About the sandbox "sent for analysis", where is it sent and when will the results come?

I currently have 1.4K transactions for “sent for analysis” result of sandboxing in the past month. when will i get the results?

Hi @Question,
These results will already be in place for you, there’s a few ways for you to access Sandbox data and reports, these can vary depending on your subscription level.

Patient Zero Alerts
https://help.zscaler.com/zia/configuring-patient-0-alert

These Alerts will trigger anytime your organisation detonates a file in the sandbox and we determine a malicious verdict.

Sandbox Reports
https://help.zscaler.com/zia/viewing-sandbox-reports-data

The link above takes you to a number of Sandbox activity reports, for example:

Sandbox API
https://help.zscaler.com/zia/api

You may also pickup the Sandbox details via API. If you use Splunk we currently have an early access capability that automated the retrieval and correlation of Sandbox event and Web logs.

Hope this helps.

Cheers,
@skottieb

1 Like

Thanks!
i have another question.
i’ve set some files to not be scanned by sandbox and not blocked.
would these files come up as “sent for analysis”?

This would be depend on the “first time action” set in the policy. Allow and Scan will allow the file, but you will still them “Sent for Analysis"

Attachment.png