Skip to main content

Resubmitting samples

From the submission cards area, you can resend already detonated samples to a local Sandbox Analyzer instance without having to upload them again. You may do this for samples previously submitted to the local Sandbox Analyzer instance by any sensor or method, automatically, manually or via API.

To resubmit a sample:

  1. Click Resubmit to analyze in the submission card.

    Note

    This option is available only with Sandbox Analyzer On-premises license.

  2. In the configuration window, keep the settings from the previous submission or change them as follows:

    1. Under Image management, select the virtual machine image you want to use for detonation.

    2. Under Detonation configurations, configure the following settings:

      • Time limit for sample detonation (minutes) - Allocate a fixed amount of time to complete the sample analysis.

        The default value is 4 minutes, but sometimes the analysis may take more time.

        At the end of the configured interval, Sandbox Analyzer interrupts the analysis and generates a report based on the data collected up to that moment.

        • If interrupted when incomplete, the analysis may contain inaccurate results.

      • Number of reruns allowed - In case of unexpected errors, Sandbox Analyzer tries to detonate the sample as configured until completes the analysis (the default value is 2).

        That means Sandbox Analyzer will try two more times to detonate the sample in case of error.

      • Prefiltering - Select this option to exclude from detonation samples already analyzed.

      • Internet access during detonation - During analysis, some samples require internet connection to complete the analysis.

        Note

        For best result, it is recommended to keep this option enabled.

    3. Under Detonation profile, adjust the complexity level of behavioral analysis, while affecting the Sandbox Analyzer throughput.

      For example, if set to High, Sandbox Analyzer would perform a more accurate analysis on fewer samples, in the same interval, than on Medium or Low.

  3. Click Resubmit.

After resubmission, the Sandbox Analyzer page displays a new card and the data retention for that sample is extended accordingly.

Note

The Resubmit to analyze option is available for samples still present on the Sandbox Analyzer datastore.

Make sure that data retention is configured in the Sandbox Analyzer > Sandbox Manager page of the policy settings.

In this section: