Configuring Retroactive Detection From AV-Suite

You can configure the settings for retroactive detection from AV-Suite by using the Malware Analysis appliance CLI:

• Configuring AV-Suite to Store the Objects Using the CLI
• Configuring Retroactive Detection Updates From AV-Suite Using the CLI

You can configure how often the Malware Analysis appliance queries the AV-Suite server for previous retroactive verdicts. You can also configure how long you want to store information (filename, file type, engine type, MD5 checksum, and SHA-256 hash file) in AV-Suite for the malicious and nonmalicious objects and to check for a particular object to update. The verdict remains in AV-Suite but other information about the object is removed.

Prerequisites

• Administrator or Operator access to the Malware Analysis appliance
• A two-way sharing CONTENT_UPDATES license
• Verify that AV-Suite integration is enabled. Verify that AV-suite version 6 is configured. Use the show static-analysis config command.
• Enable retroactive detection from AV-Suite. Use the analysis retro-hunt enable command.