Export Artifact Metadata

When exporting artifacts from AutoFocus to a CSV file, you can now also export the following information in the CSV for each artifact:
  • the export list label used to group artifacts,
  • the time the artifact was added to the export list,
  • the user who added the artifact to the export list,
  • the artifact activity category,
  • and the SHA-256, SHA-1, and MD5 hash for the sample with which the artifact is associated.
You can then filter the generated CSV file based on this metadata.
For example, a threat researcher who plans to circulate the CSV file across a global IT department where regional offices might have different security requirements could create regional labels to group artifacts. She could then generate a CSV file on a daily or weekly basis, and the regional IT departments can filter the list accordingly based on the regional label (the labeled artifacts can then be added to the appropriate regional block list).
  1. Generate a CSV file from the export list.
    1. Select Export List on the navigation pane.
    2. Select the artifacts you want to export.
    3. Click Export.
    4. Select Export Metadata and Export.
      ga-1-export-metadata.png
      The generated CSV file with metadata includes the following additional columns for each artifact row:
      Added Time
      ,
      Section
      (this is the activity category during which WildFire observed the artifact),
      Label
      ,
      SHA256
      ,
      SHA1
      ,
      MD5
      , and
      User
      .

Recommended For You