Viewing All Detections Parent topic

Procedure

  1. Go to DetectionsAll Detections.
  2. Set the detection severity level by dragging the Detection severity slider.
  3. Select a time period.
  4. To select columns for display, click Customize Columns, select one or more columns, then click Apply to return to the modified All Detections screen.

    All Detections Columns

    Columns
    Preselected
    Status
    X
    Timestamp
    X
    Source Host
    X
    Destination Host
    X
    Interested Host
    X
    Peer Host
     
    Sender
     
    Recipients
     
    Email Subject
     
    User Account
     
    Threat Description
    X
    Detection Name
    X
    Threat (Virtual Analyzer)
    Reference
     
    Detection Type
     
    Protocol
    X
    Transport Layer Security (TLS)
     
    Detection Severity
    X
    Attack Phase
    X
    Direction
     
    Notable Object
    X
    Note
    Note
    The default Timestamp and Threat Description columns cannot be removed.
    The default Details column cannot not be removed and does not appear in the Customize Columns option.
  5. (Optional) Click Mark Displayed as Resolved to mark all the detections displayed on the current page as resolved.
    In the Status column, the mark-as_unresolved.jpg icon changes to mark-as_resolved.jpg.
    Note
    Note
    After marking all displayed detections as resolved, detections can only be individually marked as unresolved.
  6. To run a basic search, do one of the following:
    • Type an IP address or host name in the search text box and press Enter.
    • Click the detections_search_ic.jpg icon.
    By default, Deep Discovery Inspector searches All Detections by Source Host, Destination Host, and Interested Host.
    detections_all-detec.jpg

    All Detections Basic Search

  7. To run a saved search, go to Detections>All Detections, open the drop-down menu of the search box, and click a saved search.
    Deep Discovery Inspector provides the following preset saved searches.

    Preset Saved Searches

    Name
    Filter Options
    Threats
    Detection type options include the following:
    • Malicious Content
    • Malicious Behavior
    • Suspicious Behavior
    • Exploit
    • Grayware
    • Malicious URL
    Known Threats
    File Detection Types: Known Malware
    Potential Threats
    • Virtual Analyzer Result: Has analysis results
    • File Detection type options include the following:
      • Highly Suspicious File
      • Heuristic Detection
    Email Threats
    Protocol options include the following:
    • IMAP4
    • POP3
    • SMTP
    Ransomware
    Detection name options include the following:
    • Ransomware-related detections
  8. To create and apply an advanced search filter, click Advanced.
  9. Click Export.
    A zip folder with the following files downloads:
    • threats.csv
    • malicious_urls.csv
    • application_filters.csv
    • correlated_incidents.csv