Files

The Files page allows you to search for files stored by MetaDefender NDR . Click Analysis > Files. The right pane displays the basic session details in a tabular form with MIME types, hashes and so on. The interface provides both Quick Search and Advanced Search features on the left pane.

Columns available in the Advanced Search menu for the Files page are:

  • Filename
  • Hash
  • MD5
  • SHA1
  • SHA256
  • SHA512
  • Size
  • Entropy
  • MIME type
  • Signature Name
  • Signature Offset
  • Signature Payload
  • Signature Event Id

Select the column(s) and specify their criteria. You can also specify the session time from the Time Interval drop-down menu or select a date range from the built-in calendars by clicking the From/To option. Click Search. Results appear in the right pane and display sessions with individual threat scores. Information on each session that includes file name, MIME type, hash, MD5, SHA1, SHA256, file size and a link to view the file details are displayed.

Viewing Session Details

Click View in the Actions column corresponding to that session. The resulting page displays the transferred file information along with the option to view their content and download them as raw or encrypted file(s). Details of a TCP sessions containing the file can be viewed in a tabular form.

On the right pane of this page, you can view the fie name, MIME type, file size, and entropy.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
IOCs
On This Page
FilesViewing Session Details