Overview of the Correlation Data Screen

The Correlation Data screen consists of the following main sections:

The Summary section displays the severity, the number of detected internal hosts and Indicators of Compromise (IOCs), and the attack patterns, and provides a high-level overview of the malicious activity of the correlated event.

To export the correlation data of this correlated event, click Export and then select Printer-friendly or CSV.

Click on the help icon () and then select Tutorial to display an on-screen tutorial that describes each section of the Correlation Data screen step-by-step. Use Next and Back to navigate the tutorial, or click Skip to end it immediately.

The Summary section can be collapsed and expanded by clicking on the collapse () and expand icons ().

See Reviewing the Summary.

The Correlation Graph section provides a visual representation of correlations made between the correlated event or suspicious object selected in Deep Discovery Director and other related events as they occurred over time.

Click on the filter icon () located next to the Playback Bar to display or hide the advanced search filter.

See Analysis Using the Correlation Graph.

The Transaction and IOC Details section provides details about each transaction represented in the correlation graph, and each detected Indicator of Compromise (IOC)

Transactions are listed from oldest transaction at the top to the most recent transaction at the bottom. Listed transactions might have occurred in a single day or might span several months, depending on the correlations found by Deep Discovery Director - Network Analytics. IOCs are listed from oldest first seen at the top to the most recent first seen at the bottom.

The Transaction and IOC Details section can be collapsed and expanded by clicking on the collapse () and expand icons ().

See Analysis Using the Transaction and IOC Details.