These are the processes started by malware detected during sandbox analysis. The severity is derived from what class of malware was detected. The detection rate is calculated over all sandbox hits reported in this period.
The table below the bubble graph shows the sortable raw data. The first column is the invariant extracted from the events. If you have an account with MetaFlows, you can click on certain invariants to see if your sensors have detected it. The other columns should be self-explanatory. Hovering over a bubble or set of overlapping bubbles shows the raw data represented by the bubble(s) selected. This selection is sticky so that you can go to the table and inspect the data or click on the links within the table. To see all rows in the table, click outside any bubble.
|Process Name||Description||Global True Positives (
||Global Hits (
||Avg Priority (
||Global Priority (
||Relative Detection Rate (