The All tab displays all instances of file downloads that were analyzed in your NSX network.
Downloaded Files Over Time in the All Tab
The Downloaded files widget in the All tab provides an overview of the number of files that were downloaded in the monitored network during the specified time range. The graph is a daily histogram of downloaded files, grouped by the high-level file type.
The widget shows all file downloads that have been analyzed.
See Downloaded Files Over Time for the list of file types.
Use Filters in the Files Downloaded Page
NSX Network Detection and Response provides a filtering mechanism that allows you to focus on specific information about downloaded files that are of interest to you. The use of filters is optional.
Procedure
Downloaded Files List in the All Tab
The Downloaded files list displays all of the files that have been downloaded by hosts in the network and processed by the NSX Advanced Threat Prevention service.
The Quick search text box in the upper-left corner of the list provides fast, as-you-enter search capability. It filters the rows in the list and displays only those rows that have text, in any column, that matches the query string that you entered in the search text box.
To customize the columns displayed in the list, click the icon located in the upper-right corner of the list.
You can customize the number of rows to be displayed. The default is 20 entries. Use the and icons to navigate through multiple pages.
Each row is a summary of a downloaded file. Click the icon or anywhere on an entry row to access a detailed view of the downloaded file.
See Downloaded Files Details for additional information on the detailed view of the downloaded fiel.
Column Name | Description |
---|---|
Timestamp | The timestamp of the detection of the file download. |
Host | The host that downloaded the file. |
Contacted IP | IP address of the contacted host. |
Location | For a download, this is the URL of the file in the supported format. For example, For an upload, "Upload" is displayed. |
MD5 | The MD5 hash of the downloaded file. |
Type | The high-level type of the downloaded file. See the Downloaded Files Over Time for the list of file types. |
AV Class | A label defining the antivirus class of the downloaded file. If the label has the icon, you can click that for a pop-up description. |
Malware | A label defining the malware type of the downloaded file. If the label has the icon, you can click that for a pop-up description. |
Score | The score assigned to the downloaded file by the NSX Intelligence analysis. Click to sort the list by score. If appears, it indicates the artifact has been blocked. |