New Features: March 2019

The following topics provide a snapshot of the AutoFocus™ features introduced in March 2019. Each section includes context for the new feature, with steps to get started.
March AutoFocus FeaturesAbout Each Feature
Additional WildFire Static Analysis Data in Sample Reports
AutoFocus™ now displays additional WildFire analysis data that can be viewed under the Static Analysis section of an AutoFocus sample details page:
  • PE Metadata—Portable executable file metadata details extracted during WildFire analysis. This includes the section header details, including the name, virtual address, virtual size, and raw size.
    You can add any of the metadata values to a search by hovering over an artifact and selecting one of the associated search tasks. To add all values to a search, select the left-most drop down. From here, you can also add the artifact to an AutoFocus export list for further analysis.
    pe-metadata.png
  • Embedded Files—Hashes of files that are embedded within document files are displayed, along with the WildFire verdict.
    embedded-contents.png
For more information about the concepts referenced in this feature, refer to:
PE Compilation Timestamp
AutoFocus™ now displays the compilation timestamp for PE files on the sample details page. This time and date represents when an executable image was created. Unusual timestamps, such as a random value or a series of zeros can indicate tampering.
To view the PE sample compilation timestamp, start a search for a PE file and click on a sample for details.
compilation-timestamp.png
You can also use the Compilation Timestamp indicator listed under Analysis Artifacts to search for samples based on a PE file creation date and time.

Related Documentation