Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            The Files Page

            Introduction

            The Files page allows users with the Analysts role (currently only Field Effect users) to request specific files from specific endpoints to investigate further into a security event. If your organization requires access to a file, please open a support request at support@fieldeffect.com.


            Once granted permission by a user with the Analyst role, the file will be listed in this view along with any previously requested files. Note that for security reasons, files are compressed and encrypted and cannot be viewed by clients when downloaded.


            This is a great resource for performing a deeper level of analysis into a potentially malicious file.


            This article introduces the Files page and how to navigate it, as well as how to use the predictive search functionality, edit and filter columns, and sort the view.

             

             

            Navigating the Files Page

            The List View

            This page is presented as a table showing files requested from Field Effect by users with the Analyst role. Columns can be resized, rearranged, and shown or hidden to suit your needs.



            The following columns are available for the recent and log views: % complete, Analysis, Analysis Results, Analysis Score, Analysis Submission ID, Analysis Update (UTC), Completed (UTC), Error Status, File Name, File Path, File Size, Host Name, MD5, Max Size, Notes, Requested (UTC), Reviewed (UTC), SHA1, State Update (UTC), and Status.


            The Details View

            Clicking a row will expose more details about the selected endpoint agent along bottom of the table.



            The Details view can also be expanded into a modal view using the Expand icon. Clicking the Host Name link will take you to a drilled in view of the endpoint agent on the Agents page.



            Downloading Files

            To download a file, click the download icon in the line item representing the desired file. It will be downloaded to your browser’s default downloads folder.


            After a request for a file is approved, the request there is tasked asynchronously to the affected agent. Because of this, it may take some time between the request and file being available. The status icon indicates weather the files is ready for download. Line items with a clock icon in the status are still processing and line items showing a green checkmark are available.


            Note that for security reasons, files are compressed and encrypted and cannot be viewed by clients when downloaded.


              

            Editing Columns

            Columns can be shown or hidden to suit your needs. To edit a view’s columns, click Edit Columns from the view you want to adjust.



            The Edit Columns tool will open, listing all the columns available. Use the checkmarks to select the columns you want to use in the table. Unchecked columns will not be visible. Once you’ve made your selections, click Apply.



            The size of each column can also be adjusted. Use the arrows in the column header to sort and drag the edge of the column to adjust the width.



            Searching for Files

            The search bar leverages logic that allows you to create custom queries to find and filter alerts. You can select from default queries (Completed Downloads), use logic to create your own searches (“File Name” column contains “XYZ”), or perform keyword searches.



            After selecting a suggested column from the dropdown, suggested logic statements will become visible. Select the logic statement that suites your search to continue.



            After selecting a logic statement, suggested search choices specific to the selected column will become visible. In the example below, the user chose the path column and Contains logic statement. Therefore, the dropdown shows available file paths as suggestions.



            Also note that you are not restricted to suggestions, you can add custom search queries to logic statements or perform basic keywork searches.



            Sorting & Filtering Files

            To sort the Files page, click on a column header to toggle between a descending or ascending order for the selected column. You can also use the “Order By” feature shown as a suggested search function.


            To filter the list, you can use the “Is Not” or “Is Null” suggestions. Using “Is not” will query results that do not include selected suggestions or provided keywords. The “Is Null” suggestion will query items with no content in the selected column.


            As you make selections, you will be prompted with suggestions as shown above in Searching for Files.



            Exporting Results

            You can export the entire list of alerts, or a filtered subsection, using the Export .csv icon. The export will be downloaded to your default folder.




            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0