Select a Malware Analysis Service DialogSelect a Malware Analysis Service Dialog
The Select a Malware Analysis Service dialog is accessible in the Malware Analysis view. In this dialog, Malware Analysis analysts can select a service to investigate, choose a scan on that service to investigate, upload a file to scan, and begin a continuous scan of the service.
WorkflowWorkflow
What do you want to do?What do you want to do?
User Role | I want to ... | Show me how |
---|---|---|
Threat Hunter |
browse event metadata |
NetWitness Investigate User Guide |
Threat Hunter |
browse raw events |
NetWitness Investigate User Guide |
Threat Hunter |
analyze raw events and metadata |
NetWitness Investigate User Guide |
Threat Hunter |
investigate endpoints (Version 11.1) |
NetWitness Endpoint User Guide |
Threat Hunter |
find suspicious endpoint files (Version 11.1) |
NetWitness Endpoint User Guide |
Threat Hunter | scan files and events for malware* | Conducting Malware Analysis |
Incident Responder |
triage an incident in Investigate |
NetWitness Respond User Guide |
*You can perform this task in the current view.
Related TopicsRelated Topics
- "How NetWitness Investigate Works" in the NetWitness Investigate User Guide
- Begin a Malware Analysis Investigation
- "Launch a Malware Analysis Scan from the Navigate View" in the NetWitness Investigate User Guide
Quick LookQuick Look
The Select a Malware Analysis Service dialog has a Malware Services panel on the left and a Scan Jobs List on the right. The Scan Jobs List panel has a toolbar, list, and buttons to view scans.
The Malware Services panel is a list of services available for malware analysis. In this panel, you can select the service to investigate and you set a default service using the Default Service icon. When you select a service, the available scan jobs for that service are listed in the Scan Jobs list.
These are the features in the Scan Jobs List toolbar.
These are the columns in the Scan Jobs list. This list is also available in the Malware Scan Jobs dashlet.
Feature | Description |
---|---|
Name | Displays the name of the job. |
Static, Network, Community, Sandbox |
Filters the results based on the scores for each scoring module. |
Progress |
Displays the current progress made on the job.
|
Info |
Provides additional information. Displays the query for the job. If the job is not complete, it also displays more detailed description of the status. |
User |
Displays the name of the user who created the job. |
Events |
Counts the number of events for the job. |
Dropped |
Counts the number of files or events in the job that were dropped because the scores are below their configured threshold. |
Event Type |
Displays the type of job: Manual Upload, On Demand, or Resubmit. |
Scheduled |
Displays the date and time when the job was executed. |
These are the available actions in the dialog.
Feature | Description |
---|---|
Cancel button | Cancels the selected scan job. |
View Scan button | Displays the Summary of Events for the selected scan with the default dashlets displayed. |
View Continuous Mode button | Displays the Summary of Events for the selected scan with the default dashlets displayed. |