All detections are the cumulative detections
for URLs, users, and files that contain malicious or suspicious content. Deep Discovery Web
Inspector assigns a risk
rating to each detection based on the investigation results.
By viewing all detections, you can gain intelligence about the context
of suspicious detections by investigating a wide array of information facets. You
can investigate attacks trending on your network by correlating common
characteristics. Based on the detections, you can change your policy configuration
and warn your users to take preventive measures against similar attacks.
You can narrow your results by applying basic and advanced search
filters.
Procedure
- Go to .
- Specify the search criteria.See the following for details:
- Review the detection results.For each detection, Deep Discovery Web Inspector displays the following information:HeaderDescriptionTimeView the date and time that the malicious or suspicious object was detected in Deep Discovery Web Inspector.Risk LevelView the risk level assigned to the selected object.User NameView the user name logged on to the host with detections of malicious or suspicious objects.
Note
When Active Directory Services are configured and Deep Discovery Web Inspector can identify the logged on user for the detection, the user name is displayed. Otherwise the IP address of the host is displayed.DomainView the name of the domain where Deep Discovery Web Inspector detected the malicious or suspicious object.Threat NameView the threat name of the discovered object.You can click on the threat name to learn more information about that threat.ActionView the final result after scanning and analyzing the malicious or suspicious object. The result is the executed policy action.For samples submitted to the Virtual Analyzer for analysis and patient-zero is enabled, the action isAnalyzing
. - Click the expansion icon (
) beside a detection to view detailed results.