Analysis Artifacts

The following table provides field names and related information for analysis artifacts.

Field Name	Artifact Type as it Appears on AutoFocus Web Portal	Field Type	Acceptable Values and Examples
sample.tasks.connection	Connection Activity	StringProx	Network activity including connections, IP addresses, and country codes. Example: tcp-connection, 46.254.18.90:80 , , RU
sample.tasks.dns	DNS Activity	StringProx	DNS activity including query, response, and type. Example: a0ce.akamaiedge.net
sample.tasks.file	File Activity	StringProx	Parent process, action, and file path. Example: Program Files\Zona\utils.jar,
sample.tasks.http	HTTP Activity	StringProx	HTTP request including host, method, URL, and user agent string. Example: /T/a93E_X.jpeg
sample.tasks.metadata_sections	PE Metadata	StringProx	Metadata from PE files, including the name, virtual address, virtual size, and raw size. Example: .text , 15872 , 4096 , 15866
sample.tasks.japi	Java API Activity	StringProx	Java runtime activity. Example: load, class barcode.Get2D not found.
sample.tasks.behavior_type	Observed Behavior	StringProx	Behaviors seen when a sample is analyzed by WildFire. Example: pe_sa_abnl_sect_name
sample.tasks.misc	Other API Behavior	StringProx	Non-Java API activity seen when a sample is analyzed by WildFire. Example: sample.exe , ZwProtectVirtualMemoryFailed , 0xc0000045 , 0xffffffff , pid=1516 , 0x0012fed8 , 0x0012fedc , 0x00000000
sample.tasks.process	Process Activity	StringProx	Processes that showed activity when the sample was analyzed by WildFire. Example: cmd.exe , terminated , , Users\\Administratorexp lorer.exe"
sample.tasks.service	Service Activity	StringProx	Services that showed activity when the sample was analyzed by WildFire. Example: WINWORD.EXE , StartService , ,
sample.tasks.user_agent	User Agent Fragments	StringProx	The user agent header for HTTP requests sent when the sample was analyzed by Wildfire. Example: Microsoft-CryptoAPI/6.1