Information provided in the Detection Information section may include the following:
-
Activity detected
-
Attack phase
-
Correlation Rule ID (ICID)
-
Detection name
-
Detection rule ID
-
Detection severity
-
Detection type
-
Event class
-
MITRE ATT&CK™ Framework
-
Tactics
-
Techniques
Tip:Click the tactic or technique to view more details on the MITRE website.
Important:MITRE information displayed on Deep Discovery Director (Internal Network Analytics Version) is based on ATT&CK™ v6. The information may be different when displayed on products that use a different version of ATT&CK™.
© ATT&CK™ is a trademark of the MITRE Corporation.
-
-
Notable Object
-
Protocol
-
Reference
-
Targeted attack campaign
-
Targeted attack related
-
Threat
-
Threat description
-
Timestamp
-
URL category
-
Virtual Analyzer risk level
Additional information may appear for specific correlated incidents.
|
Detection Types |
Description |
|---|---|
|
Correlated Incident |
Events/detections that occur in a sequence or reach a threshold and define a pattern of activity |
|
Disruptive Application |
Any peer-to-peer, instant messaging, or streaming media applications considered to be disruptive because they may do the following:
|
|
Exploit |
Network and file-based attempts to access information |
|
Grayware |
Adware/grayware detections of all types and confidence levels |
|
Malicious Behavior |
Behavior that definitely indicates compromise with no further correlation needed, including the following:
|
|
Malicious Content |
File signature detections |
|
Malicious URL |
Websites that try to perform malicious activities |
|
Suspicious Behavior |
Behavior that could indicate compromise but requires further correlation to confirm, including the following:
|