Capture ATP Tab

The page displays the Alerts that have Capture ATP verdicts. Capture Client agent sends the file to SonicWallCapture ATP engine for analysis for suspicious files if policy is set. Please refer to the Threat Protection Policy to configure it.

Functionalities on the page include:

• Use the slider bar to adjust the time period for which you view the Alerts.

• To search for a particular Alert use the search icon on the top right corner and enter the hash value.

The columns of the table include:

• Time - This displays the time when the Alert was triggered.

• Threat hash - This displays the hash value for a threat which is a unique alphanumeric string (digital fingerprint) that identifies malicious files. Every malware file will have a hash value and based on hash value it will check whether it is a threat or not. It displays both SHA1 and SHA256 values.

  Users can copy these SHA HASH values and search in SentinelOne console for more details about the Threat.

• Capture ATP Verdict - This displays the verdict of the file after analysis.

• Action Performed - This displays what action was performed on the suspicious file during analysis.

• File Type - This displays the file type for the Alert.