Advanced Threat Activity

Table 1. Advanced Threat Activity

Event

Description

C&C callback alert

Applicable to antivirus and threat discovery managed products

C&C callback outbreak alert

Applicable to antivirus and threat discovery managed products

High risk Virtual Analyzer detections

Suspicious objects with high severity detections, as reported by Virtual Analyzer

High risk host detections

Hosts with high severity detections

SHA-1 Deny List detections

Detections that match SHA-1 values in the Deny List

Known targeted attack behavior

Detections that match known targeted attack behavior

Potential document exploit detections

Detections that match embedded exploit code

Rootkit or hacking tool detections

Detections that match known rootkit characteristics

Worm or file infector propagation detections

Detections that match known worm or file infector characteristics

Correlated incidents

Detections that match the Deep Discovery Inspector correlation rule

Email Messages with Advanced Threats

Email messages with malicious and suspicious behavior, as detected by Deep Discovery Email Inspector

Suspicious behavior includes anomalous behavior, false or misleading data, suspicious and malicious behavioral patterns, and strings that indicate system compromise but require further investigation to confirm.

Advanced threats sent to recipients in watchlist

Watchlist configured by Deep Discovery Email Inspector administrators that triggers an alert when suspicious or malicious email message are detected