Depending on your Sandbox subscription, you can view a variety of Sandbox data and reports under Dashboard and Analytics:
You can monitor malware detected by the sandbox on the Security dashboard (Dashboard > Security). You can edit the dashboard and add widgets that display transaction information for the Sandbox, Sandbox Action, and Top Users/Locations for Sandbox.
If you have the Advanced Sandbox subscription, you can also see the Sandbox Patient 0 Events widget. It displays patient 0 events that occurred in your organization within the chosen time frame. To learn more about patient 0 events and the widget, see Configuring the Patient 0 Alert.
The Threat Name can indicate the exact malware, such as Trojan.Zbot, Backdoor.Caphaw, or just the malware category, based on the behavior recognized by the service.
The logs contain a Policy Action column that displays what the Sandbox engine has done with suspicious files. The following are the actions that the Sandbox engine might take:
The logs also contain a MD5 column that displays the hash of suspicious files. If your organization has the Advanced Sandbox subscription, you can click the value in this column to view the Sandbox Detail Report.
If you have the Standard Sandbox subscription and a malicious file is allowed because it doesn't match criteria of the default Sandbox rule, the Zscaler service displays Not Subscribed in the Threat Name column.
The Advanced Sandbox subscription allows you to add additional rules for other file types (e.g., Word documents, PDF files, etc.).
If your organization has the Advanced Sandbox subscription, you can click the MD5 hash of the file in the logs and view the Sandbox Detail Report. It provides different types of information about a file and its behavior, including forensic details such as which registry keys were changed, which network connections were initiated, and which files were read.
For each category, you can view additional details by clicking the Expand icon at the top right-hand corner of each widget.
You can also print the report by clicking the Print icon.