Enable Community Analysis

An Administrator can enable community analysis. For Community analysis, new malware detected on the network is pushed to the NetWitness Cloud for checking against NetWitness's own malware analysis data and feeds from the SANS Internet Storm Center, SRI International, the Department of the Treasury and VeriSign. To enable Community analysis, you must register with the NetWitness cloud and test connection to the cloud, then to test the connection between the NetWitness cloud and the service you have configured for continuous scanning.

A complete description of analysis methods is provided in How Malware Analysis Works.

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services.
  2. Select a Malware Analysis service, and in the row select netwitness_ic-actns.png > View > Config.

  3. In the Service Config View, select the Integration tab.

  4. Scroll down to NetWitness Cloud Connection Test and Registration.

    NetWitness tests communications with the site at https://cloud.netwitness.com. If your company uses a proxy for outbound traffic, please check your Proxy settings. A valid connection is required in order to register with the NetWitness Community Service.

  5. Enter your company name and contact email. Click Register.

    If all required fields are complete, your registration is completed. The label on the button used to register changes to Update.

  6. To verify that the Malware Analysis Service can connect to the Core service selected for continuous scanning, click Test Connection.

    NetWitness initiates a check based on the Source Host, Source Port, Username, and User Password specified in the General tab. When the test executes successfully, analysts are able to see Community Scoring in Malware Analysis.