View the analysis results

View the file analysis results on the Analysis Reports page. In dynamic analysis if you have selected multiple VM profiles, the file has one Job ID and separate Task IDs for each VM profile. In Static Analysis, when a sample is detected then only one entry with one Job ID and one Task ID is created.

Note:
  • Older reports are deleted when the data disk of Advanced Threat Defense is 75 percent full. You can view the current data disk space available in the System Health monitor of the Dashboard. If you configure the options under FTP Result Output in the User Management page and use the set resultbackup enable command, then Advanced Threat Defense saves the results locally and sends them to the configured FTP server for your long-term use.
  • To save the FTP results for a longer time period, configure the FTP Result Output settings, then enable Set resultbackup from the Advanced Threat Defense CLI.
  • While you view the reports, the maximum number of reports you can navigate to are one million. If you want to view the reports beyond that, use the search filter to reduce the result of the number of reports.

Task

  1. Log on to the Advanced Threat Defense web interface.
  2. Click AnalysisAnalysis Reports.
    The Analysis Reports page lists the status for the completed files.
    Note: If you do not have admin permissions, only those files that you submitted are listed. A user with admin permissions can view the samples submitted by all users.
    Note: Click Export CSV to export locally the status of completed files in CSV format.
  3. Specify the criteria for viewing and refreshing the records in the Analysis Reports page.
    1. Set the criteria to display records in the Analysis Reports page.
      By default, the results for the files completed in the last 24 hours are shown.
      You can specify this criteria based on time or number. For example, you can select to view the files for which the analysis was completed in the last 5 minutes or for the last 100 completed files.
    2. Set the frequency at which the Analysis Reports page must refresh itself.
      The default refresh interval is 1 minute.
    3. To refresh the Analysis Reports page now, click .
  4. Choose to hide the columns that you do not require.
    1. Move the mouse over the right corner of a column heading and click the drop-down arrow.
    2. Select Columns.
    3. Select only the required column names from the list.
      Note: You can click a column heading and drag it to the required position.
  5. To sort the records based on a particular column name, click the column heading.
    You can sort the records in the ascending or descending order. Or, move the mouse over the right corner of a column heading and click the drop-down arrow. Then select Sort Ascending or Sort Descending.
    By default, high severity files are shown at the top of the list.
  6. To save the Analysis Reports page settings, click