YOU’RE NOT VIEWING PANDA SECURITY USA. CLICK TO IMPROVE YOUR EXPERIENCE
VISIT PANDA SECURITY USA
x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with 50% off
RENEW NOW
x
48-HOUR OFFER
50%
RENEWALS
Home users only
RENEW AT A DISCOUNT
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET 50% OFF
x
UP TO
-60%
BUY NOW
x
UP TO
-60%
BUY NOW

Technical Support

Need help?

 

How to get updated information about a file's classification in Advanced Reporting Tool

Information applies to:

Products
Adaptive DefenseAdaptive Defense 360
Adaptive Defense 360 on Aether PlatformAdaptive Defense on Aether Platform

Adaptive Defense's detection platform constantly scans the files seen on customers' IT networks. That's why a file's classification may change from the value it had when the initial data was sent to the Advanced Reporting Tool platform.

However, the event information logged in the event table (ops, sockets, etc.) is not changed. This is to allow administrators to analyze situations and events at the time they took place. Nevertheless, if from the time that an event took place up to the present time, the classification of the file or files related to the event changes, it is possible to check those changes via the Category function, as explained below.

For example, if the Ops or Sockets tables contain files (related to an event's parent and child processes) with the value monitoring in the category field (cat), you can use the category function to find out the updated value of the files' classification.

To do that, create a field whose value is the result of searching in the table the hash of files with initial category 'monitoring'. Follow the steps below:

  • Create a new field (UpdatedCat for example). This field will be the result of searching a hash (childhash, for example) in the categories table.




  • Search for the new value of those hashes whose initial category was ?monitoring?. In our example, filter the table to display those records with childCat monitoring.

  • Check the new values of the hashes by filtering or grouping by the UpdatedCat field.


If the value returned by this function is null, it means that the file's classification has not changed.

Help nº- 20170811 50109 EN

Have you resolved your query with this article?

yes no

Thanks for your answer


Why didn't you find it helpful?


The instructions are too complex.
The instructions are too long.
The instructions don't work.
I'd rather have a video.
Other reasons.




Talk to a technician!

 

Business hours: Mondays-Fridays 9:00 to 18:00 CET

Outside business hours, please use the online form.





ALWAYS ONLINE TO HELP YOU TWITTER FORUM RATE US CHAT
ALWAYS ONLINE TO HELP YOU TWITTER FORUM RATE US CHAT