Sample Details Page
Types of Sample Details pages
The Sample Details page presents all the available information about a sample.
Local
For local files, the information is collected from Spectra Core static analysis results, Spectra Intelligence, dynamic analysis, and auxiliary analysis. Administrators can configure processing settings on the appliance (“Fast”, “Normal”, “Best”). This will impact which file formats will be fully processed and how much information will be presented for them.
Cloud
For samples that are not local, the scope of information will depend on the information provided by Spectra Intelligence. This is usually a subset of what is available for locally available files: a section of static analysis results and Spectra Intelligence scanning results.
Network Threat Intelligence
For URLs, domains and IP addresses, the appliance displays a different type of sample details page focused on Network Threat Intelligence.
Additionally, information displayed on the Sample Details page differs based on the file type and classification status of each sample.
Accessing Sample Details pages
To access the Sample Details page for a sample, click the sample name in any of the following pages:
- Search > Local and Spectra Intelligence results
- Alerts
- YARA > Local and local-retro ruleset matches
The page consists of a navigation sidebar on the left and the main information area on the right. The sidebar can be collapsed or expanded by clicking the Show/Hide Panel button at the top of the sidebar.
At the top of the navigation sidebar, there’s a persistent short summary showing information such as file hash, predicted filename (if it exists), file size, file type and format, and the Preview / Visualizations link to open the File Preview Dialog. If the predicted filename exists, it can be found right below the file hash.
The right section of the page is the main information area. Its contents change depending on the section selected in the navigation sidebar.
The navigation sidebar provides quick access to all parts of the analysis report. The sidebar sections are collapsed by default, unless the Sample Details page is accessed via a specific link targeting a section in the sidebar.
Main Page Actions
When any item from the File Analysis Detail section is selected in the sidebar, the main information area will contain the following options in the top right of the page:
Actions Button
The Create PDF option exports the whole Summary page as a PDF file. PDF reports are available only for local samples.
PDF reports have a retention period of 30 minutes and will not reflect changes that happened after they were generated. If a sample’s classification changed after the PDF report was already created, users must wait for the retention period to expire before requesting it again or use the PDF Report API endpoints to immediately generate and download an updated PDF report.
Because some PDF viewers automatically convert all strings with an http[s]*
schema into clickable hyperlinks, it is not recommended to click any links in the generated PDF as they may lead to malicious content.
For local samples, the Actions menu contains the same sample actions available elsewhere on the appliance (download, reclassify, reanalyze, delete…). Cloud samples only have the options to Subscribe or Unsubscribe.
Reanalyze
Opens a floating dialog where users can reanalyze the submission with static, dynamic, or Spectra Intelligence analysis services.
Similarity
Contains advanced search pivot options to search for similar and functionally similar samples.
Fetch & Analyze
Visible only for cloud samples. This option will download the sample from the Spectra Intelligence cloud and analyze it locally on the appliance. If the sample is not available for download, the button will be disabled.
📄️ Sample Details Summary
The Report Summary page highlights the most interesting information about an analyzed sample.
📄️ File Preview / Visualization
The file preview window can be used to preview image samples, text documents and some script languages. It also provides Entropy and Structure tabs, and a HEX preview.
📄️ Spectra Core - Static Analysis Results
This page visualizes the static analysis report for every sample, organized into sections.
📄️ Extracted Files
A page that allows browsing through the entire hierarchy of files extracted from a sample.
📄️ Threat Intelligence (Spectra Intelligence)
This page visualizes all information about the sample retrieved from the Spectra Intelligence cloud.
📄️ Sources
The Sources page displays different types of sources for the selected sample, their time and date of retrieval, as well as any additional information.
📄️ Dynamic Analysis Results
The Sample Details page shows any dynamic analysis service reports, if dynamic analysis services are configured on the appliance.
📄️ Discussion
The Discussion page displays the comments that have been added to a sample, either by the user who uploaded it or by other users.
📄️ Threat Classification Sources
Threats can be classified by Spectra Core, Spectra Intelligence, dynamic analysis, or manually overridden. This page also contains a list of all possible classification reasons for a sample.
📄️ Network Threat Intelligence Page
description