ThreatZone Onpremise Usage Guide
This document is for using ThreatZone Onpremise & Private Cloud. If you still have questions when trying to solve your problems, immediately contact us at batuhan.isildak@malwation.com
Last updated
Was this helpful?
This document is for using ThreatZone Onpremise & Private Cloud. If you still have questions when trying to solve your problems, immediately contact us at batuhan.isildak@malwation.com
Last updated
Was this helpful?
This document provides instructions on accessing the system, submitting files for analysis, and retrieving results. If you have any further questions, please reach out via the provided email or through Malwation's Slack channel.
First of all you will be given the default email & password, at first it would be these:
Email: admin@threat.zone
Password: Will be given to you.
Once logged in, you will be directed to the main interface where you can submit files for analysis:
As you can see, in this page you will send the file to the system and start the analysis journey. After you've send the submission, there would be two main options:
If file is a Compressed File:
System will get your Compressed file(tar.gz, zip, tar, rar etc.) and ask an optional password from you. After you pass your password, if the password is correct, you will see a page like this:
The entrypoint of a compressed file is used for executing which file when doing the Dynamic Analysis.
Static Analysis of the compressed files could be limited, because the whole compressed file is passed to the Static Analyzer, would be a good idea to send the entrypoint directly to the Static Analyzer to get the appropriate result from it.
You will see the config screen after selecting the entrypoint.
If file is Not a Compressed File - Config Screen
Now, you will see the analysis options, you can change them based of your choices.
After clicking the "Launch the Submission" button, your submission will start and system will update the statuses of the both Dynamic & Static Analysis in live mode, so make sure your browser supports Websocket.
Submission Analysis Page's details will not be given in this tutorial, the technical details should be given to you in a meeting. If you have any questions about getting info from the analysis screen, please contact us immediately.
The admin panel of the Threat.Zone would be accessible at:
$IP_OR_DOMAIN:9443/
You can access the main page of the admin after passing the default credentials:
Email: admin@threat.zone
Password: Malwation123!
Admin panel is the main control mechanism above Threat.Zone, you can:
Create New Users: New users can access to Threat.Zone by adding them via Admin Panel and assigning plans to them or they can register from the main panel(443) and admin can assign them appropriate plans.
Assigning Plan to the User(s): By default, new users will be assigned to the Free plan, you can change it from the "Users>User Detail>Plan and Modules"
Checking Worker Core Count: Core count is critic when dealing with big loads of submissions & troubleshooting the "Received" state of the submission(s).
Checking Submissions
Creating Organizations
ThreatZone efficiently manages concurrent file processing by allocating CPU cores per submission in Dynamic Analysis (no restrictions apply to Static Scan or CDR). By default, the system imposes limits on maximum concurrent processing to optimize performance. These are the maximum concurrent limitations on sandboxes:
Windows Sandbox: 20
Linux Sandbox: 10
MacOS Sandbox: 10
Android Sandbox: 10
When you hit that count, wait for them to finish, or for new submission Threat.Zone will automatically queues them.
If you encounter an error while accessing a machine’s VNC during an "In Progress" submission (e.g., "There is an unexpected error"), it may be due to a broken connection. The simplest solution is to refresh the page.
For further assistance, please contact the support team.
