Sample Behavior Evidence
Table of Contents
Expand all | Collapse all
-
- New Features October 2020
- New Features September 2020
- New Features: August 2020
- New Features: April 2020
- New Features: November 2019
- New Features: May 2019
- New Features: March 2019
- New Features: February 2019
- New Features: November 2018
- New Features: October 2018
- New Features: September 2018
- New Features: August 2018
- New Features: July 2018
- New Features: June 2018
Sample Behavior Evidence
AutoFocus™ provides a summary of the behaviors
samples displayed in the WildFire® analysis environment. Now, for
each observed behavior, you
can see the specific sample activities that are evidence of that
behavior.
- Perform an AutoFocus search and view the samples matched to the search.
- Select a sample hash to view sample details.
- SelectObserved Behavior:
- Check the newEvidencecolumn for the total number of sample activities that substantiate each observed behavior, and expand a single behavior for the list of matching activities.For each activity listed, the Type column indicates the activity category and the Value column includes activity artifacts. The artifacts displayed might vary depending on the activity category. In the example below, the File Activity artifacts provided include the parent process that showed activity, the action the process performed, and the file that was altered.
- (Optional) Add the activity artifacts to an existing search or a new search.AutoFocus supports Multiple Active Searches. Adding the artifacts to a new search does not clear the existing search; instead, the new search is opened in a new browser tab.