Suspicious Objects Parent topic

Suspicious objects are objects with the potential to expose systems to danger or loss. Deep Discovery Analyzer detects and analyzes suspicious IP addresses, host names, files, and URLs.
Note
Note
If you register Deep Discovery Analyzer to both Deep Discovery Director and Apex Central, Deep Discovery Analyzer uploads objects on the Suspicious Objects list only to Deep Discovery Director.
You can check the synchronization status on the Deep Discovery Director management console. For more information, see the Deep Discovery Director Administrator's Guide.
The following columns show information about objects added to the Suspicious Objects list:

Suspicious Objects Columns

Column Name
Information
Last Detected
Date and time Virtual Analyzer last found the object in a submitted sample
Expiration
Date and time Virtual Analyzer will remove the object from the Suspicious Objects tab
Risk Level
If the suspicious object is:
  • IP address or domain: The risk level that typically shows is either High or Medium (see risk level descriptions below). This means that high- and medium-risk IP addresses/domains are treated as suspicious objects.
  • URL: The risk level that shows is High or Medium
  • File SHA-1: The risk level that shows is always High
Risk level descriptions:
  • High: Known malicious or involved in high-risk connections
  • Medium: IP address/domain/URL is unknown to reputation service
Type
IP address, Domain, URL, or File SHA-1
Object
The IP address, domain, URL, or SHA-1 hash value of the file
Latest Related Sample
SHA-1 hash value of the sample where the object was last found.
Related Submissions
The total number of samples where the object was found.
Clicking the number opens the Submissions screen with the SHA-1 hash value as the search criteria.
Related information