icon-zia.svg
Secure Internet and SaaS Access (ZIA)

About the Sandbox Files Found Malicious Report

You must have Advanced Sandbox to view the Sandbox Files Found Malicious report.

The Sandbox Files Found Malicious report highlights unknown files that were sent to Sandbox for analysis and found to be malicious. You can click the file MD5 hash to see the Sandbox Detail Report, view additional transaction information in Web Insights, and export the report to a CSV file. You can view weekly reports from the last six months, not including the current week.

You can view the report in the ZIA Admin Portal by going to Analytics > Sandbox Activity Report, and choosing Sandbox Files Found Malicious from the Sandbox Activity Report dropdown menu.

About the Sandbox Files Found Malicious Report Page

On the Sandbox Files Found Malicious page, you can do the following:

  1. View the Sandbox Activity Report.
  2. Choose the week to view the report for.
  3. Search and filter the transactions by keywords or phrases.
  4. Print the report.
  5. Export the displayed transactions to a PDF or CSV file.
  6. Schedule or manage email deliveries of the Sandbox Files Found Malicious report.
  7. View a list of files that were found to be malicious. For each file, you can see the following:
    • MD5: The MD5 of a file that your organization has seen for the first time. Click to view the Sandbox Detail Report.
    • Category: The classified threat category of the file.
    • Threat Name: The threat name found during Sandbox analysis. Click to view it in the Zscaler Threat Library.
    • File Type: The file type for the file.
    • File Size: The file size for the file.
    • Allowed Transactions: The number of allowed transactions for the file before the file was found to be malicious. These transactions are patient 0 events. The users' devices that successfully downloaded the malicious file might be compromised.
    • Blocked Transactions: The number of blocked transactions for the file after the file was found to be malicious.
    • Analyzed On: The time the Sandbox engine analyzed the file.
  8. View transactions of the file in Web Insights Logs for the selected week.
  9. Modify the table and its columns.

Screenshot highlighting the features of the Sandbox Files Found Malicious report.

Related Articles
About the Instance Discovery ReportViewing the Resource Discovery ReportAbout the Email Security ReportAbout Email Security Report: IncidentsAbout the Gen AI Security ReportAbout Cybersecurity InsightsAbout Interactive ReportsAbout Industry Peer ComparisonAbout the System Audit ReportAbout the Sandbox Activity ReportScheduling the Sandbox Activity Report Weekly EmailAbout the Sandbox Files Found Malicious ReportScheduling the Sandbox Files Found Malicious Report Weekly EmailCIPA Compliance ReportAbout the Company Risk Score ReportAbout the User Risk ReportCompany Summary Report (CIO Report)Company Summary Report (CSO Report)Security Policy Audit ReportExecutive Insights ReportAbout SaaS Assets Summary ReportViewing Quarterly Business Review ReportsAbout Attack Surface ReportConfiguring the Attack Surface Report NotificationAbout Configuration Risk ReportAbout the Data Discovery ReportViewing Data Discovery DetailsAbout the IoT ReportAbout Discovered DevicesProviding Feedback on IoT Device ClassificationsAbout Scheduled ReportsScheduling ReportsCreating or Copying a ReportExcluding Locations in User-Related ReportsExporting and Importing ReportsPrinting ReportsAbout Endpoint DLP ReportAbout Endpoint DLP Report: Incidents