search cancel

When do we get details in the “Cynic Observed File, Registry, System Changes” and Cynic “Observed Network Analysis” section of the file entity page?

book

Article ID: 173540

calendar_today

Updated On:

Products

Email Threat Detection and Response

Issue/Introduction

Cynic doesn't provide analysis to ATP or SEDR when file is clean or when verdict is already available for the submitted file.

Environment

All ATP & SEDR Versions

Cause

It's working as per the design.

Resolution

These details will populate when Cynic server has found that submitted file is malicious or suspicious. Cynic server will execute the submitted file in the sandbox environment and provide the analysis details in the appropriate sections like below:

Above details are the footprints of the file in the sandbox environment which will give us the clarity on the behavior of the file. These details should vary on the behavior of the different submitted files.

Attachments