Manage ATP File Reports

Last updated
Save as PDF

For supported software information, click here.

Advanced threat protection (ATP) performs local analysis and cloud multi-sandboxing for files. ATP generates a file report for each file that it analyzes. For files determined to be suspicious or malicious, the report includes a MITRE ATT&CK^®Matrix. You can download the ATP file report, and you can view the report in a tab in your browser.

This article describes how to configure access to ATP file reports, download the reports from the Analytics tab in Director, and access the reports using API calls. This article also describes how to view the reports from a browser tab.

Configure Access to ATP File Reports

To configure settings to access ATP file reports:

In Director view, select Analytics > Administration > Configuration > Settings > Data Configurations.
In the main pane, click ATP Report Settings. The screen expands to display the settings.

Enter information for the following fields.

Field	Description
Scope	Select Global Configurations or select an organization. When authenticating access for ATP file reports, the system uses the following precedence order: Global Configuration Scope—The system first attempts authentication at the global level. Organization-Level Scope—If the global authentication fails, the system attempts authentication at the organization level.
Authentication Token	(Releases 22.1.4 and later) Enter the authentication token. Contact Versa Technical Support to obtain the token. When you save the ATP report settings, the token is stored in the Analytics cluster until it expires.
Report URL	(Releases 22.1.4 and later) Enter the base URL for file reports. Contact Versa Technical Support to obtain the base URL. (Releases 22.1.3 and earlier) Enter the full URL for file reports. Contact Versa Technical Support to obtain the full URL.

Field

Description

Scope

Select Global Configurations or select an organization.
When authenticating access for ATP file reports, the system uses the following precedence order:

Global Configuration Scope—The system first attempts authentication at the global level.
Organization-Level Scope—If the global authentication fails, the system attempts authentication at the organization level.

Authentication Token

(Releases 22.1.4 and later) Enter the authentication token. Contact Versa Technical Support to obtain the token. When you save the ATP report settings, the token is stored in the Analytics cluster until it expires.

Report URL

(Releases 22.1.4 and later) Enter the base URL for file reports. Contact Versa Technical Support to obtain the base URL.

(Releases 22.1.3 and earlier) Enter the full URL for file reports. Contact Versa Technical Support to obtain the full URL.

Click Save.

Download and View ATP File Reports from the Director GUI

You can download an ATP file report for a file listed in the ATP log table.

To view and download an ATP file report:

In Director view, select Analytics > Logs > Threat Detection > ATP. The ATP Log table displays.
In the Report column, click the PDF icon in the row containing the file name.
A new browser tab opens and displays the report. You can view the report and download it to your local system from this screen.

Example report:

Download ATP File Reports Using API Calls

For Releases 22.1.4 (Service Release dated 2025-02-08) and later.

You can access ATP file reports using API calls. To do this, contact Versa Technical Support to obtain the URL and token information, and then use the following API endpoints:

Authentication— Base-URL + "/versa_auths/v1/access_token"—Used to retrieve the access token.
Report Fetching— Base-URL + "/api/v1/versa/report/fetch" —Used to fetch the ATP report using the retrieved access token.

Supported Software Information

Releases 22.1.1 and later support all content described in this article except:

Release 22.1.4 (Service Release dated 2025-02-08) adds support for authentication for ATP file report downloads.