The Content Analysis System, CAS, can be configured to send suspicious files to the Malware Analysis Appliance, MAA, by doing the following :

1. Goto the Services tab > Sandboxing.

2. Enable "Blue Coat Malware Analysis Appliance".

3. Click Edit and configure the Username, Password, and MAA's IP address there. The default threshold of 6 should be sufficient.

The Threat Threshold is only available on the Malware Analysis Appliance. The number set is a greater than or equal to relationship. The Malware Analysis Appliance returns numbers associated with the threat. The higher the number, the higher the likelihood the threat is malware. Anything above 6 is typically malware.