Select a Malware Analysis Service Dialog

The Select a Malware Analysis Service dialog is accessible in the Malware Analysis view. In this dialog, Malware Analysis analysts can select a service to investigate, choose a scan on that service to investigate, upload a file to scan, and begin a continuous scan of the service.

Workflow

netwitness_invwkflwhlpma.png

What do you want to do?

User Role I want to ... Show me how
Threat Hunter

browse event metadata

NetWitness Investigate User Guide

Threat Hunter

browse raw events

NetWitness Investigate User Guide

Threat Hunter

analyze raw events and metadata

NetWitness Investigate User Guide

Threat Hunter

investigate endpoints (Version 11.1)

NetWitness Endpoint User Guide

Threat Hunter

find suspicious endpoint files (Version 11.1)

NetWitness Endpoint User Guide

Threat Hunter scan files and events for malware* Conducting Malware Analysis

Incident Responder

triage an incident in Investigate

NetWitness Respond User Guide

*You can perform this task in the current view.

Related Topics

  • "How NetWitness Investigate Works" in the NetWitness Investigate User Guide
  • Begin a Malware Analysis Investigation
  • "Launch a Malware Analysis Scan from the Navigate View" in the NetWitness Investigate User Guide

Quick Look

netwitness_slctmwasrvc_750x317.png

The Select a Malware Analysis Service dialog has a Malware Services panel on the left and a Scan Jobs List on the right. The Scan Jobs List panel has a toolbar, list, and buttons to view scans.

The Malware Services panel is a list of services available for malware analysis. In this panel, you can select the service to investigate and you set a default service using the Default Service icon. When you select a service, the available scan jobs for that service are listed in the Scan Jobs list.

These are the features in the Scan Jobs List toolbar.

Feature Description
netwitness_scanfiles.png Displays the Scan for Malware dialog, in which you can upload a file to the service for scanning.
Delete scan job (netwitness_delete_icon.png) Deletes one or more selected scan jobs, NetWitness displays a confirmation dialog before deleting scan jobs.
Cancel scan job (netwitness_cancel.png) Pauses or continues one or more scan jobs.
Refresh (netwitness_ic-refresh.png) Refreshes the list of scan jobs.

These are the columns in the Scan Jobs list. This list is also available in the Malware Scan Jobs dashlet.

Feature Description
Name Displays the name of the job.
Static, Network, Community, Sandbox

Filters the results based on the scores for each scoring module.

Progress

Displays the current progress made on the job.

  • Green: The job is finished.
  • Black: The job is in progress.
  • Red: An error occurred.
Info

Provides additional information. Displays the query for the job. If the job is not complete, it also displays more detailed description of the status.

User

Displays the name of the user who created the job.

Events

Counts the number of events for the job.

Dropped

Counts the number of files or events in the job that were dropped because the scores are below their configured threshold.

Event Type

Displays the type of job: Manual Upload, On Demand, or Resubmit.

Scheduled

Displays the date and time when the job was executed.

These are the available actions in the dialog.

Feature Description
Cancel button Cancels the selected scan job.
View Scan button Displays the Summary of Events for the selected scan with the default dashlets displayed.
View Continuous Mode button Displays the Summary of Events for the selected scan with the default dashlets displayed.