How do I view Sandbox reports and data?


How do I view Sandbox reports and data?

The Sandbox logs provide additional information about the transactions with malicious activity, as shown below.

Screenshot of the Sandbox logs on the Web Insights page

Note that the Threat Name may indicate the exact malware, such as Trojan.Zbot, Backdoor.Caphaw, or just the malware category, based on the behavior recognized by the service.

The logs contain a Policy Action column that displays what the Sandbox engine has done with suspicious files. The following are the actions that the Sandbox engine may take:

  • Sent to Analysis: The file was sent to the sandbox for behavioral analysis, and the user can download the file.
  • Quarantined: The file was sent to the sandbox for behavioral analysis, and the user cannot download the file until the analysis is completed.
  • Blocked: The file was blocked immediately based on previous sandbox analysis with a known MD5 hash.

The logs also contain a MD5 column that displays the hash of suspicious files. If your organization has the Cloud Sandbox subscription, you can click the value in this column to view the Sandbox Detail Report.

 Additionally, you can monitor malware detected by the service on the dashboard. For example, you can edit the Security dashboard and add widgets that display the Sandbox or Sandbox Action data type.

Screenshot of the Sandbox widget on the Security dashboard  Screenshot of the Sandbox Action widget on the Security dashboard

About the Sandbox Detail Report

If your organization has the Cloud Sandbox subscription, the Sandbox Detail Report provides information about a file and its behavior. It provides different types of information, including forensic details such as which registry keys were changed, which network connections were initiated, and which files were read.

For each category, you can view additional details by clicking the Expand icon at the top right-hand corner of each widget.

Screenshot of the Expand icon in the Sandbox Detail Report

You can also print the report by clicking the Print icon.

Screenshot of the Print icon in the Sanbox Detail Report