Views:

Procedure

  1. Go to DetectionsAll Detections.
  2. Set the detection severity level by dragging the Detection severity slider.
  3. Select a time period.
  4. To select columns for display, click Customize Columns, select one or more columns, then click Apply to return to the modified All Detections screen.

    All Detections Columns

    Columns
    Preselected
    Status
    X
    Timestamp
    X
    Source Host
    X
    Destination Host
    X
    Interested Host
    X
    Peer Host
    		  
    Sender
    		  
    Recipients
    		  
    Email Subject
    		  
    User Account
    		  
    Threat Description
    X
    Detection Name
    X
    Threat (Virtual Analyzer)
    Reference
    		  
    Detection Type
    		  
    Protocol
    X
    Transport Layer Security (TLS)
    		  
    Detection Severity
    X
    Attack Phase
    X
    Direction
    		  
    Notable Object
    X
    Note
    Note
    The default Timestamp and Threat Description columns cannot be removed.
    The default Details column cannot not be removed and does not appear in the Customize Columns option.
  5. (Optional) Click Mark Displayed as Resolved to mark all the detections displayed on the current page as resolved.
    In the Status column, the mark-as-unresolved.jpg icon changes to mark-as-resolved.jpg.
    Note
    Note
    After marking all displayed detections as resolved, detections can only be individually marked as unresolved.
  6. To run a basic search, do one of the following:
    • Type an IP address or host name in the search text box and press Enter.
    • Click the detections-search-ic.jpg icon.
    By default, Deep Discovery Inspector searches All Detections by Source Host, Destination Host, and Interested Host.
    detections-all-detec.jpg
    All Detections Basic Search
  7. To run a saved search, go to Detections>All Detections, open the drop-down menu of the search box, and click a saved search.
    Deep Discovery Inspector provides the following preset saved searches.

    Preset Saved Searches

    Name
    Filter Options
    Threats
    Detection type options include the following:
    • Malicious Content
    • Malicious Behavior
    • Suspicious Behavior
    • Exploit
    • Grayware
    • Malicious URL
    Known Threats
    File Detection Types: Known Malware
    Potential Threats
    • Virtual Analyzer Result: Has analysis results
    • File Detection type options include the following:
      • Highly Suspicious File
      • Heuristic Detection
    Email Threats
    Protocol options include the following:
    • IMAP4
    • POP3
    • SMTP
    Ransomware
    Detection name options include the following:
    • Ransomware-related detections
  8. To create and apply an advanced search filter, click Advanced.
    For details, see All detections advanced search filter.
  9. Click Export.
    A zip folder with the following files downloads:
    • threats.csv
    • malicious_urls.csv
    • application_filters.csv
    • correlated_incidents.csv