WildFire™ classifies previously unknown samples as either
malware, grayware, benign, or phishing, so that you can then block
or enforce the newly-identified traffic according to your security
policy needs. When WildFire observes and executes a sample in a
WildFire analysis environment, artifacts (such as file properties,
behaviors, and activities) are revealed to be associated with the
AutoFocus™ provides a new lens through which you can view the
artifacts collected by WildFire. AutoFocus layers statistics over
artifacts found to be associated with a sample, to show the number
of times the artifact has been seen with other malware, grayware,
or benign samples. High-risk artifacts seen frequently with malware
are labeled Suspicious or Highly
Suspicious, and artifacts associated with high-risk behaviors
are indicated. If you Forward
MineMeld Indicators to AutoFocus, AutoFocus calls attention
to sample indicators that match the threat indicators you’ve forwarded.
Find high-risk artifacts in the File Analysis details of a sample.
By default, AutoFocus groups similar artifacts into WildFire static
and dynamic analysis sections for easy reference, though you can
also view artifacts based on the sample activity timeline in the
WildFire analysis environment. Add high-risk artifacts to a search,
or use them to Build
an AutoFocus Export List.