MALWARE DATA ITEM ANALYSIS
First Claim
1. A computer network comprising:
- a database configured to store file data items; and
one or more hardware computer processors configured to execute computer executable instructions in order to;
receive a first data item including a suspected malware file;
store, in the database, the first data item in association with at least one of;
a date of submission of the first data item, oran identifier of the person who submitted the first data item;
initiate an internal analysis of the first data item to generate an internal analysis information item;
transmit the first data item to an external analysis provider outside of the computer system for external analysis;
receive, from the external analysis provider, an external analysis information item; and
generate a graphical user interface presenting analysis information items associated with the first data item, the graphical user interface including at least;
a first node representing the first data item, anda second node representing the internal analysis information item.
7 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure relate to a data analysis system that may automatically analyze a suspected malware file, or group of files. Automatic analysis of the suspected malware file(s) may include one or more automatic analysis techniques. Automatic analysis of may include production and gathering of various items of information related to the suspected malware file(s) including, for example, calculated hashes, file properties, academic analysis information, file execution information, third-party analysis information, and/or the like. The analysis information may be automatically associated with the suspected malware file(s), and a user interface may be generated in which the various analysis information items are presented to a human analyst such that the analyst may quickly and efficiently evaluate the suspected malware file(s). For example, the analyst may quickly determine one or more characteristics of the suspected malware file(s), whether or not the file(s) is malware, and/or a threat level of the file(s).
-
Citations
18 Claims
-
1. A computer network comprising:
-
a database configured to store file data items; and one or more hardware computer processors configured to execute computer executable instructions in order to; receive a first data item including a suspected malware file; store, in the database, the first data item in association with at least one of; a date of submission of the first data item, or an identifier of the person who submitted the first data item; initiate an internal analysis of the first data item to generate an internal analysis information item; transmit the first data item to an external analysis provider outside of the computer system for external analysis; receive, from the external analysis provider, an external analysis information item; and generate a graphical user interface presenting analysis information items associated with the first data item, the graphical user interface including at least; a first node representing the first data item, and a second node representing the internal analysis information item. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
Specification