Review list of submitted files

Create a list of top submitting computers

1.Navigate to the Reports > Dynamic Threat Defense category.
 

list_of_files_x2

2.Find the report template Top 10 computers with file submissions to ESET Dynamic Threat Defense and ESET LiveGrid in last 30 days.
 

note

Note  

You can edit the template first and change the computers count (10) or time frame (the last 30 days) to other value. You may need to change that if the situation in your network requires it.

 

3.Click Generate now and save the report (the list of top computers).

 

Create the list of submitted files for the top computers

You need the list of top submitting computers from the procedure above to complete the following steps.

 

1.In the ESMC Web Console, navigate to Reports > New Report Template.

 

list_of_files_1

2.Give the template an appropriate Name and Category.
 

3.Continue to the Chart section.
 

list_of_files_2

4.In the Chart section, select only the Display Table check box and continue to the Data section.

 

list_of_files_3

5.In the Data section, click Add Column and add the following:

Computer - Computer name

Dynamic Threat Defense - Object URI

 

6.Navigate to the Filter section.

 

list_of_files_4

7.Click Add column, select Dynamic Threat Defense . Relative time interval (Time of occurrence).
 

8.Set the interval to the last 30 days, or other value relevant for your system.
 

list_of_files_5

 

9.Click Add Column again and add Computer . Computer name item.
 

10. Add all the names of top computers from the previous procedure (top 10 substituting computers).

 

list_of_files_8

11. Click Finish to save the report template.
 

12. Find the new report template and generate a CSV file.

 

list_of_files_7

 

Data analysis

The following procedure requires 3rd party software (a spreadsheet editor and basic data analysis skills)

 

1.Open the CSV exported file in a spreadsheet editor, for example, MS Excel.
 

2.Separate the data into two columns. In MS Excel, select the first column, navigate to Data > Text to Columns.

 

list_of_files_9

3.Select Delimited > Next.
 

4.Select only the Semicolon delimiter and click Next > Finish.
 

list_of_files_10

Now you have the data which you have to analyze for yourself.

important

Important information

Look for a pattern in submitted files and their locations. Find a pattern, usually a folder, from which the vast majority of files is submitted. When you have a pattern, suspicious computer, or application, you need to investigate the pattern.

Look for answers to:

Which application is using this folder?

What is this computer used for, what makes it stand out from others?

What is the origin of those files?

 

The ultimate goal of the investigation is to find a pattern for exclusion.

 

When you have found the pattern, continue with Exclude Folders.