How do I determine which of the files that were submitted to Cloud Sandbox were found to be malicious?


(Andy Logan) #1

Can I find out if a file I that was uploaded to the cloud sandbox was malicious?


(Jozef Krakora) #2

Currently, the best way to identify the details of which “never seen before” file samples were submitted to Cloud Sandbox, and subsequently found to be malicious, is by drilling down via the Security dashboard or Sandbox Action report.

  • Navigate to the Security dashboard, and click on the pie chart in the Sandbox widget to view web transaction logs. Scroll to the MD5 column, and click on the MD5 link to get to the detail Sandbox behavioral analysis report. If the Threat Score was > 70, the file sample would be marked as malicious in the top left box of the report.

  • Navigate to the Analytics, Web Insights, and run the Sandbox Action report. Drill down into any web transactions where the Action was either Quarantined or Sent for Analysis. Alternatively, set the filter at the left for Sandbox Actions that are either Quarantined or Sent for Analysis. Once you are at the detail logs, follow the steps detailed above.