As you perform your investigations in the EDR appliance console, you might come across suspicious files that you want to learn more about. You can submit those files to Symantec's cloud-based sandbox tool for analysis from the EDR appliance console with a single click. However, you might have instances when you're not in the EDR appliance console and want to submit files for sandboxing. For example, you may have obtained a file on a USB that you want to analyze before you move it to your network. Or you learn in an intelligence feed about a file hash that is suspicious.
Your Symantec EDR license lets you submit files or SHA256 file hashes to Symantec's sandboxing portal for analysis (up to 20 submissions per day). File size limit is 10 MB.
You can download the results in .pdf format. The portal is supported on the following browsers: Internet Explorer 10 and later, Chrome, Firefox, and Safari. You must first register as a user with the primary email address associated with your Symantec EDR account.
If you have already used your email address to create a Managed Security Services (MSS) or DeepSight account, see the following knowledge base article about how to submit files to Cynic.