Email Attachments Scanning Overview
Access the Email Attachments page from the Monitor > ATP > File Scanning > Email Attachments menu.
The following tabs are available:
- Full File—Displays a record of all file metadata sent to the cloud for inspection. These are the files that are sent to cloud for inspection but are not blocked based on the signature match detections and policy configurations on Juniper Secure Edge. From the Full File tab, click the file hash link to view more information, such as file details, what other malware scanners say about this file, and a complete list of hosts that downloaded this file.
- Partial File—Partial file analysis leverages the Positive Hit Advanced Strike Engine (PHASE) to recognize signatures and determines if there is a potential malware to be blocked before the entire file is downloaded. The Partial File tab displays a record for all malware hit event for all blocked signature match detections. From the Partial File tab, click the file signature to view more information, such as file details, host that downloaded the file, and so on.
Benefits of Viewing Scanned Email Attachments
-
Allows you to view a compiled list of suspicious email attachments all in one place, including the file hash, threat level, file name, and malware type.
-
Allows you to filter the list of email attachments by individual categories.
Export Data—Click the Export button to download file scanning data to a CSV file. You are prompted to narrow the data download to a selected time-frame.
The following information is available on this page.
Field |
Definition |
Applicable To |
---|---|---|
File Hash |
A unique identifier located at the beginning of a file that provides information on the contents of the file. The file hash can also contain information that ensures the original data stored in the file remains intact and has not been modified. |
Full File |
Phase Sig ID |
A unique identifier for each signature that is generated by Juniper ATP Cloud. |
Partial File |
Threat Level |
The threat score. |
Full File Partial File |
Date Scanned |
The date and time the file was scanned. |
Full File Partial File |
Filename |
The name of the file, including the extension. |
Full File Partial File |
Recipient |
The email address of the intended recipient. |
Full File Partial File |
Sender |
The email address of the sender. |
Full File Partial File |
Malware Name |
The type of malware found. |
Full File Partial File |
Status |
Indicates whether the file was blocked or permitted. |
Full File Partial File |
Category |
The type of file. Examples: PDF, executable, document. |
Full File Partial File |