# ThreatZone Onpremise Usage Guide

## Introduction

This document provides instructions on accessing the system, submitting files for analysis, and retrieving results. If you have any further questions, please reach out via the provided email or through Malwation's Slack channel.

### Accessing the System

First of all you will be given the default email & password, at first it would be these:

*Email: <admin@threat.zone>*

*Password: Will be given to you.*

{% hint style="info" %}
It is **strongly recommended** to change the default password immediately via the admin panel, which is accessible at port `9443`. All of the management of the system should have been done there, will give details about it below.
{% endhint %}

Once logged in, you will be directed to the main interface where you can submit files for analysis:

<figure><img src="/files/HcfDDmduHw4ff4YrmY7j" alt=""><figcaption><p>ThreatZone Main Page</p></figcaption></figure>

As you can see, in this page you will send the file to the system and start the analysis journey. After you've send the submission, there would be two main options:

1. **If file is a Compressed File:**

System will get your Compressed file(tar.gz, zip, tar, rar etc.) and ask an optional password from you. After you pass your password, if the password is correct, you will see a page like this:

<figure><img src="/files/PLYWhksTYjUPXaGMuyde" alt=""><figcaption><p>Select entrypoint for analyzing a compressed file</p></figcaption></figure>

The entrypoint of a compressed file is used for executing *which* file when doing the **Dynamic Analysis.**

> Static Analysis of the compressed files could be limited, because the whole compressed file is passed to the Static Analyzer, would be a good idea to send the entrypoint directly to the Static Analyzer to get the appropriate result from it.

*You will see the config screen after selecting the entrypoint.*

2. **If file is Not a Compressed File - Config Screen**

Now, you will see the analysis options, you can change them based of your choices.

<figure><img src="/files/bLN4IoUbqSKrMUH2sTOH" alt=""><figcaption><p>Analysis Config Screen</p></figcaption></figure>

After clicking the "Launch the Submission" button, your submission will start and system will update the statuses of the both Dynamic & Static Analysis in live mode, so make sure your browser supports *Websocket.*

{% hint style="warning" %}
Submission Analysis Page's details will not be given in this tutorial, the technical details should be given to you in a meeting. If you have any questions about getting info from the analysis screen, please contact us immediately.
{% endhint %}

### Admin Panel Access

The admin panel of the Threat.Zone would be accessible at:

$IP\_OR\_DOMAIN:9443/

You can access the main page of the admin after passing the default credentials:

*Email: <admin@threat.zone>*

*Password: Malwation123!*

<figure><img src="/files/KfppdBCn6wFQio3qreDt" alt=""><figcaption><p>Admin Panel Dashboard View</p></figcaption></figure>

Admin panel is the main control mechanism above Threat.Zone, you can:

* Create New Users: New users can access to Threat.Zone by adding them via Admin Panel and assigning plans to them or they can register from the main panel(443) and admin can assign them appropriate plans.
* Assigning Plan to the User(s): By default, new users will be assigned to the Free plan, you can change it from the "Users>User Detail>Plan and Modules"
* Checking Worker Core Count: Core count is critic when dealing with big loads of submissions & troubleshooting the "Received" state of the submission(s).&#x20;
* Checking Submissions
* Creating Organizations

## Minor Issues & Solutions

### Worker Service Stuck Cores - Submissions at "Received" State

ThreatZone efficiently manages concurrent file processing by allocating CPU cores per submission in **Dynamic Analysis** (no restrictions apply to **Static Scan** or **CDR**). By default, the system imposes limits on maximum concurrent processing to optimize performance. These are the maximum concurrent limitations on sandboxes:

* Windows Sandbox: 20
* Linux Sandbox: 10
* MacOS Sandbox: 10
* Android Sandbox: 10

When you hit that count, wait for them to finish, or for new submission Threat.Zone will automatically queues them.

### VNC Connection Break Problem

If you encounter an error while accessing a machine’s VNC during an **"In Progress"** submission (e.g., "There is an unexpected error"), it may be due to a broken connection. The simplest solution is to refresh the page.

For further assistance, please contact the support team.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.malwation.com/threatzone/threatzone-onpremise-usage-guide.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.