View Alerts and Security Events by Files
-
Click 'Security' > 'Endpoint Security' > 'Alerts' > 'Hash View'
'Hash view' groups together all events that involve a particular file.
-
A file can generate events in different security modules, on multiple devices, at different times.
-
All these events are grouped together and shown as a single row.
-
You can view the Valkyrie file analysis verdict for any file and change your admin trust rating for any file from this interface.
The tiles at the top shows a breakdown of files intercepted by different security modules of Xcitium . The table shows a list of files that generated events at various devices.
Column Header |
Description |
---|---|
File Hash |
The SHA 1 hash value of the executable file.
|
File Name |
The label of the executable file affected by the action. |
File Path |
The installation location of the executable file on the endpoint. |
Alert counts |
The number of alerts generated / events logged by various security modules of Xcitium.
|
Number of devices |
On how many devices the event was detected |
Current Xcitium Rating |
The present trust rating of the file as per the Xcitium File Look-up Service (FLS). |
Current Admin Rating |
The most recent trust rating of the file as manually set by the admin, if any.
|
Controls |
|
Alert Actions |
Contains the following controls for each file: File Details - Opens the 'Investigate' > 'Hash Search' interface with the details of the file along with the events it generated at various devices. See Search Events by File Hash for more details. Download Valkyrie Report - Get a detailed Valkyrie analysis report for a file as a PDF. See Get Valkyrie Report of a file for more details. Check Valkyrie Details - View the Valkyrie analysis on a file. See View Valkyrie analysis details of file for more details. |
Change rating |
Assign a new admin rating to a file (trusted, malicious or unrecognized).
|
Filter options
-
Click a file name in the tiles at top to view only that file in the list
-
Use the search fields to filter the entries by time, security component that generated the event, name of the file, installation path of the file, minimum count of devices on which the events are detected, or the label of the alert or event.
The hash view interface lets you:
View file details and events generated on all devices
-
The hash view screen lets you to run an hash search for the process or file involved in the event and view its details.
-
The hash search details include basic details of the executable file / parent file of a process, the file trajectory, its execution history and more.
-
You can also view the Valkyrie verdict of the file and set your own admin rating for the file from this interface.
View details of file / process involved in an event
-
Click 'Security' > 'Endpoint Security' > 'Alerts' > 'Hash Search'
-
Use the filter fields to search for specific event
-
Click the hash value of a file
The 'Security' > 'Endpoint Security' > 'Investigate' > 'Hash Search' screen opens with the details of the chosen file and events generated by the file.
See Search Events by File Hash to read more about the details shown on this page.
Rate Files as Trusted,
Malicious or Unrecognized
If required, you can rate the files affected by the events as unrecognized, trusted or malicious. Please make sure before marking a file as trusted. Any new file ratings will be sent to endpoints during the next sync.
-
Click 'Security' > 'Endpoint Security' > 'Alerts' > 'Hash View'
-
Select the event(s) involving the file(s) of interest.
-
Click the 'Change Rating' button
-
Set your preferred rating from the options:
The new rating will be propagated to all endpoints during the next synchronization.
Get the Valkyrie Report on a file
Background:
|
Download the Valkyrie report on a file
-
Click 'Security' > 'Endpoint Security' > 'Alerts' > 'Hash View'
-
Click the 'Alert Actions' button in the row of the event involving the file of interest
-
Choose 'Download As Valkyrie Report'
-
The PDF opens in a new browser tab.
-
The report contains granular details of various tests on the file.
View Valkyrie analysis of a file
-
Click 'Security' > 'Endpoint Security' > 'Alerts' > 'Hash View'
-
Click the 'Alert Actions' button in the row of the event involving the file of interest
-
Choose 'Check Valkyrie Details'
-
The Valkyrie 'file verdict' page opens in a new tab.
-
The page contains the results of various tests, and a trust verdict from each test.
-
For more details on Valkyrie tests, see http://help.Xcitium.com/topic-397-1-773-9563-Introduction-to-Xcitium-Valkyrie.html.