These are the VirusTotal vendors which detected the malware. The severity is derived from what class of malware it is. The detection rate is calculated over all malware reported in this period. This measures of how effective each vendor is with respect to the others.
The table below the bubble graph shows the sortable raw data. The first column is the invariant extracted from the events. If you have an account with MetaFlows, you can click on certain invariants to see if your sensors have detected it. The other columns should be self-explanatory. Hovering over a bubble or set of overlapping bubbles shows the raw data represented by the bubble(s) selected. This selection is sticky so that you can go to the table and inspect the data or click on the links within the table. To see all rows in the table, click outside any bubble.
File carving extracts files from the packet logs of the traffic being transmitted across your network. This is an important analysis feature which allows you to close the loop on suspected downloads, payloads from exploits, or policy violations, and to categorically identify malicious behavior or data exfiltration activities. With VirusTotal integration, extracted files can be immediately scanned for known viruses and payloads without needing to leave the browser. The file carving system can be launched from the real-time or historical records in the Metaflows interface, or from the host flow data in the Ntop interface, and will precisely select packet logs which contain data about the host(s) and event(s) in question. Certain dangerous carved files are automatically submitted to VirusTotal. Below, you can see some statistics on how well individual antivirus solutions hosted by VirusTotal perform. We also show the performance of our sandbox, which processes samples not known to VirusTotal.
|Antivirus Vendor||Description||Global True Positives (
||Global Hits (
||Avg Priority (
||Global Priority (
||Relative Detection Rate (