API Support for Sample Behavior Evidence
The AutoFocus™ API now provides a summary of behavior
evidence, when applicable, in
sample analysis. This
is an extension of behavior evidence that is available through the
AutoFocus portal. Behavior evidence lists
the behaviors seen for a given sample in the WildFire® analysis
environment, such as whether a sample has created files, started
a process, or modified registry settings.
{
"line":"sample.exe , CreateFileFail , WINDOWS\\lsass.exe , 00120089 , 00000060 , c0000043",
"b":591,
"m":176025,
"g":0,
"behaviors":[
33,
96
]
}
