Views:
Gain intelligence about the context of a spear-phishing attack by investigating a wide array of information facets. Review the email headers to quickly verify the email message origin and how it was routed. Investigate attacks trending on your network by correlating common characteristics (examples: email subjects that appear to be your Human Resource department or fake internal email addresses). Based on the detections, change your policy configuration and warn your users to take preventive measures against similar attacks.

Procedure

  1. Go to DetectionsEmail Messages.
    The Email Messages screen appears.
  2. Select the risk level by using the drop-down control.
  3. Select a time period.
  4. Select domains from which email messages should be displayed.
  5. (Optional) Click the More icon beside Advanced, select Customize columns, select the columns to hide or display, and then click Apply to return to the modified Email Messages screen.
  6. To run a basic search, type a keyword in the search text box, and then press ENTER or click the magnifying glass icon.
    By default, Deep Discovery Director (Consolidated Mode) searches Email Messages by Recipients, Email Header (To), Sender, Email Header (From).
  7. To run a saved search, click the Saved Searches icon, and then select a saved search.
    By default, Deep Discovery Director (Consolidated Mode) provides the following built-in saved searches:

    Built-in Saved Searches

    Name
    Filter Options
    Virtual Analyzer Result Available
    Identified by: Virtual Analyzer
    Suspicious Message Identified
    Threat type options include the following:
    • Targeted malware
    • Malware
    • Malicious URL
    • Suspicious File
    • Suspicious URL
    • Phishing
    Spam/Graymail
    Threat Type: Spam/Graymail
    Content Violation
    Threat Type: Content violation
    Password-protected Attachment
    Has password-protected attachment
    YARA Rule Detections
    YARA Rule File Name: Has YARA rule file name
  8. To create and apply an advanced search filter, click Advanced.
    For details, see Email Messages Advanced Search Filter.
  9. (Optional) Click the More icon beside Advanced, select Export, select a delimiter to use, and then click OK to export and download the currently filtered list of email messages to a CSV file with the chosen delimiter.