Configuration Tasks for Malware Analysis

Complete the following configuration tasks to configure and perform malware analysis:

• Prerequisites for Malware Analysis
• Configuring Malware Analysis
• Performing Malware Analysis

Prerequisites for Malware Analysis

Before you can complete the configuration tasks for malware analysis, ensure that the following prerequisites are met:

• Set up the Malware Analysis appliance for the type of analysis that you want to deploy. For details about setting up the appliance for deployment, refer to the Hardware Administration Guide specific to your Malware Analysis model.
• Configure the network, appliance settings, licenses, and user accounts. Verify that you have connection to the DTI Cloud or the CM Series appliance. For details about configuring these settings, refer to the Malware Analysis System Administration Guide.
• Install the guest images on the Malware Analysis appliance. For details about installing the guest images, see Guest Images.
• Configure the access point and user credentials for the network share. Verify that the Malware Analysis appliance can communicate with the network share site from your local machine before configuring the malware repository for unattended mode. For details about configuring unattended mode, see Malware Repository.

Configuring Malware Analysis

To configure malware analysis, complete the configuration tasks in the following order:

1. Determine the type of analysis that you want to configure.
2. Configure the settings for malware analysis.
3. Verify the settings for your malware analysis configuration.
4. Configure the settings of the .eml file to be analyzed. EML parsing is configured only using the CLI.

Performing Malware Analysis

After you have configured the sandbox or live malware analysis settings, you are ready to submit malware to the virtual machine for analysis. After you submit a malware sample to the Malware Analysis appliance, it is assigned a system-generated Malware ID. You can use this identifier to check the status of the submission.

After the malware has been analyzed, the Malware Analysis appliance can generate alert reports based on the results of the malware analysis.

To perform malware analysis, complete the configuration tasks in the following order:

1. Obtain malicious URLs.
2. Submit the malware to the virtual machine for analysis.
3. Verify the results of the completed malware analysis.