Select a Malware Analysis Service DialogSelect a Malware Analysis Service Dialog
The Select a Malware Analysis Service dialog is accessible in the Malware Analysis view. In this dialog, Malware Analysis analysts can select a service to investigate, choose a scan on that service to investigate, upload a file to scan, and begin a continuous scan of the service.
WorkflowWorkflow
What do you want to do?What do you want to do?
| User Role | I want to ... | Show me how |
|---|---|---|
| Threat Hunter |
browse event metadata |
NetWitness Investigate User Guide |
| Threat Hunter |
browse raw events |
NetWitness Investigate User Guide |
| Threat Hunter |
analyze raw events and metadata |
NetWitness Investigate User Guide |
| Threat Hunter |
investigate endpoints (Version 11.1) |
NetWitness Endpoint User Guide |
|
Threat Hunter |
find suspicious endpoint files (Version 11.1) |
NetWitness Endpoint User Guide |
| Threat Hunter | scan files and events for malware* | Conducting Malware Analysis |
|
Incident Responder |
triage an incident in Investigate |
NetWitness Respond User Guide |
*You can perform this task in the current view.
Related TopicsRelated Topics
- "How NetWitness Investigate Works" in the NetWitness Investigate User Guide
- Begin a Malware Analysis Investigation
- "Launch a Malware Analysis Scan from the Navigate View" in the NetWitness Investigate User Guide
Quick LookQuick Look
The Select a Malware Analysis Service dialog has a Malware Services panel on the left and a Scan Jobs List on the right. The Scan Jobs List panel has a toolbar, list, and buttons to view scans.
The Malware Services panel is a list of services available for malware analysis. In this panel, you can select the service to investigate and you set a default service using the Default Service icon. When you select a service, the available scan jobs for that service are listed in the Scan Jobs list.
These are the features in the Scan Jobs List toolbar.
| Feature | Description |
|---|---|
|
Displays the Scan for Malware dialog, in which you can upload a file to the service for scanning. |
Delete scan job ( ) |
Deletes one or more selected scan jobs, NetWitness displays a confirmation dialog before deleting scan jobs. |
Cancel scan job ( ) |
Pauses or continues one or more scan jobs. |
Refresh ( ) |
Refreshes the list of scan jobs. |
These are the columns in the Scan Jobs list. This list is also available in the Malware Scan Jobs dashlet.
| Feature | Description |
|---|---|
| Name | Displays the name of the job. |
| Static, Network, Community, Sandbox |
Filters the results based on the scores for each scoring module. |
| Progress |
Displays the current progress made on the job.
|
| Info |
Provides additional information. Displays the query for the job. If the job is not complete, it also displays more detailed description of the status. |
| User |
Displays the name of the user who created the job. |
| Events |
Counts the number of events for the job. |
| Dropped |
Counts the number of files or events in the job that were dropped because the scores are below their configured threshold. |
| Event Type |
Displays the type of job: Manual Upload, On Demand, or Resubmit. |
| Scheduled |
Displays the date and time when the job was executed. |
These are the available actions in the dialog.
| Feature | Description |
|---|---|
| Cancel button | Cancels the selected scan job. |
| View Scan button | Displays the Summary of Events for the selected scan with the default dashlets displayed. |
| View Continuous Mode button | Displays the Summary of Events for the selected scan with the default dashlets displayed. |
