Views:
  1. Go to Detections > Affected Hosts and click any detection link.

    Details about the host are displayed.

  2. Select the detection severity level by using the drop-down control.
  3. Select a time period.
  4. Select which appliances to include as data source.
  5. (Optional) Click the More icon beside Advanced, select Customize columns, select the columns to hide or display, and then click Apply to return to the modified Host Details screen.
    Table 1. General Columns

    Column Name

    Preselected

    Timestamp

    X

    Details

    X

    Data Source

    X

    Source Host

    		  

    Destination Host

    		  

    Interested Host

    		  

    Interested Network Group

    		  

    Peer Host

    X

    Peer Network Group

    		  

    Peer IP Country/Region

    		  

    User Account

    		  
    Note:

    The default Timestamp, Details, and Threat Description columns cannot be removed.

    Table 2. Email Columns

    Column Name

    Preselected

    Sender

    		  

    Recipients

    		  

    Email Subject

    		  
    Table 3. Detection Information Columns

    Column Name

    Preselected

    Threat Description

    X

    Detection Name

    X

    Threat (Virtual Analyzer)

    		  

    Reference

    		  

    Detection Type

    		  

    Protocol

    X

    Transport Layer Security (TLS)

    		  

    Detection Severity

    X

    Attack Phase

    X

    Tactics

    X

    URL Category

    		  

    Direction

    X

    Notable Object

    X

    YARA Rule File Name

    		  
  6. To run a basic search, type an IP address or host name in the search text box, and then press ENTER or click the magnifying glass icon.

    By default, Deep Discovery Director (Internal Network Analytics Version) searches Affected Hosts - Host Details by Peer Host.

  7. To run a saved search, click the Saved Searches icon, and then select a saved search.

    Deep Discovery Director (Internal Network Analytics Version) provides the following built-in saved searches:

    Table 4. Built-in Saved Searches

    Name

    Filter Options

    Threats

    Detection type options include the following:

    • Malicious Content

    • Malicious Behavior

    • Suspicious Behavior

    • Exploit

    • Grayware

    • Malicious URL

    Known Threats

    File Detection Types: Known Malware

    Potential Threats

    • Virtual Analyzer Result: Has analysis results

    • File Detection type options include the following:

      • Highly Suspicious File

      • Heuristic Detection

    Ransomware

    Detection name options include the following:

    • Ransomware-related detections

    YARA Rule Detections

    YARA Rule File Name: Has YARA rule file name
  8. To create and apply an advanced search filter, click Advanced.

    For details, see About Affected Hosts - Host Details Advanced Search Filter.

  9. Click Export to export the currently filtered list of host details.

    The Export dialog appears.

  10. Confirm the filters and select a delimiter to use.
  11. Click OK to export and download the currently filtered list of host details to a CSV file with the chosen delimiter.
Parent topic: Affected Hosts