Launch a Malware Analysis Scan from the Navigate View

From within Investigate, analysts can launch an on-demand Malware Analysis scan by selecting a service and meta value, and choosing an option from the context menu. When polling is complete, the scanned data is available for malware analysis.

To launch a Malware Analysis scan of data from the Investigate > Navigate view:

  1. Right-click a meta value (for example, OTHER, DNS, or FTP) and select Scan for Malware in the context menu.

    The Scan for Malware dialog is displayed with a suggested name for the on-demand scan and no service selected.

  2. In the Scan for Malware dialog, select a service to perform the scan, edit the name, and select the types of files to bypass under community and sandbox.

    netwitness_scanmwdialog.png

  3. Click Scan.

    The scan request is added to the Scan Jobs List dashlet and the Jobs Tray. The bypass settings in this dialog override the default settings in the basic Malware Analysis configuration settings.

  4. To view the jobs, do one of the following:

    1. Go to the Scan Jobs List in the Malware Analysis view or in the Unified dashboard. Double-click a scan to view the scan.

      netwitness_selectmasrv.png

    2. To view the job in the Jobs tray, click netwitness_jobsicon.png in the NetWitness toolbar. When the job is complete, scroll to the left and click View.

      netwitness_jobstray.png

      The Malware Summary of Events for the selected scan is displayed. The scan is also added to the list of available scans in the dialog for selecting scans in the Investigation > Malware tab.