User-defined Match List

The User-defined Match List tab allows users to manually add suspicious objects to Deep Discovery Analyzer using the Structured Threat Information eXpression (STIX) format.

The following columns show information about objects added to the User-defined Match List:

User-defined Match List Columns

Column Name	Information
Added	Date and time when the suspicious object was added
Type	IP address, Domain, URL, or File
Object	The IP address, domain, URL, or SHA-1 hash value of the file Click Edit to modify the displayed value.
Source	The source (Deep Discovery Director or local) that added the suspicious object

Deep Discovery Analyzer can import STIX files formatted using the 1.2, 1.1.1 and 1.0.1 version specifications. The 1.0.1 specification can only be used for Virtual Analyzer output.

The STIX file can include multiple objects. However, Deep Discovery Analyzer only imports the following supported STIX indicators:

Indicator - File Hash Watchlist (SHA1 only)
Indicator - URL Watchlist
Indicator - Domain Watchlist
Indicator - IP Watchlist

STIX indicators can use the following Properties attributes:

@condition must be Equals
@apply_condition must be ANY

$('#title').html($('meta[name=description]').attr('content'));

User-defined Match List

User-defined Match List Columns