Views:
  1. Go to Detections > Network Detections.
  2. Select the detection severity level by using the drop-down control.
  3. Select a time period.
  4. Select which appliances to include as data source.
  5. (Optional) Click the More icon beside Advanced, select Customize columns, select the columns to hide or display, and then click Apply to return to the modified Network Detections screen.
    Table 1. General Columns

    Column Name

    Preselected

    Timestamp

    X

    Data Source

    X

    Details

    X

    Source Host

    X

    Destination Host

    X

    Interested Host

    X

    Interested Network Group

    		  

    Peer Host

    		  

    Peer Network Group

    		  

    Peer IP Country/Region

    		  

    User Account

    		  
    Note:

    The default Timestamp and Details columns cannot be removed.

    Table 2. Email Columns

    Column Name

    Preselected

    Sender

    		  

    Recipients

    		  

    Email Subject

    		  
    Table 3. Detection Information Columns

    Column Name

    Preselected

    Threat Description

    X

    Detection Name

    X

    Threat (Virtual Analyzer)

    		  

    Reference

    		  

    Detection Type

    		  

    Protocol

    X

    Transport Layer Security (TLS)

    		  

    Detection Severity

    X

    Attack Phase

    X

    Tactics

    X

    URL Category

    		  

    Direction

    		  

    Notable Object

    X

    YARA Rule File Name

    		  
    Note:

    The default Threat Description column cannot be removed.

  6. To run a basic search, type an IP address or host name in the search text box, and then press ENTER or click the magnifying glass icon.

    By default, Deep Discovery Director (Internal Network Analytics Version) searches Network Detections by Source Host, Destination Host, and Interested Host.

  7. To run a saved search, click the Saved Searches icon, and then select a saved search.

    Deep Discovery Director (Internal Network Analytics Version) provides the following built-in saved searches:

    Table 4. Built-in Saved Searches

    Name

    Filter Options

    Threats

    Detection type options include the following:

    • Malicious Content

    • Malicious Behavior

    • Suspicious Behavior

    • Exploit

    • Grayware

    • Malicious URL

    Known Threats

    File Detection Types: Known Malware

    Potential Threats
    • Virtual Analyzer Result: Has analysis results

    • File Detection type options include the following:

      • Highly Suspicious File

      • Heuristic Detection

    Email Threats

    Protocol options include the following:

    • IMAP4

    • POP3

    • SMTP

    Ransomware

    Detection name options include the following:

    • Ransomware-related detections

    YARA Rule Detections

    YARA Rule File Name: Has YARA rule file name
  8. To create and apply an advanced search filter, click Advanced.

    For details, see Network Detections Advanced Search Filter.

  9. (Optional) Click the More icon beside Advanced, select Export, select a delimiter to use, and then click OK to export and download the currently filtered list of network detections to a CSV file with the chosen delimiter.
Parent topic: Network Detections