Views:

Gain intelligence about the context of a spear-phishing attack by investigating a wide array of information facets. Review the email headers to quickly verify the email message origin and how it was routed. Investigate attacks trending on your network by correlating common characteristics (examples: email subjects that appear to be your Human Resource department or fake internal email addresses). Based on the detections, change your policy configuration and warn your users to take preventive measures against similar attacks.

  1. Go to Detections > Email Messages.

    The Email Messages screen appears.

  2. Select the risk level by using the drop-down control.
  3. Select a time period.
  4. Select domains from which email messages should be displayed.
  5. (Optional) Click the More icon beside Advanced, select Customize columns, select the columns to hide or display, and then click Apply to return to the modified Email Messages screen.
  6. To run a basic search, type a keyword in the search text box, and then press ENTER or click the magnifying glass icon.

    By default, Deep Discovery Director (Consolidated Mode) searches Email Messages by Recipients, Email Header (To), Sender, Email Header (From).

  7. To run a saved search, click the Saved Searches icon, and then select a saved search.

    By default, Deep Discovery Director (Consolidated Mode) provides the following built-in saved searches:

    Table 1. Built-in Saved Searches

    Name

    Filter Options

    Virtual Analyzer Result Available

    Identified by: Virtual Analyzer

    Suspicious Message Identified

    Threat type options include the following:

    • Targeted malware

    • Malware

    • Malicious URL

    • Suspicious File

    • Suspicious URL

    • Phishing

    Spam/Graymail

    Threat Type: Spam/Graymail

    Content Violation

    Threat Type: Content violation

    Password-protected Attachment

    Has password-protected attachment

    YARA Rule Detections

    YARA Rule File Name: Has YARA rule file name
  8. To create and apply an advanced search filter, click Advanced.

    For details, see Email Messages Advanced Search Filter.

  9. (Optional) Click the More icon beside Advanced, select Export, select a delimiter to use, and then click OK to export and download the currently filtered list of email messages to a CSV file with the chosen delimiter.
Parent topic: Email Messages