Deep Discovery Analyzer 6.9 Online Help

Collapse AllExpand All
  • account management [1]
  • Activation Code [1]
  • Active Directory Federation Services (AD FS) [1]
  • AD FS [1]
  • administration [1]
    • file passwords [1]
  • Advanced Threat Scan Engine [1] [2]
  • alerts [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16]
  • API key [1]
  • ATSE [1] [2]
  • average Virtual Analyzer queue time alert [1]
  • C&C list [1]
  • components [1]
  • configuration
    • management console [1]
  • contact management [1]
  • CPU usage alert [1]
  • critical alerts [1] [2]
  • customized alerts and reports [1]
  • dashboard [1] [2]
  • Deep Discovery Malware Pattern [1] [2]
  • detected message alert [1]
  • detection surge alert [1]
  • disk space alert [1]
  • documentation feedback [1]
  • email scanning
    • file passwords [1]
  • exceptions [1]
  • file passwords [1]
  • generated reports [1]
  • getting started
    • management console [1]
  • getting started tasks [1]
  • HTTPS certificate [1]
    • geenrate a certificate signing request [1]
    • import and replace certificate [1]
  • ICAP [1]
    • headers [1]
    • MIME content-types [1]
    • settings [1]
  • ICAP integration [1]
  • identity provider [1]
    • configure [1]
    • federation metadata file [1]
  • image import tool [1]
  • images [1] [2] [3]
  • important alerts [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11]
  • import image [1]
  • informational alerts [1]
  • integration with other products [1]
  • IntelliTrap Exception Pattern [1] [2]
  • IntelliTrap Pattern [1] [2]
  • Internet Content Adaptation Protocol (ICAP) [1]
  • license [1]
  • license expiration alert [1]
  • log settings [1]
  • management console [1]
    • navigation [1]
    • session duration [1]
  • management console accounts [1]
  • message delivery alert [1]
  • Network Content Correlation Pattern [1]
  • Network Content Inspection Engine [1]
  • Network Content Inspection Pattern [1]
  • notification parameters [1]
  • OAuth 2.0 [1]
  • Okta [1]
  • on-demand reports [1]
  • preconfiguration console [1]
  • processing surge alert [1]
  • product integration [1]
  • reports [1] [2]
    • on demand [1]
  • report schedules [1]
  • SAML authentication [1]
    • Configuration overview [1]
    • Supported identity providers [1]
  • SAML integration
    • configuring identify provider settings [1]
  • sandbox analysis [1] [2]
  • sandbox error alert [1]
  • sandbox images [1] [2] [3]
  • sandbox instances [1]
  • sandbox management [1]
    • archive passwords [1]
    • images [1]
    • image status [1]
    • network connection [1] [2]
    • Virtual Analyzer status [1]
  • sandbox queue alert [1]
  • Script Analyzer Pattern [1]
  • Security Assertion Markup Language (SAML) [1]
  • service provider [1]
    • certificate [1]
    • metadata file [1]
  • service stopped alert [1]
  • Spyware/Grayware Pattern [1]
  • submissions [1]
  • support
    • resolve issues faster [1]
  • suspicious objects [1]
  • syslog server [1]
  • syslog settings
    • syslog server [1]
  • system maintenance [1]
    • back up tab [1]
      • configuration settings backup [1]
      • data backup [1]
    • cluster tab
    • nodes list [1]
    • restore tab [1]
  • system settings [1]
    • Network Tab [1]
    • Password Policy Tab [1]
    • power off / restart tab [1]
    • Proxy Tab [1]
    • Session Timeout Tab [1]
    • Time Tab [1]
  • tabs [1]
  • third-party licenses [1]
  • TLS [1]
  • tools [1]
  • unreachable relay MTA alert [1]
  • update completed surge [1]
  • update failed alert [1]
  • updates [1]
    • components [1]
    • firmware [1]
    • update settings [1]
  • Virtual Analyzer [1] [2]
    • file passwords [1]
    • image import tool [1]
    • import image [1] [2]
  • Virtual Analyzer Configuration Pattern [1]
  • Virtual Analyzer Sensors [1]
  • watchlist alert [1]
  • widgets [1] [2]
  • YARA rule file

Detailed Information Screen Parent topic

On the Completed tab, click anywhere on a row to view detailed information about the submitted sample. A new section below the row shows the details.
The following fields are displayed on this screen:
Field Name
Information
File/Email Message Sample
URL Sample
Submission details
Basic data fields (such as Logged, File name, and Type) extracted from the raw logs
Basic data fields (such as Logged, URL, Source IP and port, and Destination IP and port) extracted from the raw logs
Note
Note
Deep Discovery Analyzer may have normalized the URL.
  • Sample ID (SHA-1)
  • Child files, if available, contained in or generated from the submitted sample
  • The IP address of the node that processed the sample
  • The Raw Logs link shows all the data fields in the raw logs
Notable characteristics
  • The categories of notable characteristics that the sample exhibits, which can be any or all of the following:
    • Anti-security, self-preservation
    • Autostart or other system reconfiguration
    • Deception, social engineering
    • File drop, download, sharing, or replication
    • Hijack, redirection, or data theft
    • Malformed, defective, or with known malware traits
    • Process, service, or memory object change
    • Rootkit, cloaking
    • Suspicious network or messaging activity
  • A number link that, when opened, shows the actual notable characteristics
Other submission logs
A table that shows the following information about other log submissions:
  • Logged
  • Protocol
  • Direction
  • Source IP
  • Source Host Name
  • Destination IP
  • Destination Host Name
MITRE ATT&CK ™ Framework
A list of MITRE ATT&CK ™ tactics and techniques detected. Click a link to view more information on the MITRE website.
Report
The PDF icon (report_pdf.png) links to a downloadable PDF report and the HTML icon (report_html.png) links to an interactive HTML report.
Note
Note
An unclickable link means there were errors during simulation. Mouseover the link to view details about the error.
Investigation package
Download links to a password-protected investigation package that you can download to perform additional investigations.
For details, see Investigation Package.
Global intelligence
View in Threat Connect is a link that opens Trend Micro Threat Connect
The page contains detailed information about the sample.