Display File Analysis Results in Sequence
By default, WildFire™ dynamic analysis results
for a sample are grouped based on activity type (the WildFire analysis
category).
Now, you can also view WildFire dynamic analysis
results based on the order in which activities were seen when the
sample was executed in the WildFire sandbox. For each operating
system in which the sample was executed, the sequence of events
that took place in the operating system kernel space and the operating
system user space is provided.
- Start or continue an AutoFocus search to find a sample.
- Notice that the analysis results for the sample are sorted based on WildFire behavior and activity categories:
- Click the new optionShow in Sequence:
- Select the drop-downs to view the user space and kernel space event sequences:
- User Space Event Sequence—Chronologically lists the user space activities recorded when the sample underwent WildFire dynamic analysis. User space is the memory area outside of the operating system kernel, where applications and other user processes are executed.
- Kernel Space Event Sequence—Chronologically lists the kernel activities recorded when the sample underwent WildFire dynamic analysis. The kernel is the core of the operating system; the kernel space is a memory area where the kernel runs operating system processes and manages other processes.
- Next steps:
- Add high risk artifacts found in an event sequence to a search or an export list.
- Learn more about the properties, behaviors, and activities found to be associated with samples during WildFire analysis.