If you select the STIX (.xml) option when exporting all execution results, Kaspersky Research Sandbox saves execution results as a file in STIX format.
The STIX format is available only for file execution tasks. For information about export limitations for abridged reports, refer to the Abridged (short) reports for files section.
By default, the format of the file name is as follows: <object MD5>.stix. You can change the file name if necessary.
Each STIX file contains sections described in the table below.
STIX file sections
Section |
Description |
Comment |
|---|---|---|
Description |
Information about object parameters and execution settings, objects that were detected during the file execution, and Suricata rules that were triggered during analysis of traffic from the executed object. |
— |
Files |
Information about files that were extracted from network traffic or saved by the executed file during the execution. |
Included to the export file, if there is at least one extracted or saved file was detected. Each extracted or saved file is described in a separate subsection within this section. |
Images |
Information about loaded images that were detected during the file execution. |
Included to the export file, if there is at least one image detected. Each loaded image is described in a separate subsection within this section. |
Synchronization objects |
Information about synchronization object registered during the file execution. |
Included to the export file, if there is at least one synchronization object registered. Each synchronization object is described in a separate subsection within this section. |