The Sandbox logs provide additional information about the transactions with malicious activity, as shown below.
Note that the Threat Name may indicate the exact malware, such as Trojan.Zbot, Backdoor.Caphaw, or just the malware category, based on the behavior recognized by the service.
The logs contain a Policy Action column that displays what the Sandbox engine has done with suspicious files. The following are the actions that the Sandbox engine may take:
The logs also contain a MD5 column that displays the hash of suspicious files. If your organization has the Cloud Sandbox subscription, you can click the value in this column to view the Sandbox Detail Report.
Additionally, you can monitor malware detected by the service on the dashboard. For example, you can edit the Security dashboard and add widgets that display the Sandbox or Sandbox Action data type.
If your organization has the Cloud Sandbox subscription, the Sandbox Detail Report provides information about a file and its behavior. It provides different types of information, including forensic details such as which registry keys were changed, which network connections were initiated, and which files were read.
For each category, you can view additional details by clicking the Expand icon at the top right-hand corner of each widget.
You can also print the report by clicking the Print icon.