Viewing Affected Hosts - Host Details Parent topic

Procedure

  1. Go to DetectionsAffected Hosts.
  2. To display Affected Hosts - Host Details, do one of the following:
    • Click any detection link associated with an affected host.
    • Click the IP address of an affected host.
    Details about the host are displayed.

    Affected Hosts - Host Details

  3. Set the detection severity level by dragging the Detection severity slider.
  4. Select a time period.
  5. To select columns for display, click Customize Columns, select one or more columns, then click Apply to return to the modified Affected Hosts screen.

    Affected Hosts - Host Details Columns

    Columns
    Preselected
    Status
    X
    Timestamp
    X
    Source Host
     
    Destination Host
     
    Interested Host
     
    Peer Host
    X
    Sender
     
    Recipients
     
    Email Subject
     
    User Account
     
    Threat Description
    X
    Detection Name
    X
    Detection Type
     
    Protocol
    X
    Detection Severity
    X
    Attack Phase
    X
    Direction
    X
    Notable Object
    X
    Note
    Note
    The default Timestamp and Threat Description columns cannot be removed.
  6. (Optional) Click Mark Displayed as Resolved to mark all the detections displayed on the current page as resolved.
    In the Status column, the mark-as_unresolved.jpg icon changes to mark-as_resolved.jpg.
    Note
    Note
    After marking all displayed detections as resolved, detections can only be individually marked as unresolved.
  7. To run a basic search, do one of the following:
    • Type an IP address or host name in the search text box and press Enter.
    • Click the detections_search_ic.jpg icon.
    By default, Deep Discovery Inspector searches Affected Hosts - Host Details by Peer Host.
  8. Mark the affected peer host as one of the following:
    • Network Group
    • Registered Domains
    • Registered Services
    Do one of the following to open the drop-down menu and mark the host:
    • Beside the IP address, click the icon_expand.jpg icon.
    • In the Peer Host column, click the icon_expand.jpg icon.
  9. To run a saved search, open the drop-down menu of the search box, and click a saved search.
    Deep Discovery Inspector provides the following preset saved searches on the Affected Host - Host Details screen.

    Preset Saved Searches

    Name
    Filter Options
    Threats
    Detection type options include the following:
    • Malicious Content
    • Malicious Behavior
    • Suspicious Behavior
    • Exploit
    • Grayware
    • Malicious URL
    Known Threats
    File Detection Types: Known Malware
    Potential Threats
    • Virtual Analyzer Result: Has analysis results
    • File Detection type options include the following:
      • Highly Suspicious File
      • Heuristic Detection
    Ransomware
    Detection name options include the following:
    • Ransomware-related detections
  10. To create and apply an advanced search filter, click Advanced.
  11. Click Export.
    A zip archive with the following files downloads:
    • threats.csv
    • malicious_urls.csv
    • application_filters.csv
    • correlated_incidents.csv