Views:

The Virtual Analyzer Suspicious Objects screen allows you to perform an impact analysis on your network. The impact analysis uses Endpoint Sensor to contact agents and performs a historical scan of the agent logs to determine if the suspicious objects have affected your environment for a period of time without detection.

You can also perform an impact analysis for user-defined suspicious objects on the Custom Intelligence screen.

For more information, see Analyzing Impact and Responding to IOCs from User-Defined Suspicious Objects.

Important:

Impact analysis requires a valid Apex One Endpoint Sensor license. Ensure that you have a valid Apex One Endpoint Sensor license and enable the Enable Sensor feature for the appropriate Apex One Security Agent or Apex One (Mac) policies.

For more information, see the Apex Central Widget and Policy Management Guide.

  1. Go to Threat Intel > Virtual Analyzer Suspicious Objects.

    The Virtual Analyzer Suspicious Objects screen appears.

  2. Click the Objects tab.
  3. Select one or more objects from the list.
    Note:

    Apex Central does not support analyzing impact for URL objects.

  4. Click Analyze Impact.

    Endpoint Sensor contacts agents and evaluates the agent logs for any detections of the suspicious objects.

    Note:

    Impact analysis times vary depending on your network environment.

  5. Expand the arrow to the left of the Object you want to view.

    • The At Risk Endpoints list displays all endpoints and users still affected by the suspicious object.

      • For File detections, the Latest Action Result column displays the last action result reported from managed products.

      • For all other detection types, the Latest Action Result column displays "N/A".

    • The At Risk Recipients list displays all recipients still affected by the suspicious object.

Parent topic: Suspicious Object Detection