Managing the User-defined Suspicious Objects List Parent topic

Procedure

  1. Go to Virtual AnalyzerSuspicious Objects, and click the User-defined Suspicious Objects tab.
  2. To specify a single object:
    1. Click Add.
      The Add Object window appears.
    2. Select an object type:
      • IP address: Type the IP address or a hyphenated range
        Note
        Note
        Deep Discovery Analyzer supports both IPv4 and IPv6 formats.
      • Domain: Type a domain name
        Note
        Note
        Wildcards are only allowed in a prefix, and must be connected with a ". " symbol. Use only one wildcard per domain. For example, *.com will match abc.com or test.com.
      • URL: Type the URL
        Note
        Note
        Deep Discovery Analyzer supports both HTTP and HTTPS.
        Wildcards are only allowed in a prefix. Wildcards used in the domain part of an URL must be connected with a ". " symbol. Use only one wildcard per URL. For example, http://*.com will match abc.com or test.com.
        A wildcard can match any part of the URL's URI part. For example, http://abc.com/*abc will match http://abcd.com/test.abc.
      • File: Type the SHA-1 or SHA-256 hash value of the file
    3. Click Add.
      Note
      Note
      The User-defined Suspicious Objects list supports a maximum of 25,000 objects.
  3. To add multiple objects using a STIX file:
    1. Click Import List from STIX.
    2. Specify a valid STIX file.
    3. Click Import.
      Note
      Note
      Deep Discovery Analyzer can import STIX files formatted using the 1.2, 1.1.1 and 1.0.1 version specifications. The 1.0.1 specification can only be used for Virtual Analyzer output.
      The STIX file can include multiple objects. However, Deep Discovery Analyzer only imports the following supported STIX indicators:
      • Indicator - File Hash Watchlist (SHA-1 and SHA-256)
      • Indicator - URL Watchlist
      • Indicator - Domain Watchlist
      • Indicator - IP Watchlist
      STIX indicators can use the following Properties attributes:
      • @condition must be Equals
      • @apply_condition must be ANY
  4. To remove objects in the list:
    • Select one or more objects, and click Delete to remove the selected objects.
    • Click Delete All to remove all objects in the list.