View synchronized suspicious objects to understand your risk, find related detections, and assess the relative prevalence of the suspicious object.
-
Go to Threat Intelligence > Product Intelligence > Synchronized Suspicious Objects.
The Synchronized Suspicious Objects screen appears.
-
Click the drop-down for detection type and then select one
of the following detection types:
-
All (default)
-
IP addresses
-
URLs
-
File SHA-1
-
Domains
-
- To run a search, type an IP address, domain, URL or SHA-1 hash value in the search text box, and then press ENTER or click the magnifying glass icon.
-
(Optional) Click a number in the Network
Detections or Email Messages column to
drill-down to the Network Detections or
Email Messages screen with filters
applied.
Note:
The Network Detections number only includes detections from Deep Discovery Inspector appliances. The Email Messages number only includes email messages from Deep Discovery Email Inspector appliances.
-
(Optional) To configure detections-related display
settings, hover over the Network Detections or
Email Messages icon in the column title and select
Display Settings.
- Select a time period.
-
Select which appliances to include as data source,
and domains from which email messages should be displayed.
Note:
The time period, data source, and monitored domain filters only affect the Detections numbers.
- Click Apply.
- (Optional) Click on the column titles to sort the list of synchronized suspicious objects.
Parent topic: Synchronized Suspicious Objects