The Total Files tab shows all of the files reported in this notification, including files written by other files.
If the same file (that is, a file with the same hash) is written to multiple locations, it appears multiple times in the Total Files list. The following table shows the included columns:
Column |
Description |
---|---|
Sequence |
Sequence of each file’s appearance when a suspected malware instance is analyzed by the network security device. The first file in the sequence is the top-level process. |
Operation |
The operation performed on a file (start, create, close, etc.) |
File Name |
File name reported by the network security device. |
Size |
File size reported by the network security device. |
MD5 |
MD5 hash of the file. |
File Path |
File path of the file name reported in the notification. |
Parent File Name |
File name of the parent process of this file. |
Parent File Path |
File path for the parent process of this file. |
SHA1 |
SHA1 hash of the file (if reported). |
SHA-256 |
SHA-256 hash of the file (if reported). Only shown for Palo Alto Networks notifications. |
Known File |
Is this file known to the Carbon Black App Control Server (Yes/No). |
The Operation column provides important information about what was done for each file included in the notification. You can sort or filter on this field to determine what was done to a file. The notification might report that one file was created and another overwritten – files having these two operations are included in the New and Modified Files list. A file also might be opened or terminated.
If a file is known to your Carbon Black App Control Server, its listing on the Total Files tab includes a View Details button, which opens the File Details page for the file.
The Action menu for this tab includes the following commands for selected files:
- Ban Globally – Bans file(s) for all policies; requires no further configuration
- Ban By Policy – Opens a dialog box for creation of policy-specific and report-only bans
- Remove Approval Or Ban – Removes any active bans/approvals immediately.
- Find By Name – Redirects to Find files page filtered by selected file names
- Find By Size – Redirects to Find files page filtered to show results of a search for files matching the sizes of the selected files as reported in the external notification
- Find By Hash – Redirects to Find files page filtered to show results of a search by hash for the selected files as reported in the external notification
- View Carbon Black Reputation Data – Redirects to Carbon Black File Reputation (if activated) for report on this file by hash