: Find High-Risk Artifacts
Focus
Focus

Find High-Risk Artifacts

Table of Contents

Find High-Risk Artifacts

To bring your attention to potential threats in your network, AutoFocus provides clues in a sample's WildFire analysis that link the sample to malware or malicious attacks.
  1. Begin a new search. Check the Tags column for:
    • Unit 42 tags—Identify threats and campaigns that pose a direct security risk.
  2. Click a sample hash and scan the WildFire analysis details of the sample for signs of maliciousness.
    • For every WildFire static and dynamic analysis artifact listed, compare the number of times the artifact has been detected with benign (
      ), grayware (
      ), and malware (
      ) samples.
    • High-risk artifacts are displayed with icons to designate them as Suspicious or Highly Suspicious.
    • If an activity artifact has proven to be evidence of an Observed Behavior, the behavior risk level is indicated:
  3. View artifacts that match your search conditions (even if they’re not high-risk), highlighted in the search results.
  4. View a summary of Indicators that AutoFocus detected in the sample.
    The Indicators tab only lists artifacts that AutoFocus considers indicators based on the tendency of the artifact to be seen predominantly in malware samples. Click the tag to view the full list of matches.
  5. (Optional) Add High-Risk Artifacts to a Search or Export List.