Intelix reports

SophosLabs Intelix analyzes suspicious files that are submitted to Sophos.

Files are submitted if anti-malware software on a device automatically submits them, or an admin clicks Request latest intelligence for a file on the Threat Graphs page.

Intelix tries to determine the origin, workings, and possible impact of suspect or malicious files.

Intelix applies two different methods of analysis:

• Static analysis uses machine learning, file scanning, and reputation to assess suspicious files.
• Dynamic analysis runs suspicious files in a sandboxed environment to observe their behavior.

Each analysis gives a verdict on the risk level of the file. Intelix combines them to give an overall verdict.

See Intelix verdicts and reports

To see Intelix verdicts on a file, do as follows:

1. Go to Threat Analysis Center > Detections.

2. To see detection details, find the detection in the table and click anywhere in its row.

   A new pane slides out on the right of the screen.

   

3. Scroll down to Threat Intelligence. This shows the overall verdict from Intelix, for example Benign.

   

4. Hover over the overall verdict to see the separate verdicts of the Static Report and the Dynamic Report.

   

5. To see the full Intelix analyses, click the filename shown in Threat Intelligence.

   

6. By default, the Static Analysis Report is open. This shows a verdict on the threat risk, as measured by different analyses.

   

7. Click the Dynamic Report tab to see the Dynamic Analysis Report. If you don't see this tab, no dynamic analysis report is available for this file.

   The report shows the following:

   • MITRE attack tactics and techniques used by the threat.
   • Processes that were run.
   • Network activity.