3.1 Files

Last updated 9 days ago

3.1 Files

📖 Overview

The Files submodule within the Analyzed section provides a complete historical log of all scanned file attachments processed by ShieldsGuard SEG.

These files are typically extracted from emails and analyzed in real-time using static and dynamic malware analysis engines. The verdict assigned to each file allows analysts to identify harmful content before it reaches end users.

🛡️ Every file scanned here is a potential entry point for ransomware, trojans, and spyware. Monitoring this data is critical for your email security posture.

🧠 What You’ll See

Column

Description

File Name

The original or hashed name of the file

Analysis Time

Timestamp of when the file was processed

Verdict

Final analysis result (e.g., MALICIOUS, SUSPICIOUS, CLEAN, MAX FILE SIZE)

Actions

View contextual details (related email, sender, etc.)

🧪 Verdict Types

Verdict Label

Meaning

MALICIOUS

Confirmed malware or dangerous file behavior

SUSPICIOUS

Indicators of compromise or obfuscation, but not fully confirmed

MAXIMUM FILE SIZE

File exceeds configured scan threshold, not analyzed

CLEAN

File passed all security checks

⚠️ Files flagged as MALICIOUS are automatically quarantined and blocked from delivery.

🔍 Use Cases

Scenario

Benefit

Track malware campaigns

Identify reused or recurring malicious attachments

Audit file-based threats

Analyze when and how a file entered the system

Investigate delivery paths

Correlate file to sender, recipient, and source domain

Triage based on file type

Block dangerous extensions (.exe, .zip, .js, .rar)

📤 Integration with Email

Each file is directly linked to the email message it was extracted from. You can:

View the full Mail ID and associated metadata
Analyze the Sender Domain, Attachments, and URLs in the same panel
Take action (e.g., block domain, quarantine user)

🛡️ File Type Intelligence

Common file formats analyzed:

.doc, .xls, .pdf – Office-based exploits
.zip, .rar, .tar – Archive attacks with embedded payloads
.js, .vbs, .ps1 – Script-based threats
.exe, .dll – Direct executables
.img, .iso, .lnk – Advanced initial access formats

⚙️ Analyst Tips

Filter files by verdict to quickly review only malicious or suspicious entries.
Use timestamps to correlate large-scale attack waves or targeted campaigns.
Combine this module with 3.3 Mail for full context.

🎯 The Files module is your forensic vault for malicious attachments — a vital tool for hunting, prevention, and incident response.

Previous3. Analyzed Next3.2 URL

Last updated 9 days ago

📖 Overview

The Files submodule within the Analyzed section provides a complete historical log of all scanned file attachments processed by ShieldsGuard SEG.

🛡️ Every file scanned here is a potential entry point for ransomware, trojans, and spyware. Monitoring this data is critical for your email security posture.

🧠 What You’ll See

Column

Description

File Name

The original or hashed name of the file

Analysis Time

Timestamp of when the file was processed

Verdict

Final analysis result (e.g., MALICIOUS, SUSPICIOUS, CLEAN, MAX FILE SIZE)

Actions

View contextual details (related email, sender, etc.)

🧪 Verdict Types

Verdict Label

Meaning

MALICIOUS

Confirmed malware or dangerous file behavior

SUSPICIOUS

Indicators of compromise or obfuscation, but not fully confirmed

MAXIMUM FILE SIZE

File exceeds configured scan threshold, not analyzed

CLEAN

File passed all security checks

⚠️ Files flagged as MALICIOUS are automatically quarantined and blocked from delivery.

🔍 Use Cases

Scenario

Benefit

Track malware campaigns

Identify reused or recurring malicious attachments

Audit file-based threats

Analyze when and how a file entered the system

Investigate delivery paths

Correlate file to sender, recipient, and source domain

Triage based on file type

Block dangerous extensions (.exe, .zip, .js, .rar)

📤 Integration with Email

Each file is directly linked to the email message it was extracted from. You can:

View the full Mail ID and associated metadata
Analyze the Sender Domain, Attachments, and URLs in the same panel
Take action (e.g., block domain, quarantine user)

🛡️ File Type Intelligence

Common file formats analyzed:

.doc, .xls, .pdf – Office-based exploits
.zip, .rar, .tar – Archive attacks with embedded payloads
.js, .vbs, .ps1 – Script-based threats
.exe, .dll – Direct executables
.img, .iso, .lnk – Advanced initial access formats

⚙️ Analyst Tips

Filter files by verdict to quickly review only malicious or suspicious entries.
Use timestamps to correlate large-scale attack waves or targeted campaigns.
Combine this module with 3.3 Mail for full context.

🎯 The Files module is your forensic vault for malicious attachments — a vital tool for hunting, prevention, and incident response.