : informational
threat.source : netwitness
analysis.file : common document formats
feed.name : hunting
inv.category : operations
inv.context : event analysis
feed.name : investigation
server : Apache
filetype : windows msi installer
filetype : office 95-2003 word document
content : spectrum.analyze
filetype : jpg
filetype : jpg
filetype : zip
content : spectrum.analyze
filename : [Content_Types].xml
extension : xml
alert.id : nw32520
risk.info : common document formats
threat.category : informational
threat.source : netwitness
analysis.file : common document formats
feed.name : hunting
inv.category : operations
inv.context : event analysis
feed.name : investigation
filetype : zip
content : spectrum.analyze
filename : [Content_Types].xml
extension : xml
alert.id : nw32520