When do we get details in the “Cynic Observed File, Registry, System Changes” and Cynic “Observed Network Analysis” section of the file entity page?
Last Updated May 02, 2019
Cynic doesn't provide analysis to ATP or SEDR when file is clean or when verdict is already available for the submitted file.
All ATP & SEDR Versions
It's working as per the design.
These details will populate when Cynic server has found that submitted file is malicious or suspicious. Cynic server will execute the submitted file in the sandbox environment and provide the analysis details in the appropriate sections like below:
Above details are the footprints of the file in the sandbox environment which will give us the clarity on the behavior of the file. These details should vary on the behavior of the different submitted files.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe