ATP Report

The ATP report is a detailed report on the files analyzed with the ATP Scan.

The ATP report is a detailed report which is created as soon as an email has been analyzed with the ATP Scan (see ATP Scan). The ATP report provides information about the analyzed email.

The ATP report is divided into four main sections:

Summary

Here you will find an overview of the analyzed file. In addition, the file is assigned a Score from 0 to 10. 0 means “no danger”, and 10 is the highest danger level.

Under the Signatures section, the file is assigned one of the following categories according to its behavior:

  • Information (green)
  • Attention (yellow)
  • Warning (red)

When you click on a signature, extended process information is displayed.

Figure 1: ATP Report Overview


Static Analysis

The static analysis is divided into three subcategories:

  • Static Analysis – Static analysis of the file. It depends on the format of the file.
  • Strings – Output of the occurring strings of the file.
  • Antivirus – Analysis of the file by different antivirus programs.

Network Analysis

In the network analysis, the entire network traffic is analyzed and listed by protocol (e.g., HTTP, TCP, UDP).

Behavioral Analysis

The behavioral analysis analyzes the behavior of the file at runtime.

It displays all system API calls and processes logged during dynamic sandbox analysis.

The results are divided into two sections:

  • Process Tree – Here, the processes are displayed in hierarchical order.
  • Process Contents – If you select a process from the process tree, the executed API queries are displayed here in chronological order.