Managing the User-defined Suspicious Objects List

Go to Virtual Analyzer → Suspicious Objects, and click the User-defined Suspicious Objects tab.

To specify a single object:

Click Add.

The Add Object window appears.

Select an object type:

IP address: Type the IP address or a hyphenated range

Note

Deep Discovery Analyzer supports both IPv4 and IPv6 formats.

Domain: Type a domain name

Note

Wildcards are only allowed in a prefix, and must be connected with a ". " symbol. Use only one wildcard per domain. For example, *.com will match abc.com or test.com.

URL: Type the URL

Note

Deep Discovery Analyzer supports both HTTP and HTTPS.

Wildcards are only allowed in a prefix. Wildcards used in the domain part of an URL must be connected with a ". " symbol. Use only one wildcard per URL. For example, http://*.com will match abc.com or test.com.

A wildcard can match any part of the URL's URI part. For example, http://abc.com/*abc will match http://abcd.com/test.abc.

File: Type the SHA-1 or SHA-256 hash value of the file

Click Add.

Note

The User-defined Suspicious Objects list supports a maximum of 25,000 objects.

To add multiple objects using a STIX file:

Click Import List from STIX.
Specify a valid STIX file.

Click Import.

Note

Deep Discovery Analyzer can import STIX files formatted using the 1.2, 1.1.1 and 1.0.1 version specifications. The 1.0.1 specification can only be used for Virtual Analyzer output.

The STIX file can include multiple objects. However, Deep Discovery Analyzer only imports the following supported STIX indicators:

Indicator - File Hash Watchlist (SHA-1 and SHA-256)
Indicator - URL Watchlist
Indicator - Domain Watchlist
Indicator - IP Watchlist

STIX indicators can use the following Properties attributes:

@condition must be Equals
@apply_condition must be ANY

To remove objects in the list:

Select one or more objects, and click Delete to remove the selected objects.
Click Delete All to remove all objects in the list.

$('#title').html($('meta[name=description]').attr('content'));