You are referring to the VM itself as it's spun up and then processes the file sample, builds the report against it, etc.? The VM and underlying feeds & scan components internal-to and external-to TG are updated frequently in order to scan and match content. There is no set or documented 'time frame', as the feeds are tightly controlled by Cisco Threat Grid as part of the sandbox infrastructure. If there are any questions or issues w/ a scan or report, please open a support case directly w/ Advanced Threat team via TAC.
If you need any assistance, there are several ways to request support from a Threat Grid engineer:
- Email: Send an email to: support at threatgrid.com (There is also a support link located at the bottom of every Threat Grid page.)
- Open a Support Case Here: Support Case Manager
- You will need your Cisco.com ID (or to generate one) to open a support case.
- You will also need your service contract number, which was included on the order invoice.
- Call Cisco: For Cisco phone numbers, please visit: Cisco Support