Shield - Malicious Content alerting should provide greater details
Malicious Content alerts within Shield should provide more information on why a file is considered "malicious", to aid the process of sandboxing and investigation (such as threat type, family etc).
AdminAnonymous
(Admin, Box)
shared this idea
-
Anonymous
commented
Agreed, as we migrate content we're seeing some basic document types like our benefits guide get flagged and we do not know why.
-
Anonymous
commented
Box please implement this request. Shield alerts provide little to no information besides the fact that a file is flagged as malware.
More information on why the file is flagged as Malicious would greatly help with reducing triage time.
-
Ward
commented
Deep scans frequently alert with an "unknown" malware family and a description of "This file has characteristics that are similar to previously identified malicious content." This is not enough information to identify a potential threat within otherwise legitimate looking documents.
The detections details should identify what triggered the detection. Was it a macro, the phrasing of the content, an embedded link, etc.? If it was a link, what link(s) is suspicious.