# 3. Analyzed

#### 📖 Overview

The **Analyzed** section provides a full forensic archive of all previously scanned objects — including **files**, **URLs**, **emails**, and **domains**. Each entry is tagged with a verdict (e.g., MALICIOUS, SUSPICIOUS, CLEAN), along with timestamped analysis results.

This module functions as a centralized threat intelligence archive, enabling security analysts to review, trace, and act on past security incidents.

***

#### 🔬 3.1 Files

Displays every scanned file (usually attachments) from your email traffic.

| Field         | Description                                    |
| ------------- | ---------------------------------------------- |
| File Name     | Unique name or hash of the file                |
| Analysis Time | When the file was scanned                      |
| Verdict       | Result (e.g., MALICIOUS, CLEAN, MAX FILE SIZE) |
| Actions       | Email link, contextual detail button           |

Use Cases:

* Investigate file-based malware campaigns
* Track file re-use across emails
* Identify common malicious payloads (.zip, .rar, .tar, etc.)

> 🛡️ Files marked as MALICIOUS are automatically quarantined.

***

#### 🔗 3.2 URL

Lists all scanned URLs from email content or headers.

| Field         | Description                         |
| ------------- | ----------------------------------- |
| URL Address   | Full link found in email or file    |
| Analysis Time | Date/time it was scanned            |
| Verdict       | MALICIOUS / SUSPICIOUS / CLEAN      |
| Actions       | View in context or add to blacklist |

Use Cases:

* Detect phishing and credential-harvesting links
* Investigate shortened URLs or obfuscated redirectors
* Flag suspicious tracking or C2 infrastructure

> 🔍 All URLs are evaluated through real-time link sandboxing and threat intel feeds.

***

#### 📧 3.3 Mail

Full log of email-based security events.

| Field     | Description                                             |
| --------- | ------------------------------------------------------- |
| Mail ID   | Unique ID for the email object                          |
| Sender    | Origin email address                                    |
| Recipient | User inbox address                                      |
| Verdict   | SPAM / PHISHING / BLOCKED WORDS / MAX SIZE / SUSPICIOUS |
| Actions   | View full email forensic analysis                       |

Tabs Inside:

* Attachments
* Sender Domain
* URL analysis
* Mail metadata

> 📩 This is the core view for threat hunting via mail object correlation.

***

#### 🌐 3.4 Domain

Tracks sending domains flagged in prior scans.

| Field         | Description                            |
| ------------- | -------------------------------------- |
| Sender Domain | Domain that sent malicious/spam emails |
| Verdict       | SPAM / SUSPICIOUS / PHISHING           |
| Actions       | Add to Blacklist or Whitelist          |

Includes domain reputation tracking.\
Allows inline enforcement through the **Block/Allow** modal.

> 🛠️ Helps quickly isolate problematic or abused senders across email campaigns.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.shieldsguard.com/shieldsguard-seg/3.-analyzed.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.