Skip to main content
Download Report for a Threat Hunt job

Provides information about monitoring Threat Hunt jobs using download report.

Updated over a week ago

Overview

You can use the Download Report option to download Threat Hunt File Level and/or Snapshot level details for offline investigation and auditing purposes.

Use File Level to download and view the details of scanned files and Detail report to download and view snapshot details.

The data is downloaded in a compressed file format when you click the Download Report option. Following is the file naming convention of the downloaded file:

File Level Report: <Threat Hunt Name_Summary-<Date stamp>, <Time stamp>.<file extension of the compressed file format>
For example, file level report for the Threat Hunt Test name will be downloaded as <Threat Hunt Test_Summary-Jul 13, 2024 09_47_25.zip>
Detail Report: <Threat Hunt Name_Detailed-<Date stamp>, <Time stamp>.<file extension of the compressed file format>
For example, detail report for the Threat Hunt Test name will be downloaded as <Threat Hunt Test_Detailed-Jul 13, 2024 09_47_25.zip>

What information does the File Level Report contain?

The File Level Report provides a summary of scanned files which includes the following information:

  • Threat Hunt Name

  • Scan Criteria defined for Threat Hunt

  • Status of Scan

  • Number of infected resources

  • Number of infected snapshots

  • Total number of malicious files found

  • Name of the administrator who created the Threat Hunt job

  • Date and time when the Threat Hunt job is initiated

  • Date and time when the Threat Hunt job completed

  • Name of the resource

  • Snapshot details such as name, status (ready or not ready for threat hunt) and size

  • Total number of scanned files

  • Total number of file matches found

  • Number of file hash matches

  • Number of predefined file hashes

  • Number of file extension matches

What information does the Detail Report contain?

The Detail Report includes the following information:

  • Threat Hunt Name

  • Scan Criteria defined for Threat Hunt

  • Status of Scan

  • Number of infected resources

  • Number of infected snapshots

  • Total number of malicious files found

  • Name of the administrator who created the Threat Hunt job

  • Date and time when the Threat Hunt job is initiated

  • Date and time when the Threat Hunt job completed

  • Name of the resource

  • Snapshot details

  • Name of the malicious or infected file

  • File Path-Location of the malicious or infected file

  • Scan criteria used to scan the file

  • Details of file matches—This displays the file hash value entered during threat creation. It can be either SHA1, SHA-256, or MD5.

  • File type, size, creation, and modification time

  • SHA1 Checksum values

Procedure

To download the report, perform the following steps:

  1. Click the Global Navigation Panel and select Cyber Resilience > Threat Hunting. The Threat Hunting Dashboard page will then be displayed.

  2. On the Threat Hunt dashboard page, click the Threat Hunt Name for which you want to download the report.

  3. On the Scan Results page, click Download Report > Detail Report or File Level Report. The data is downloaded in a compressed file format.

Did this answer your question?