Skip to main content
Version: Spectra Analyze 9.2.0

Sample Details Page

Types of Sample Details pages

The Sample Details page presents all the available information about a sample.

Local

For local files, the information is collected from Spectra Core static analysis results, Spectra Intelligence, dynamic analysis, and auxiliary analysis. Administrators can configure processing settings on the appliance (“Fast”, “Normal”, “Best”). This will impact which file formats will be fully processed and how much information will be presented for them.

An image showing the local version of the Sample Summary page.

Cloud

For samples that are not local, the scope of information will depend on the information provided by Spectra Intelligence. This is usually a subset of what is available for locally available files: a section of static analysis results and Spectra Intelligence scanning results.

An image showing the cloud version of the Sample Summary page.

Network Threat Intelligence

For URLs, domains and IP addresses, the appliance displays a different type of sample details page focused on Network Threat Intelligence.

Additionally, information displayed on the Sample Details page differs based on the file type and classification status of each sample.

An image showing the network threat intelligence version of the Sample Summary page.

Accessing Sample Details pages

To access the Sample Details page for a sample, click the sample name in any of the following pages:

  • Search > Local and Spectra Intelligence results
  • Alerts
  • YARA > Local and local-retro ruleset matches

The page consists of a navigation sidebar on the left and the main information area on the right. The sidebar can be collapsed or expanded by clicking the Show/Hide Panel button at the top of the sidebar.

At the top of the navigation sidebar, there’s a persistent short summary showing information such as file hash, predicted filename (if it exists), file size, file type and format, and the Preview / Visualizations link to open the File Preview Dialog. If the predicted filename exists, it can be found right below the file hash.

The right section of the page is the main information area. Its contents change depending on the section selected in the navigation sidebar.

The navigation sidebar provides quick access to all parts of the analysis report. The sidebar sections are collapsed by default, unless the Sample Details page is accessed via a specific link targeting a section in the sidebar.

Main Page Actions

When any item from the File Analysis Detail section is selected in the sidebar, the main information area will contain the following options in the top right of the page:

Actions Button

The Create PDF option exports the whole Summary page as a PDF file. PDF reports are available only for local samples.

PDF reports have a retention period of 30 minutes and will not reflect changes that happened after they were generated. If a sample’s classification changed after the PDF report was already created, users must wait for the retention period to expire before requesting it again or use the PDF Report API endpoints to immediately generate and download an updated PDF report.

Because some PDF viewers automatically convert all strings with an http[s]* schema into clickable hyperlinks, it is not recommended to click any links in the generated PDF as they may lead to malicious content.

For local samples, the Actions menu contains the same sample actions available elsewhere on the appliance (download, reclassify, reanalyze, delete…). Cloud samples only have the options to Subscribe or Unsubscribe.

Reanalyze

Opens a floating dialog where users can reanalyze the submission with static, dynamic, or Spectra Intelligence analysis services.

Similarity

Contains advanced search pivot options to search for similar and functionally similar samples.

Fetch & Analyze

Visible only for cloud samples. This option will download the sample from the Spectra Intelligence cloud and analyze it locally on the appliance. If the sample is not available for download, the button will be disabled.