Collect files
Upon detection of threats, you can collect Threats file samples or general files from the Web Console, download and delete files.
Collecting malware samples
- In Analysis > Threats > Management, click the ‘Details’ button in the Threats list to go to the detailed screen, and the Sample Collection button is displayed as shown below. Click the 'Collect Sample' button.
- An alarm window related to sample collection appears, click OK.
- When sample collection is complete, the Download Samples button is displayed and you can download or delete files from the Acquisitions menu at the same time.
Download and delete files
Malicious file samples and normal file samples are classified as follows.
| type | Explanation |
|---|---|
| It is a malicious code file detected as Threat | Threats, and an alarm window for entering a password occurs when the file is downloaded. Click the OK button to download the password-applied hash value and zip file. If you want to change the password set by default, you can set the sample download password on the System > Settings > Perferences > Threat Detection & Response page. |
| File | It is a general file collected by the sample collection command of Users and does not require a separate password input. |
| It is a general file collected by the Artifact collection command of Artifact | Users and does not require a separate password input. |
| Agentlog | Displayed when an agent log file was collected by a manual command from Users on the server. |
- You can download the file by clicking the sample download button generated during the malware sample collection process or clicking the download button in Analysis > Investigation > Acquisitions.
- If you click the Delete button in the file list, the file is deleted from the server and also in the Acquisitions list.
- If you are collecting large files via Live Response, you will see an upload icon in the Acquisitions list. When you click the list, the progress of file collection is displayed. The collection progress is updated with every click on the list.
- When collecting artifacts, click on the Load Data button in the Acquisitions list. After loading the collected data, the ‘G-Report’ button is created.
- When you click the ‘G-Report’ button, the G-Report window is created and you can check the artifact-collected data in Report format.