The Attack
Sources widget shows an interactive map representing all source MTAs that routed
suspicious email traffic.
An attack source is the first MTA with a public IP address that routes a
suspicious message. For example, if a suspicious message travels the
following route: IP1 (sender) > IP2 (MTA: 225.237.59.52) > IP3
(company mail gateway) > IP4 (recipient), Deep Discovery Email
Inspector
identifies 225.237.59.52 (IP2) as the attack source. By studying attack
sources, you can identify regional attack patterns or attack patterns that
involve the same mail server.
Mouse-over any point on the map to learn about the events that came from the attack
source
location.
Click any highlighted region on the map to learn more about attacks originating from
that region.
 |
NoteAttacks in the No data group are detected attacks with no
location information.
For example, if Deep Discovery Email
Inspector is unable to obtain a public IP address from the message routing
information, no location information is available.
|
Click View all attack sources in the top-right corner to go to the
Attack Sources screen.