Searching Sandstorm

Use these settings to view and manage downloads that were sent to Sandstorm for analysis in the sandbox. You can, optionally, release the file before the analysis is complete.

  1. On the Search tab sidebar, click Sandbox Activity.
    A list will be displayed of all downloads that were sent for further analysis in the sandbox.
  2. Optionally, you can narrow the search results by clicking the Show Filters button and entering filtering parameters:
    1. Enter the user or IP address for which you want to filter in the User/IP text box, then click the filter icon to the right of the text box.
      Click the red "x" icon to clear this filter.
    2. Enter the download source site for which you want to filter in the Site text box, then click the filter icon to the right of the text box.
      Click the red "x" icon to clear this filter.
    3. Use the File Type filter to select downloads by their file type.
    4. Use the Status filter so select downloads using their Sophos Sandstorm analysis result.
    5. Use the Released filter to select whether you want to filter for released files, unreleased files, or all files.

    The filtered results are displayed in the content pane.

  3. [Optional] To change the sort order of the results, toggle the up/down arrow icon that appears immediately to the right of any of the following column headers at the top of the list of entries.
  4. To view details about a specific downloaded item, click its status.
    A detailed report will be displayed with download information, file information, and results of the analysis.
  5. [Optional] To release an item that is currently being analyzed by Sandstorm (that is, with a status of “In Progress” or “Error”) so that users can downloaded it immediately, select the check box in the Released column and click Release.

    Sandstorm continues to analyze the file even if you release it.

    If you release a file before the analysis is finished and the file is later determined to be malicious, you will receive an email notification.

    CAUTION
    Releasing an item before the analysis is finished may result in the downloading of malicious content.