Feedback to findings representation

[kam193]

Hey! I have some feedback after using the service a few times 😄

The behavioural analysis output is very comprehensive, but as HybridAnalysis can create a lot of information, it also means, it's difficult to find what is actually important:

I'd suggest sorting findings by the threat level or, which I think may be better, presenting each threat level in a separated section and with separated heuristic. In this way, the malicious behavious heuristic would present just the malicious results, not all. Like in this picture, the heuristic says it's something malicious, but it presents the informative insights as first:

In addition, it would be great to see a link to the results in HybridAnalysis in the result section

Thanks!

[boredchilada]

Hey! I have some feedback after using the service a few times 😄

The behavioural analysis output is very comprehensive, but as HybridAnalysis can create a lot of information, it also means, it's difficult to find what is actually important:

I'd suggest sorting findings by the threat level or, which I think may be better, presenting each threat level in a separated section and with separated heuristic. In this way, the malicious behavious heuristic would present just the malicious results, not all. Like in this picture, the heuristic says it's something malicious, but it presents the informative insights as first:

In addition, it would be great to see a link to the results in HybridAnalysis in the result section

Thanks!

Yeah will look into this and standardize it a little more !

Good chance I may make it a little simpler like the Joe sandbox one, and definitely having the link to the HA result would be helpful

[kam193]

Great! When implementing URL, maybe you can have a look at CybercentreCanada/assemblyline#334 (comment) - apparently there is a way to make URLs clickable!