Gain intelligence about the context of a spear-phishing attack by investigating a wide array of information facets. Review the email headers to quickly verify the email message origin and how it was routed. Investigate attacks trending on your network by correlating common characteristics (examples: email subjects that appear to be your Human Resource department or fake internal email addresses). Based on the detections, change your policy configuration and warn your users to take preventive measures against similar attacks.
-
Go to Detections > Email Messages.
The Email Messages screen appears.
- Select the risk level by using the drop-down control.
- Select a time period.
- Select domains from which email messages should be displayed.
- (Optional) Click the More icon beside Advanced, select Customize columns, select the columns to hide or display, and then click Apply to return to the modified Email Messages screen.
-
To run a basic search, type a keyword in the search text
box, and then press ENTER or click the magnifying glass icon.
By default, Deep Discovery Director (Consolidated Mode) searches Email Messages by Recipients, Email Header (To), Sender, Email Header (From).
-
To run a saved search, click the Saved Searches icon, and then select a saved search.
By default, Deep Discovery Director (Consolidated Mode) provides the following built-in saved searches:
Table 1. Built-in Saved Searches Name
Filter Options
Virtual Analyzer Result Available
Identified by: Virtual Analyzer
Suspicious Message Identified
Threat type options include the following:
-
Targeted malware
-
Malware
-
Malicious URL
-
Suspicious File
-
Suspicious URL
-
Phishing
Spam/Graymail
Threat Type: Spam/Graymail
Content Violation
Threat Type: Content violation
Password-protected Attachment
Has password-protected attachment
YARA Rule Detections
YARA Rule File Name: Has YARA rule file name
-
-
To create and apply an advanced search filter, click
Advanced.
For details, see Email Messages Advanced Search Filter.
- (Optional) Click the More icon beside Advanced, select Export, select a delimiter to use, and then click OK to export and download the currently filtered list of email messages to a CSV file with the chosen delimiter.