cancel
Showing results for 
Search instead for 
Did you mean: 

Extrapolating value from Cloud Threat Detection Analysis Reports

Introduction

This guide will provide insight on how to analyze the Analysis Reports from Cloud Threat Detection (CTD), and how to drill down into the files submitted to extract forensic data.

 

Cloud Threat Detection Workspace

Within your ePO Cloud UI, navigate to the Cloud Threat Detection Workspace. Here you will be able to see the aggregation of all files submitted through integrated products with CTD, and in this case McAfee Network Security Platform (NSP) and McAfee Web Gateway (MWG) are offloading files for further analysis to CTD. You will notice that files will be convicted with four varying severity levels:

 

  • High Risk (High RIsk Severity)
  • Suspicious (Moderate Risk Severity)
  • Monitored (Low Severity)
  • Low Risk (Low Risk Severity)

 

 

We can drill down on past events that have happened over All Time. This will present all historic analysis that have been submitted to CTD.

 

 

By clicking on a severity level tab on the Severity Ribbon at the top, you can filter to which specific severity level events you want visualized.

 

 

 

Extracting Threat Details

Below is a short animation which provides several Threat Details which can provide forensic data such as MD5  and SHA-1 hashes. The malware name of file with which familial classification it shares with will be provided as well.

 

 

By clicking the Reputation field, you can extrapolate IOCs in STIX format. As seen below, this will be exported in .xml format.

 

 

File Analysis Usage

Clicking on the bell icon at the top right provides you with a dash of your daily file submission usage. If your daily file submissions begins to reach it's daily cap, it's strongly advised to increase your daily submission allowance to avoid any performance degradation with the Cloud sandbox. Contact your McAfee Sales Representative to increase your allotted sample submissions a day.

 

Labels (1)
Contributors
Version history
Revision #:
2 of 2
Last update:
‎03-15-2018 09:08 AM
Updated by:
 

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community