Skip to main content
Version: Spectra Analyze 9.1.1

Sample Details Page

The Sample Details page presents all the available information about a sample.

  • For local files, the information is collected from Spectra Core static analysis results, Spectra Intelligence, and dynamic analysis results (for specific file types). Administrators can configure processing settings on the appliance (“Fast”, “Normal”, “Best”). This will impact which file formats will be fully processed and how much information will be presented for them.
  • For samples that are not local, the scope of information will depend on the information provided by Spectra Intelligence. This is usually a subset of what is available for locally available files: a section of static analysis results and Spectra Intelligence scanning results.
  • For URLs, domains and IP addresses, the appliance displays a different type of sample details page focused on Network Threat Intelligence.

Additionally, information displayed on the Sample Details page differs based on the file type and classification status of each sample.

To access the Sample Details page for a sample, click the sample name in any of the following pages:

  • Search > Local and Spectra Intelligence results
  • Alerts
  • YARA > Local and local-retro ruleset matches

The page consists of a navigation sidebar on the left and the main information area on the right. The sidebar can be collapsed or expanded by clicking the Show/Hide Panel button at the top of the sidebar.

At the top of the navigation sidebar, there’s a persistent short summary showing information such as file hash, predicted filename (if it exists), file size, file type and format, and the Preview / Visualizations link to open the File Preview Dialog. If the predicted filename exists, it can be found right below the file hash.

The right section of the page is the main information area. Its contents change depending on the section selected in the navigation sidebar (4).

When Report Summary is selected in the sidebar, the CREATE PDF button is displayed at the top right of the page. Clicking the button exports the whole Summary page as a PDF file. PDF reports are available only for local samples. Cloud samples will have this button replaced with Fetch & Analyze, if the sample is available for download.

PDF reports have a retention period of 30 minutes and will not reflect changes that happened after they were generated. If a sample’s classification changed after the PDF report was already created, users must wait for the retention period to expire before requesting it again or use the PDF Report API endpoints to immediately generate and download an updated PDF report.

Because some PDF viewers automatically convert all strings with an http[s]* schema into clickable hyperlinks, it is not recommended to click any links in the generated PDF as they may lead to malicious content.

For local samples, the ACTIONS menu contains the same sample actions available elsewhere on the appliance (download, reclassify, reanalyze, delete…), but also the option to enable the Legacy View which modifies the Threat Type / Risk Score header tile to show the old Severity and Confidence values instead of the new Risk Score. To see how these are mapped to one another, refer to the risk score chapter.. Cloud samples only have the options to Subscribe or Unsubscribe.

The navigation sidebar provides quick access to all parts of the analysis report. The sidebar sections are collapsed by default, unless the Sample Details page is accessed via a specific link targeting a section in the sidebar.