Define malware analysis
Define malware analysis that captures the metadata and results of a particular static or dynamic analysis performed on a malware instance or family.
始める前に
Role required: sn_ti.admin
手順
- Navigate to .
- Click New.
-
Complete the fields in the form as appropriate.
Field Description Name Enter a descriptive name to identify the intrusion set. Analysis Engine Version The version of the analysis engine or product (including AV engines) that was used to perform the analysis. Analysis Definition Version The version of the analysis definitions used by the analysis tool (including AV tools). Analysis Started The date and time that the malware analysis was initiated. Analysis Ended The date and time that the malware analysis was ended. Source Specifies the threat source from which this record is created. Source ID Unique identifier for this object in the threat source. Result The classification result as determined by the scanner or tool analysis process. Result Name The classification result or name assigned to the malware instance by the scanner tool. Created Time in Source Specifies the time the object is created in the source. Modified Time in Source Specifies the time the object is modified in the source. - Click Submit.
次のタスク
| Related Links and Related Lists | Description |
|---|---|
| Show Relationships | Opens the STIX Visualizer where you can view the relationship of the STIX
object. Show Relationships appears only when the object has an associated object. |
| External References | Lists external references which refer to non-STIX information. This property is used to provide one or more external object identifiers. |
| Associated Malware | Lists the associated malware identified with this object. |
| Reported Observables | Lists observables reported as part of this object. |
| Installed Software | Lists any non-standard software installed on the operating system used for the dynamic analysis of the malware instance or family. |