Filter WildFire Dynamic Analysis Processes and Activities
Table of Contents
Filter WildFire Dynamic Analysis Processes and Activities
You can now filter the nested processes and
activities content displayed in the WildFire Dynamic Analysis section
of the sample details page. This allows you to remove extraneous or
unnecessary content from cluttering up the sample details page.
- Start an AutoFocus™ search and click on a sample hash that has undergone WildFire® dynamic analysis.
- Scroll down to the WildFire Dynamic Analysis section and click on the filter icon (
).
- Add analysis filters options.
- Add Filterto begin adding filter rules.
- Select the analysis filterType.
- Line Counts—AutoFocus filters activities that exceed the user specified artifact limits.
- Regular Expression—AutoFocus filters activities matching with the specified regular expression. Items in the Parent Process and Parameters columns are evaluated for matches.
- Specify the analysis filter values.
- (Line counts only) Specify the limits for each of the activity artifacts (Benign,Malware, andGrayware) and clickAdd. If you do want to specify limits for certain activity artifacts, you can leave those input boxes blank.
- (Regular expressions only) Specify a regular expression in theRegExptext input box and clickAdd.
- Repeat steps 1-3 for additional analysis filters, otherwiseSave changes.
- Scroll back down to WildFire Dynamic Analysis and view the activity sections. Filtered content is hidden by default but you can display them by clickingShow filtered lines.
- Filtered items that are displayed can be distinguished by the filter icon (
).
- Remove analysis filters conditions.
- Click on the filter icon (
) to view the Analysis Filters.
- Click on the (
) next to the
condition you want to delete, then Save changes.