Viewing User-Defined Suspicious Objects - Correlation Data

Views:

Deep Discovery Director - Network Analytics is a transparent solution that provides advanced threat analysis using correlation data. If a suspicious object has correlation data, you can access it through Deep Discovery Director.

Go to Threat Intelligence > Custom Intelligence > User-Defined Suspicious Objects.
To view correlation data, click the Correlation Data icon () under Details.
Note:
- The Correlation Data icon is grayed out when correlation data is unavailable.
- Deep Discovery Director - Network Analytics only stores correlation data for suspicious objects for a limited time, even if the suspicious objects are set to never expire.
- Deep Discovery Inspector appliances from which you want to collect correlated data must enabled as connected sources.
The Correlation Data screen appears.
Use the following sections for advanced analysis of malicious activity:
- Summary
  
  Displays the severity, the number of detected internal hosts and Indicators of Compromise (IOCs), the assigned attack patterns, and provides a high-level overview of the malicious activity of the correlation data.
- Correlation Graph
  
  Provides a visual representation of correlations made between the correlated event selected in Deep Discovery Director and other related events as they occurred over time.
- Transaction and IOC Details
  
  Provides details about each transaction represented in the correlation graph, and each detected Indicator of Compromise (IOC). Transactions are listed from oldest transaction at the top to the most recent transaction at the bottom. IOCs are listed from oldest first seen at the top to the most recent first seen at the bottom.
Tip:
Information displayed in the Correlation Data screen is created dynamically. The number of correlations and details about interactions and malicious activity between hosts presented in this screen can change over time. You can access the correlation data for a specific detection at a later time to see if additional analysis details are available.
For details on how to use the information displayed in the Correlation Data screen to assist in advanced analysis, see Analyzing Correlation Data Information.