Information provided in the Detection
Information section may include the following:
-
Activity detected
-
Attack phase
-
Correlation Rule ID (ICID)
-
Detection name
-
Detection rule ID
-
Detection severity
-
Detection type
-
Event class
-
MITRE ATT&CK™ Framework
-
Tactics
-
Techniques
Tip
Click the tactic or technique to view more details on the MITRE website.
Important
MITRE information displayed on Deep Discovery Director (Internal Network Analytics Version) is based on ATT&CK™ v6. The information may be different when displayed on products that use a different version of ATT&CK™.© ATT&CK™ is a trademark of the MITRE Corporation. -
-
Notable Object
-
Protocol
-
Reference
-
Targeted attack campaign
-
Targeted attack related
-
Threat
-
Threat description
-
Timestamp
-
URL category
-
Virtual Analyzer risk level
 |
NoteAdditional information may appear for specific correlated incidents.
|
Detection Types
|
Detection Types
|
Description
|
|
Correlated Incident
|
Events/detections that occur in a sequence or reach a
threshold and define a pattern of activity
|
|
Disruptive Application
|
Any peer-to-peer, instant messaging, or streaming media
applications considered to be disruptive because they may do the following:
|
|
Exploit
|
Network and file-based attempts to access information
|
|
Grayware
|
Adware/grayware detections of all types and confidence
levels
|
|
Malicious Behavior
|
Behavior that definitely indicates compromise with no
further correlation needed, including the following:
|
|
Malicious Content
|
File signature detections
|
|
Malicious URL
|
Websites that try to perform malicious activities
|
|
Suspicious Behavior
|
Behavior that could indicate compromise but requires
further correlation to confirm, including the following:
|