What Does It Do
The Malware Scanner Ingest Module uses Cyber Triage Cloud to identify if any executables in a data source are malware based on the executable’s md5 hash.
Before using the Malware Scanner Ingest Module, you must register a Cyber Triage Cloud License. A license number can be added by selecting the ‘Options’ menu item from the ‘Tools’ menu, going to the ‘Cyber Triage’ tab, and then clicking ‘Add License’.
The user will then be presented with a dialog to enter your license number. Enter your license number and then press ‘OK’. If your license number is validated, you will be presented with the Cyber Triage End User License Agreement. The window may take a moment to load.
Read through the license agreement, and press ‘Accept’. At that point, your options panel should load with information pertaining to remaining lookups.
In the screenshot above, there is the option “Upload executable if executable is unknown.” In the event that an executable has not previously been seen by Cyber Triage Cloud, this option provides the ability to upload the executable for scanning. This option may cause increased processing time in order to upload the file and wait for scanning to complete.
Using the Module
Once the module has been configured, the user can utilize the Cyber Triage Malware Scanner ingest module during the ingest process.
If the license has not been properly configured or there are no more lookups on the license, there will be a notification in the lower right corner indicating the error. In that event, no more executables will be provided to the Cyber Triage Cloud for lookup.
Once ingest has completed, there will be malware results for executables in the lookup.