Evidence: File download sidebar

The Evidence sidebar is expanded by clicking an evidence link in the Evidence column of the Threats tab. Click the cancel/close to close the sidebar.

The evidence type of File download is displayed at the top of the sidebar.

Click the View reference event angle right to access the Network event details page and the full details of the associated event.

A brief description of the evidence is provided.

File details

File type

The high-level type of the downloaded file. See the list of file types.

Confidence

Indicates the probability that the downloaded file is indeed malicious. As the system uses advanced heuristics to detect unknown threats, in some cases, the detected threat may have a lower confidence value if the volume of information available for that specific threat is limited.

SHA1

The SHA1 hash of the file. Click Intelligence pages icon to view the file in Intelligence pages.

Malware identification

A summary of the detected malware is displayed. For more details, click the Analyst report angle right link to view the Analysis report.

Antivirus class

A label defining the antivirus class of the downloaded file.

Antivirus family

A label defining the antivirus family of the downloaded file.

Malware

A label defining the malware type of the downloaded file. If the label has a tag icon, you can click it for a pop-up description.

Behavior overview

The detected behaviors of the downloaded file. If there is a lot of data, a partial list is displayed by default. Click Expand for more angle down to view more. Toggle it closed again by clicking Collapse for less angle up .

Open in ...

To open the downloaded file in a specific service, click one of the icons for the providers. By default, this displays a partial list of providers. Click Expand for more angle down to view more. Toggle it closed again by clicking Collapse for less angle up .

Download details

The details of the downloaded file is displayed. For more details, click the Analyst report angle right link to view the Analysis report.

File name

The resource path to the downloaded file.

URL

The full URL to the downloaded file.

First seen

The timestamp from when the downloaded file was first seen. If there have been multiple instances of this file, this will be a range of timestamps.

Downloaded from

The IP address of the source server.

Protocol

The protocol used to transfer the downloaded file from the source server.

User agent

If available, the user agent string seen for the download request.