-
Go to Detections > Affected Hosts and click any detection link.
Details about the host are displayed.
- Select the detection severity level by using the drop-down control.
- Select a time period.
- Select which appliances to include as data source.
-
(Optional) Click the More icon beside
Advanced, select Customize
columns, select the columns to hide or display, and then click
Apply to return to the modified Host Details screen.
Table 1. General Columns Column Name
Preselected
Timestamp
X
Details
X
Data Source
X
Source Host
Destination Host
Interested Host
Interested Network Group
Peer Host
X
Peer Network Group
Peer IP Country/Region
User Account
Note:The default Timestamp, Details, and Threat Description columns cannot be removed.
Table 2. Email Columns Column Name
Preselected
Sender
Recipients
Email Subject
Table 3. Detection Information Columns Column Name
Preselected
Threat Description
X
Detection Name
X
Threat (Virtual Analyzer)
Reference
Detection Type
Protocol
X
Transport Layer Security (TLS)
Detection Severity
X
Attack Phase
X
Tactics
X
URL Category
Direction
X
Notable Object
X
YARA Rule File Name
-
To run a basic search, type an IP address or host name in the search text box, and then press ENTER or click the magnifying glass icon.
By default, Deep Discovery Director (Internal Network Analytics Version) searches Affected Hosts - Host Details by Peer Host.
-
To run a saved search, click the Saved Searches icon, and then select a saved search.
Deep Discovery Director (Internal Network Analytics Version) provides the following built-in saved searches:
Table 4. Built-in Saved Searches Name
Filter Options
Threats
Detection type options include the following:
-
Malicious Content
-
Malicious Behavior
-
Suspicious Behavior
-
Exploit
-
Grayware
-
Malicious URL
Known Threats
File Detection Types: Known Malware
Potential Threats
-
Virtual Analyzer Result: Has analysis results
-
File Detection type options include the following:
-
Highly Suspicious File
-
Heuristic Detection
-
Ransomware
Detection name options include the following:
-
Ransomware-related detections
YARA Rule Detections
YARA Rule File Name: Has YARA rule file name
-
-
To create and apply an advanced search filter, click
Advanced.
For details, see About Affected Hosts - Host Details Advanced Search Filter.
-
Click Export to export the currently filtered list of
host details.
The Export dialog appears.
- Confirm the filters and select a delimiter to use.
- Click OK to export and download the currently filtered list of host details to a CSV file with the chosen delimiter.
Views: