Executables

In this tab, a user can see information regarding the Executables statistics.

Information and functionality available in this section:

Executable popularity—Here, you can see the graphical intersection of LiveGrid® Popularity and Network Popularity. In the bubble is the count of files that meet the condition. Clicking the bubble will redirect you to the list of executables by popularity

oLiveGrid® Popularity—How many computers reported an executable to LiveGrid®. Red is malicious, Yellow is suspicious, Green is safe

oNetwork Popularity—The number of computers which have the module in the enterprise

Executable status—This section shows the status of executables based on unresolved detections. Clicking a pie graph or the name of the status redirects you to the list of executables with the selected status

Problematic Executables—This section provides the list of problematic executables that occurred on monitored computers. After clicking the name of the problematic executable, you are redirected to the Executable Details section. Right-click the executable name or left click anywhere else on the row, brings up a context menu with the following options:

oDetails—The same as clicking the name of executable

oDetails (New Tab)—The same as clicking the name of executable but opened in a new tab

oStatistics—You are redirected to the Executable statistics

oDetections—You are redirected to the Executable detections

oSeen On—You are redirected to the Executable computers

oSource—You are redirected to the Executable sources

These columns presented in Problematic executables are:

Executable (By SHA-1)—The name of the executable

Status—Threat Alarm_Severity_Threat, Warning Alarm_Severity_Warning, Info Alarm_Severity_Info, Ok Executables_Status_Ok

Unresolved (Unique)—Total count of unique unresolved detections

Unresolved—Total count of unresolved detections

Threats (Unique)—Total count of unique unresolved threat detections

Threats—Total count of unresolved threat detections

Warnings (Unique)—Count of unique unresolved warning detections

WarningsTotal count of unresolved warning detections

Information (Unique)—Total count of unique unresolved informational detections

Information—Total count of unresolved informational detections

Resolved—Total count of resolved detections with no regard to severity

Additional filters

The additional filters are accessible by clicking the ADD FILTER button or clicking on a space next to the add filter button, where the list of available filters shows. The user can search filter by typing its name or selecting from the list. For the definitions of the additional filters, follow here.

Some of the filters have a funnel icon next to them with two or four possible predefined options:

Unknown—the value in the filtered column is not available (probably not a known value at the time of occurrence)

Known—the value is available

None—value is an empty string

Any—the value is not empty. The negation of None filter

If present on the screen you, can refresh the table by clicking the refresh iconAlarms_Refresh. If available, the export icon Export_CSV can be used to export the table grid to CSV format and use it in other applications to work with the list.

If present, click the PRESETS button to manage filter sets. These options are available:

Save filters—allows you to save the actual filter set. Select the check box Include the visible columns and sorting to save also this setting of your selection, otherwise when loading saved filter without this option selected will end up by showing you the default column setting

Reset filters—resets active filter and return to default filter setting with default column setting

Reset view—resets the active view without resetting the filter set

Manage—allows you to manage your filter sets

Save Filters as Rule—if available, allows you to save the filter as a rule. You can find it then in the list of rules under the Detection rules sub-tab of the admin tab

Columns

Columns can be reorganized by using the Columns_Move icon that appears on the right side of the column name when you hover the mouse over the column name.

The width of the column can be re-sized by the Column_Resize icon that appears on the left side of the column name when you hover the mouse over the column name.

The order of the columns can be organized by clicking the name of the column:

Default (No icon)

Ascending Column_Ascending

Descending Column_Descending

You can change which columns are displayed after clicking the gear icon and selecting the Select column option, or you can reset the view to default by clicking the Reset columns option. You can use Enter quick search pattern—here, you can search for the column by typing its name or a couple of letters from it. Useful if the list of columns is long. For the definitions of the columns follow here.