File downloads tab
The File downloads tab shows the malicious files downloaded by the host with details about their contents and corresponding threat levels.
The quick search field above the list provides fast, as-you-type search. It filters the rows in the list, displaying only those rows that have text, in any field, that matches the query string.
The columns to be displayed in the list can be customized by clicking the icon.
Each row is a summary of a downloaded file. Click the icon (or anywhere on an entry row) to view details of the downloaded file.
The list is sorted by score and includes the following fields:
- Timestamp
-
The timestamp of the detection of the file download.
- Host
-
The host that downloaded the file.
- Sensor
-
The sensor that detected the file download.
- Contacted IP
-
IP address of the contacted host.
- Location
-
For a download, this is the URL of the file in the supported format. For example,
\\127.0.0.2\samba_share\1128dedb.exe
for an SMB download orhttp://www.example.com/download/example.zip
for an HTTP download.For an upload, "Upload" is displayed.
- Filename
-
The name of the file downloaded.
- MD5
-
The MD5 hash of the downloaded file.
- Type
-
The high-level type of the downloaded file. See the list of file types.
- AV Class
-
A label defining the antivirus class of the downloaded file. If the label has a icon, you can click that for a pop-up description.
- Malware
-
A label defining the malware type of the downloaded file. If the label has a icon, you can click that for a pop-up description.
- Score
-
The score assigned to the downloaded file by the analysis indicates the critical level of the detected threat and ranges from 0 to 100:
-
Threats that are 70 or above are considered to be critical.
-
Threats that are between 30 and 69 are considered to be medium-risk.
-
Threats that are between 1 and 30 are considered to be benign.
For details, see Maliciousness score and Risk estimate.
If the icon appears, it indicates the artifact has been blocked.
The list is sorted by decreasing order (most critical threats at the top). Click the icon to sort the list in increasing order (least critical threats at the top), then click the icon to toggle back to the default.
-