Views:
  1. To view detection details for any event, click the Details icon under the Details column on the Correlated Events screen.
    Note:

    The Details icon may not appear because:

    • The related detection logs have been purged

    • The current user account's role cannot see and manage appliances with related detections

    • Appliances with related detections have been moved to the Unmanaged group

    • Appliances with related detections have been unregistered from Deep Discovery Director (Internal Network Analytics Version)

    Detection details about the event are displayed.

  2. In the Connection Details section, you may do the following:

    • Click View in Threat Connect to connect with Threat Connect, where you can search for current information about the threat.

    • Click Download and then select Connection Details to download a CSV file of the connection details.

    • Click Download and then select Detected File to download a password protected ZIP archive containing the detected file.

    • If a packet capture has been enabled and the detection matched a packet capture rule, click Download and then select PCAP File to download a password protected ZIP archive containing the pcap file.

      In the pcap file, the comment "Detected Packet" in the "pkt_comment" field marks the packet that triggered the detection.

    • Click Download and then select All to download a password protected ZIP archive containing the detected file, the packet capture file, and the connection details.

    Important:

    Suspicious files must always be handled with caution. Extract the detected file and pcap file at your own risk.

    The password for the zip archive is "virus".

  3. In the File Analysis Result section, you may do the following:

    • Click View Virtual Analyzer Report to view the Virtual Analyzer report.

    • Click Download and then select Virtual Analyzer Report to download the Virtual Analyzer report.

    • Click Download and then select Investigation Package to download a password protected ZIP archive containing the investigation package.

    • Click Download and then select Detected File to download a password protected ZIP archive containing the detected file.

    • Click Download and then select All to download a password protected ZIP archive containing the detected file, the Virtual Analyzer report, and the investigation package.

    Important:

    Suspicious files must always be handled with caution. Extract the detected file at your own risk.

    The password for the zip archive is "virus".

  4. In the Suspicious Object and Related File Analysis Result section, view suspicious object and related analyzed file information.
Parent topic: Correlated Events