Configuring and Performing Malware Analysis

This chapter describes how to configure and perform malware analysis using the Malware Analysis appliance, and addresses the following topics:

• Malware Analysis
• Malware Repository
• Reports

Malware Analysis alerts are retained in the appliance database until event and malware record thresholds are reached. These thresholds specify the number of event and malware records that can be stored in the appliance database. They are set using the fedb events archival himark and fedb malware archival himark CLI commands. For most appliances, the defaults are 500,000 event records and two million malware records. For 10G appliances, the defaults are two million event records and eight million malware records. See the CLI Reference Guide for more information about these commands.