An attack source is the first MTA with a public IP address that routes a
suspicious message. For example, if a suspicious message travels the
following route: IP1 (sender) > IP2 (MTA: 225.237.59.52) > IP3
(company mail gateway) > IP4 (recipient), Deep Discovery Email
Inspector
identifies 225.237.59.52 (IP2) as the attack source. By studying attack
sources, you can identify regional attack patterns or attack patterns that
involve the same mail server.
Procedure
- Go to .
- Specify the search criteria.
- Attack source (IP address)
- Country
- Select the Period.
- Press ENTER.All email messages matching the search criteria appear.
- View the results.HeaderDescriptionAttack SourceView the IP address of the attack source.CountryView the country where the attack source is located.
Note
A dash (-) indicates that the location information is not available.CityView the city where the attack source is located.Note
A dash (-) indicates that the location information is not available.DetectionsView the email messages with malicious or suspicious characteristics. Signature-based detection involves searching for known patterns of data within executable code or behavior analysis. Click the number to see more information about the suspicious message.High RiskView the detected messages with malicious characteristics.Medium RiskView the detected messages with characteristics that are most likely malicious.Low RiskView the detected spam messages or detected messages with content violations or suspicious characteristics.Spam/GraymailView the number of detected spam messages or graymail.Content ViolationView the number of detected messages with content violations.DLP IncidentView the number of detected messages with DLP incidents.
View the number of email messages with embedded malicious links.
View the number of file attachments that are detected by policy rules.Latest DetectionView the most recent occurrence of the detected message.