Search: Summary tab

The Summary tab is the default view for each search. To support IoC validation, this view provides different statistical representations of the resulting data, organized in multiple widgets. The widgets are constructed using a range of sampled reports (up to 2,500 reports). The number of reports actually used in the computations is reported next to the tab title.

The Summary tab displays the following widgets:

Detection

The Detection widget displays the analysis results as Benign, Suspicious, or Malicious. Using this widget, you can immediately see whether the queried IoC(s) are indeed malicious.

Antivirus labels

The Antivirus labels widget displays the analysis results across the different antivirus classifications. Using this widget, you can quickly categorize the IoC(s) and use the corresponding threat labels to bridge the results with other security tools. Labels are always constructed from the threat classification combined with the threat name.

Two labels have special significance:

  • Unclassified indicates that no antivirus product detected the sample.

  • Unknown indicates that no information was available concerning the sample classification by any antivirus product.

File types

The File types widget displays the analysis results across the different types of threat vectors such as PE Executable, PE libraries, documents, etc. Using this widget, you can quickly identify the threat vectors being potentially used to enter your company premises.

Industries

The Industries widget provides information about the visibility of the analysis results across different industries or market segments. Using this widget, you can quickly determine if you are dealing with a threat targeting your particular industry or with a wider campaign.

Results Filtering

With the exception of the Industries widget, these widgets can be used to filter query results. To create a filter, click on one of the entries of a given widget. Only the results matching this specific value are kept. When creating a filter, the query results are automatically updated using the new filter. The filter is applied to all the different tabs and their related views.

The filters are displayed below the tab selectors and following the Filters title. To remove a filter, click the cancel/close at the end of the filter name.

Results Privacy

Hover over the number of reports to view the breakdown of the results between private and public results and those results visible by the user only.

The Summary tab displays a global overview across the analysis results independently from the visibility. The subsequent tabs only provide access to the subset of results marked as public or user-only. For more on privacy, see Data privacy.