Login
- Table of Contents
-
- 03-Monitor
- 01-Application analysis center
- 02-Blacklist logs
- 03-Single-packet attack logs
- 04-Scanning attack logs
- 05-Flood attack logs
- 06-WAF logs
- 07-Threat logs
- 08-Reputation logs
- 09-URL filtering logs
- 10-File filtering logs
- 11-Security policy logs
- 12-IPCAR logs
- 13-Sandbox logs
- 14-Terminal status
- 15-Application audit logs
- 16-System logs
- 17-Configuration logs
- 18-Traffic logs
- 19-TopN traffic
- 20-Security policy hit analysis
- 21-TopN threats
- 22-TopN URL filtering statistics
- 23-TopN file filtering statistics
- 24-Attack defense statistics
- 25-Connection rate ranking
- 26-TopN traffic trends
- 27-Security policy hit trend analysis
- 28-TopN threat trends
- 29-TopN URL filtering trends
- 30-TopN file filtering trends
- 31-Botnet analysis
- 32-Asset security
- 33-Threat case management
- 34-Report settings
- 35-Session list
- 36-User information center
- 37-IPv4 online users
- 38-IPv6 online users
- 39-MAC authentication online users
- 40-Terminal status
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 13-Sandbox logs | 23.91 KB |
Sandbox logs
Introduction
The sandbox logs record the sandbox inspection results, including the basic information of packets and inspected files, and threats found in these files.
For more information about the values for the threat family and threat action fields, see "Appendix."
Restrictions and guidelines
The detailed information of sandbox logs is displayed only in JSON format.
The field value in the appendix varies by the software version of the sandbox.
Appendix
Table 1 Value for the threat family field
|
ID |
Threat family |
|
0 |
Others |
|
1 |
Viruses |
|
2 |
Trojans |
|
3 |
Worms |
|
4 |
Backdoors |
|
5 |
Ransomware |
|
6 |
Downloader |
|
7 |
Malicious advertisements |
|
8 |
Malicious scripts |
|
9 |
Macro viruses |
|
10 |
Malicious files with vulnerabilities |
|
11 |
Phishing |
|
12 |
Riskware |
|
13 |
Shell software |
|
14 |
Heuristic behaviors |
|
15 |
Digital currency |
|
16 |
Botnets |
|
17 |
APT intelligence |
|
18 |
Malicious DGA domain names |
Table 2 Value for the threat act field
|
ID |
Threat action |
|
1 |
Enable autorun after the device starts. |
|
2 |
Inject to other processes remotely. |
|
3 |
Reduce the firewall security level or add whitelist entries. |
|
4 |
Bypass User Account Control (UAC) to obtain the administrator privilege. |
|
5 |
Disable the system protection mechanism. |
|
6 |
Detect whether the antivirus software is installed or running in the system. |
|
7 |
Detect whether the file runs in the sandbox or is debugged by the debugger. |
|
8 |
Delete local files. |
|
9 |
DLL hijacking or image hijacking. |
|
10 |
Replace the file to be an EXE file or a DLL file. |
|
11 |
The file uses a name similar to a key process for counterfeiting. |
|
12 |
Infect the existing PE files. |
|
13 |
Load the driver. |
|
14 |
Modify the security policies of the IE browser. |
|
15 |
Add or modify a Windows account. |
|
16 |
Add or modify a Windows service. |
|
17 |
Suspicious network connection. |
|
18 |
Create a suspicious process and release a suspicious file. |
|
19 |
Release an executable program. |
|
20 |
Automatic shutdown, automatic restart or automatic logout. |
|
21 |
The PE file execution releases a script file. |
|
22 |
Modify the hosts file. |
|
23 |
Hook the key functions of the program. |
|
24 |
Promote the privilege of the program. |
|
25 |
The script file uses the PowerShell. |
|
26 |
Malicious network behaviors of the script file. |
|
27 |
Access sensitive files, such as the files storing the browser username and password. |
|
28 |
Using the Android software consumes the call charge. |
|
29 |
Malicious advertisements on the Android software. |
|
30 |
The Android software steals user privacy. |
|
31 |
File faking |
|
32 |
Modify the file hidden attribute. |
|
33 |
Malicious network behaviors of an executable file. |
|
34 |
Malicious shortcut files |
|
35 |
Suspicious macro viruses |
|
200 |
Viruses |
|
201 |
Spyware |
|
202 |
Worms |
|
203 |
Backdoors |
|
204 |
Ransomware |
|
205 |
Downloader |
|
206 |
Malicious advertisements |
|
207 |
Malicious scripts |
|
208 |
Malicious files with vulnerabilities |
|
209 |
Virus generator |
|
210 |
Shell software |
|
211 |
Heuristic behaviors |
|
212 |
Riskware |
|
213 |
Phishing |
|
214 |
Macro viruses |
|
215 |
Other threat types |
