Skip to content

File Details🔗

Taegis Endpoint Agents ingest files from endpoints. The File Details view enables you to view information about file type, size, name, YARA rule matches, creation date, and various other metadata of the file.

Viewing File Details🔗

The program hash in process event details is a hyperlink to file details, if the file has been pulled back via Taegis Endpoint Agents.

Process Event Detail File Hyperlink

Where file information has not been pulled into related alerts, you can request to populate file information from within the alert.

Fetch File from Alert

Note

You may also request to fetch file details from within a single event. However this will only populate file information within related alerts.

Fetch File From Event

File information is also available within alerts generated by the File Analysis Detector. From an alert, select More File Details from the File Information section.

The following information is provided in File Details:

  • File type
  • File size
  • Created at: time Taegis Endpoint Agent ingested the file
  • Updated at: last time Taegis Endpoint Agent ingested the file
  • YARA Rules Matched
  • MITRE Technique IDs associated via YARA rules
  • Hash Values (SHA256, SHA1, MD5, SSDEEP)
  • Threat Context

File Details from File Analysis Alert