Skip to main content

Searching and filtering submission cards

This is what you can do in the filters area:

  • Search and filter submissions by various criteria. The page will automatically load only the security event cards matching the selected criteria.

  • Reset filters by clicking the Clear Filters button.

  • Hide or show the filters area by clicking the corresponding button.

You can search and filter the Sandbox Analyzer submissions by the following criteria:

  • Sample name and hash (MD5) - Enter in the search field a part or the entire name or hash of the sample you are looking for, then click the Search button.

  • Date - To filter by date:

    1. Click the calendar.png calendar icon to configure the searching time frame.

    2. Click the From and To buttons to select the dates defining the time interval.

      You can also select a predetermined period from the list of options, relative to the current time (for example, the last 30 days).

      You can also specify the hour and minutes for each date of the time interval, using the options beneath the calendar.

    3. Click OK to apply the filter.

    sandbox-analyzer-calendar.png

  • Analysis result - Select one or more of the following options:

    • Clean – the sample is secure.

    • Infected – the sample is dangerous.

    • Unsupported – the sample has a format that Sandbox Analyzer could not detonate. To view the complete list with file types and extensions supported by Sandbox Analyzer, refer to Supported File Types and Extensions for Manual Submission.Sandbox Analyzer objects

  • Severity score - The value indicates how dangerous is a sample on a scale from 100 to 0 (zero). The higher the score, the more dangerous the sample is.

    sandbox-analyzer-severity-score.png

    Note

    The severity score applies to all submitted samples, including those with Clean or Unsupported status.

  • Submission type - Select one or more of the following options:

    • Manual - Sandbox Analyzer has received the sample via Manual Submission option.

    • Endpoint sensor - Bitdefender Endpoint Security Tools has sent the sample to Sandbox Analyzer based on policy settings.

    • Network traffic sensor - Network sensor has sent the sample to a local Sandbox Analyzer instance based on policy settings.

    • Centralized quarantine - GravityZone has sent the sample to a local Sandbox Analyzer instance based on policy settings.

    • API - The sample has been submitted to a local Sandbox Analyzer instance by using API methods.

    • ICAP sensor - Security Server has submitted the sample to a local Sandbox Analyzer instance after scanning an ICAP server.

  • Submission status - Select one or more of the following check boxes:

    • FinishedSandbox Analyzer has delivered the analysis result.

    • Pending analysisSandbox Analyzer is detonating the sample.

    • FailedSandbox Analyzer could not detonate the sample.

  • Environment. Here are listed the virtual machines available for detonation, including the Sandbox Analyzer instance hosted by Bitdefender. Select one or more check boxes to view what samples have been detonated in certain environments.

  • ATT&CK techniques. This filtering option integrates MITRE's ATT&CK knowledge base, if applicable. The ATT&CK techniques values change dynamically, based on the security events.

    Click the About link to open ATT&CK Matrix in a new tab.

    sandbox-analyzer-mitre-techniques.png
In this section: