Skip to main content

Searching and filtering submission cards

This is what you can do in the filters area:

  • Search and filter submissions by various criteria. The page will automatically load only the security event cards matching the selected criteria.

  • Reset filters by clicking the Clear Filters button.

  • Hide or show the filters area by clicking the corresponding button.

You can search and filter the Sandbox Analyzer submissions by the following criteria:

  • Sample name and hash (MD5) - Enter in the search field a part or the entire name or hash of the sample you are looking for, then click the Search button.

  • Date - To filter by date:

    1. Click the calendar.png calendar icon to configure the searching time frame.

    2. Click the From and To buttons to select the dates defining the time interval.

      You can also select a predetermined period from the list of options, relative to the current time (for example, the last 30 days).

      You can also specify the hour and minutes for each date of the time interval, using the options beneath the calendar.

    3. Click OK to apply the filter.

  • Analysis result - Select one or more of the following options:

    • Clean – the sample is secure.

    • Infected – the sample is dangerous.

    • Unsupported – the sample has a format that Sandbox Analyzer could not detonate. To view the complete list with file types and extensions supported by Sandbox Analyzer, refer to Supported File Types and Extensions for Manual Submission.

  • Severity score - The value indicates how dangerous is a sample on a scale from 100 to 0 (zero). The higher the score, the more dangerous the sample is.



    The severity score applies to all submitted samples, including those with Clean or Unsupported status.

  • Submission type - Select one or more of the following options:

    • Manual - Sandbox Analyzer has received the sample via Manual Submission option.

    • Endpoint sensor - Bitdefender Endpoint Security Tools has sent the sample to Sandbox Analyzer based on policy settings.

  • Submission status - Select one or more of the following check boxes:

    • FinishedSandbox Analyzer has delivered the analysis result.

    • Pending analysisSandbox Analyzer is detonating the sample.

    • FailedSandbox Analyzer could not detonate the sample.

  • ATT&CK techniques. This filtering option integrates MITRE's ATT&CK knowledge base, if applicable. The ATT&CK techniques values change dynamically, based on the security events.

    Click the About link to open ATT&CK Matrix in a new tab.