Services Config View - AV Tab

This topic introduces the features and functions of the AV tab in the Service Config view for a Malware Analysis service. The AV tab provides a way to identify the anti-virus software vendors whose software is in use on your network. NetWitness can include the results from these vendors in the detailed results view of an event that has been analyzed using Malware Analysis.

Workflow

netwitness_113_malware_configworkflow_step5.png

What do you want to do?

Role I Want to... Show me how
Administrator Configure General Malware Analysis Settings Configure General Malware Analysis Settings
Administrator Configure Indicators of Compromise Configure Indicators of Compromise

Administrator

Configure Auditing on Malware Analysis Host

(Optional) Configure Auditing on Malware Analysis Host

Administrator Configure Hash Filter (Optional) Configure Hash Filter

Administrator

Configure Installed Anti virus Vendor*

Configure Installed Antivirus Vendors

Administrator Configure Malware Analysis Proxy Settings (Optional) Configure Malware Analysis Proxy Settings

Administrator

Register a TreadGRID API Key

(Optional) Register for a ThreatGRID API Key

Administrator Enable Community Analysis Enable Community Analysis

*You can perform this task in the current view

Related Topic

Configure Installed Antivirus Vendors

Quick Look

This is an example of the AV tab.

netwitness_avtab.png

1 Displays the Av Tab.
2 Allows you to select the AV vendor that you are using.
3 Displays the Secondary AV vendors.

Features

The AV tab lists anti-virus vendors whose software may be installed in your network. There are two categories for vendors: Primary, which are the most trusted, and Secondary, which are less known. Each vendor name has a checkbox and an icon. Checking a vendor name indicates that you have installed the selected AV software from that vendor in your environment.

This table describes the options in the AV tab.

Feature Description
Vendor Checkbox Choose one or more Anti Virus vendors from the supplied list to indicate which products have been installed in the local organization.
Apply Saves changes made in the AV tab.
Reset Resets the AV list to the default state, which has no vendors selected.