Sample Details Page

Types of Sample Details pages

The Sample Details page presents all the available information about a sample.

Local

For local files, the information is collected from Spectra Core static analysis results, Spectra Intelligence, dynamic analysis, and auxiliary analysis. Administrators can configure processing settings on the appliance (“Fast”, “Normal”, “Best”). This will impact which file formats will be fully processed and how much information will be presented for them.

Cloud

For samples that are not local, the scope of information will depend on the information provided by Spectra Intelligence. This is usually a subset of what is available for locally available files: a section of static analysis results and Spectra Intelligence scanning results.

Network Threat Intelligence

For URLs, domains and IP addresses, the appliance displays a different type of sample details page focused on Network Threat Intelligence.

Additionally, information displayed on the Sample Details page differs based on the file type and classification status of each sample.

Accessing Sample Details pages

To access the Sample Details page for a sample, click the sample name in any of the following pages:

• Search > Local and Spectra Intelligence results
• Alerts
• YARA > Local and local-retro ruleset matches

The page consists of a navigation sidebar on the left and the main information area on the right. The sidebar can be collapsed or expanded by clicking the Show/Hide Panel button at the top of the sidebar.

At the top of the navigation sidebar, there’s a persistent short summary showing information such as file hash, predicted filename (if it exists), file size, file type and format, and the Preview / Visualizations link to open the File Preview Dialog. If the predicted filename exists, it can be found right below the file hash.

The right section of the page is the main information area. Its contents change depending on the section selected in the navigation sidebar.

The navigation sidebar provides quick access to all parts of the analysis report. The sidebar sections are collapsed by default, unless the Sample Details page is accessed via a specific link targeting a section in the sidebar.

Main Page Actions

When any item from the File Analysis Detail section is selected in the sidebar, the main information area will contain the following options in the top right of the page:

Reanalyze

Opens a floating dialog where users can reanalyze the submission with static, dynamic, or Spectra Intelligence analysis services.

Similarity

Contains advanced search pivot options to search for similar and functionally similar samples.

Fetch & Analyze

Only on cloud samples.

This option will download the sample from the Spectra Intelligence cloud and analyze it locally on the appliance. If the sample is not available for download, the button will be disabled.

Actions Button

Depending on the type of page, different choices are available.

Local samples:

• PDF:
  • Create PDF option exports the whole Summary page as a PDF file.
  • Export PDF (Short) exports a shortened version, with the current layout.
• Downloading samples (both extracted files and original samples) always uses ZIP archives (optionally password-protected).
• Sample management options:
  • editing classification or tags
  • subscribing and unsubscribing
  • deleting the sample

PDF reports have a retention period of 30 minutes and will not reflect changes that happened after they were generated. If a sample’s classification changed after the PDF report was already created, users must wait for the retention period to expire before requesting it again or use the PDF Report API endpoints to immediately generate and download an updated PDF report.

warning

Because some PDF viewers automatically convert all strings with an http[s]* schema into clickable hyperlinks, it is not recommended to click any links in the generated PDF as they may lead to malicious content.

Cloud samples:

Only subscribing and unsubscribing is available.

URLs:

• Reanalyze
• Download options:
  • Payload: scraped content (if you used local analysis when submitting the URL).
  • Screenshots and dropped files: OS artifacts taken from dynamic analysis. The artifacts are in a 7z archive (password: infected).

Layouts ⚙

Only on local samples.

Select one of the preconfigured layouts of the report summary page, or create your own. Created layouts can be either personal or shared. If shared, other users can also use the layout.

Read more about layouts in the Administration chapter.

---

📄️ Sample Details Summary

The Report Summary page highlights the most interesting information about an analyzed sample.

📄️ File Preview / Visualization

The file preview window can be used to preview image samples, text documents and some script languages. It also provides Entropy and Structure tabs, and a HEX preview.

📄️ Spectra Core - Static Analysis Results

This page visualizes the static analysis report for every sample, organized into sections.

📄️ Extracted Files

A page that allows browsing through the entire hierarchy of files extracted from a sample.

📄️ Threat Intelligence (Spectra Intelligence)

This page visualizes all information about the sample retrieved from the Spectra Intelligence cloud.

📄️ Sources

The Sources page displays different types of sources for the selected sample, their time and date of retrieval, as well as any additional information.

📄️ Dynamic Analysis Results

The Sample Details page shows any dynamic analysis service reports, if dynamic analysis services are configured on the appliance.

📄️ Discussion

The Discussion page displays the comments that have been added to a sample, either by the user who uploaded it or by other users.

📄️ Threat Classification Sources

Threats can be classified by Spectra Core, Spectra Intelligence, dynamic analysis, or manually overridden. This page also contains a list of all possible classification reasons for a sample.

📄️ Network Threat Intelligence Page

description