-
To view detection details for any event, click the Details icon under the Details column on the Correlated Events screen.
Note:
The Details icon may not appear because:
-
The related detection logs have been purged
-
The current user account's role cannot see and manage appliances with related detections
-
Appliances with related detections have been moved to the Unmanaged group
-
Appliances with related detections have been unregistered from Deep Discovery Director (Internal Network Analytics Version)
Detection details about the event are displayed.
-
-
In the Connection Details section, you may do the following:
-
Click View in Threat Connect to connect with Threat Connect, where you can search for current information about the threat.
-
Click Download and then select Connection Details to download a CSV file of the connection details.
-
Click Download and then select Detected File to download a password protected ZIP archive containing the detected file.
-
If a packet capture has been enabled and the detection matched a packet capture rule, click Download and then select PCAP File to download a password protected ZIP archive containing the pcap file.
In the pcap file, the comment "Detected Packet" in the "pkt_comment" field marks the packet that triggered the detection.
-
Click Download and then select All to download a password protected ZIP archive containing the detected file, the packet capture file, and the connection details.
Important:Suspicious files must always be handled with caution. Extract the detected file and pcap file at your own risk.
The password for the zip archive is "virus".
-
-
In the File Analysis Result section, you may do the following:
-
Click View Virtual Analyzer Report to view the Virtual Analyzer report.
-
Click Download and then select Virtual Analyzer Report to download the Virtual Analyzer report.
-
Click Download and then select Investigation Package to download a password protected ZIP archive containing the investigation package.
-
Click Download and then select Detected File to download a password protected ZIP archive containing the detected file.
-
Click Download and then select All to download a password protected ZIP archive containing the detected file, the Virtual Analyzer report, and the investigation package.
Important:Suspicious files must always be handled with caution. Extract the detected file at your own risk.
The password for the zip archive is "virus".
-
- In the Suspicious Object and Related File Analysis Result section, view suspicious object and related analyzed file information.
Views: