After identifying a suspicious file or URL object, you can submit the object for analysis in the Sandbox Analysis app using context menus on the Trend Vision One console.
This task is supported by the following services:
-
Trend Vision One
-
Windows agent
-
Mac agent
-
-
Apex One as a Service
-
Windows agent
-
Linux agent
-
-
Trend Cloud One - Endpoint & Workload Security
-
Windows agent
-
Linux agent
-
Mac agent
-
-
Deep Discovery Inspector
-
Virtual Network Sensor
Procedure
- After identifying the suspicious file or URL object, access the context or response
menu and click Submit for Sandbox Analysis.The Submit to Sandbox for Analysis Task screen appears.
- Specify a Description for the response or event.
- (Optional) Specify the arguments that are used when the sandbox runs the submitted
object.A maximum of 1,024 characters can be entered.
- Click Create.Trend Vision One creates the task and displays the current task status in Response Management.
- Monitor the task status.
- Open Response Management.
- (Optional) Locate the task using the Search field or by selecting Submit for Sandbox Analysis from the Action drop-down list.
- View the task status.
-
Pending approval (
) (if applicable): The automated response task
was created on the Workbench app and is waiting for
approval -
Rejected (
) (if applicable): The automated response task
created on the Workbench app was rejected -
In progress (
): Trend Vision One sent the command
and is waiting for a response. -
Queued (
): The managing server queued the
command because the agent was offline. -
Successful (
): The command was successfully
executed. -
Unsuccessful (
): An error or time-out occurred when attempting to send
the command to the managing server, the Security Agent is offline for more than 12
hours, or the command execution timed out.
-
- Check the Sandbox Analysis by selecting Check Sandbox
Analysis (
) to view the analysis result
in the Sandbox Analysis app.For more information about the Sandbox Analysis app, see Sandbox Analysis