In the console, the Analyzed Files tab of the Requested Files page shows the status and (if complete) analysis results for all files submitted to external services for analysis.

The default view for this page shows all files sorted by request date, but there also are Saved Views available that can provided a more targeted list of files:

  • Analysis in Progress
  • Completed Analysis
  • Analysis Errors
  • Files Submitted to WildFire

The Requested Files: Analyzed Files table showing the available columns

The table can show the following columns (not all are shown by default):

  • Request Date – When the request for file analysis was submitted for this file.
  • Requester – The user who requested the upload.
  • Upload % – The percent complete of the upload (not the analysis).
  • Status – This indicates where in the analysis process this file is. See Analysis Status for a description of status values.
  • Analysis Results – When the analysis is completed, this field indicates the result of the analysis (Clean, Potential Risk or Malicious).
  • Computer – The computer from which the file was uploaded.
  • File Name – The name of the file in the location from which it was uploaded.
  • File Size – The size of the file as it appears (or appeared) on agent-managed computers.
  • MD5 – The MD5 hash of the file.
  • Date Modified – The last time the entry for this file was changed.
  • Error – Any error associated with the upload or submission for analysis of the file.
  • File Path – The directory where the file resided on the source computer at the time the file was uploaded - it is not necessarily the current location of the file.
  • Last Modified By – Who last modified the Analyzed Files entry for this file by taking a related action.
  • Prevalence – The prevalence of this file on agent-managed computers.
  • Provider – Palo Alto Networks, or possibly a custom or legacy connector
  • SHA-256 – The SHA-256 hash of this file.
  • Source – The source of this analysis request. Can be "Manual" or "Event rule".
  • Source Name – If the source was "Event rule", the name of the rule.
  • Target – The target for the file analysis. This will be Palo Alto Networks WildFire, <Target Environment> or a target for a custom connector or one from an older App Control release.

Files from the Carbon Black App Control Agent that are targeted for analysis are not stored on the Carbon Black App Control Server and cannot be downloaded to the server or deleted from this table.