Deep Discovery Analyzer 6.8 Online Help

Collapse AllExpand All
  • account management [1]
  • Activation Code [1]
  • administration [1]
    • file passwords [1]
  • Advanced Threat Scan Engine [1] [2]
  • alerts [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16]
  • API key [1]
  • ATSE [1] [2]
  • average Virtual Analyzer queue time alert [1]
  • C&C list [1]
  • components [1]
  • contact management [1]
  • CPU usage alert [1]
  • critical alerts [1] [2]
  • customized alerts and reports [1]
  • dashboard [1] [2]
  • Deep Discovery Malware Pattern [1] [2]
  • detected message alert [1]
  • detection surge alert [1]
  • disk space alert [1]
  • documentation feedback [1]
  • email scanning
    • file passwords [1]
  • exceptions [1]
  • extended session timeout [1]
  • file passwords [1]
  • generated reports [1]
  • getting started tasks [1]
  • ICAP [1]
    • headers [1]
    • MIME content-types [1]
    • settings [1]
  • ICAP integration [1]
  • images [1] [2]
  • important alerts [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11]
  • informational alerts [1]
  • integration with other products [1]
  • IntelliTrap Exception Pattern [1] [2]
  • IntelliTrap Pattern [1] [2]
  • Internet Content Adaptation Protocol (ICAP) [1]
  • license [1]
  • license expiration alert [1]
  • log settings [1]
  • management console [1]
    • navigation [1]
    • session duration [1]
  • management console accounts [1]
  • message delivery alert [1]
  • Network Content Correlation Pattern [1]
  • Network Content Inspection Engine [1]
  • Network Content Inspection Pattern [1]
  • notification parameters [1]
  • on-demand reports [1]
  • preconfiguration console [1]
  • processing surge alert [1]
  • product integration [1]
  • reports [1] [2]
    • on demand [1]
  • report schedules [1]
  • sandbox analysis [1] [2]
  • sandbox error alert [1]
  • sandbox images [1] [2]
  • sandbox instances [1]
  • sandbox management [1]
    • archive passwords [1]
    • images [1]
      • importing [1]
      • modifying instances [1]
    • image status [1]
    • network connection [1] [2]
    • Virtual Analyzer status [1]
  • sandbox queue alert [1]
  • Script Analyzer Pattern [1]
  • service stopped alert [1]
  • Spyware/Grayware Pattern [1]
  • submissions [1]
  • support
    • resolve issues faster [1]
  • suspicious objects [1]
  • syslog server [1]
  • syslog settings
    • syslog server [1]
  • system maintenance [1]
    • back up tab [1]
      • configuration settings backup [1]
      • data backup [1]
    • cluster tab
    • nodes list [1]
    • restore tab [1]
  • system settings [1]
    • Network Tab [1]
    • Password Policy Tab [1]
    • power off / restart tab [1]
    • Proxy Tab [1]
    • Session Timeout Tab [1]
    • Time Tab [1]
  • tabs [1]
  • third-party licenses [1]
  • TLS [1]
  • tools [1]
  • unreachable relay MTA alert [1]
  • update completed surge [1]
  • update failed alert [1]
  • updates [1]
    • components [1]
    • firmware [1]
    • update settings [1]
  • Virtual Analyzer [1] [2]
    • file passwords [1]
  • Virtual Analyzer Configuration Pattern [1]
  • Virtual Analyzer Sensors [1]
  • watchlist alert [1]
  • widgets [1] [2]
  • YARA rule file

Important Alerts Parent topic

The following table explains the important alerts triggered by events that require observation. Deep Discovery Analyzer considers suspicious object detections, hardware capacity changes, certain sandbox queue activity, component update, account and clustering issues as important problems.

Important Alerts

Name
Criteria
(Default)
Alert Frequency
(Default)
Account Locked
An account was locked because of multiple unsuccessful logon attempts.
Immediate
Long Virtual Analyzer Queue
The number of Virtual Analyzer submissions has exceeded the threshold of 100.
Once every 30 minutes
Component Update Unsuccessful
A component update was unsuccessful.
Once every 30 minutes
High CPU Usage
The average CPU usage in the last 5 minutes has exceeded the threshold of 90%.
Once every 30 minutes
High Memory Usage
The average memory usage in the last 5 minutes has exceeded the threshold of 90%.
Once every 30 minutes
High Disk Usage
Disk usage has exceeded the threshold of 85%.
Once every 30 minutes
Secondary Appliance Unresponsive
A secondary appliance in the cluster encountered an error and was unable to recover.
Immediate
High Availability Suspended
The passive primary appliance encountered an error and was unable to recover. High availability was suspended.
Once every 30 minutes
New High-Risk Objects Identified
The number of new high-risk objects identified during the last 30 minutes has reached the threshold of 10.
Immediate
Connection Issue
Unable to establish connection to a required resource.
Once every 30 minutes
Long Virtual Analyzer Processing Time
The Virtual Analyzer processing time has exceeded the threshold of 30 minutes.
Once every 30 minutes
Note
Note
Consider decreasing the number of sandbox instances if the system frequently experiences high CPU or memory usage for long periods of time.
For details, see Modifying Sandbox Instances.