Viewing Detections for Files

Procedure

1. Go to Detections → Files.
2. Optionally, filter the result set by specifying search criteria.
   • File SHA1
   • Period
   When specifying a period, Deep Discovery Web Inspector dynamically filters the results.

   When specifying a file SHA1, click on the Search () icon or press Enter to filter the results.
   All detections matching the search criteria appear.
3. View the results.

   Header	Description
   File SHA1	View the file SHA1s that Deep Discovery Web Inspector detected as malicious or suspicious objects.
   Threat Name	View the threat name of the discovered suspicious file.
   Detections	View the number of detections with malicious or suspicious characteristics for the selected object.
   High Risk	View the number of high risk detections for the selected object. These are detections with malicious characteristics.
   Medium Risk	View the number of medium risk detections for the selected object. These are detections with characteristics that are most likely malicious.
   Low Risk	View the number of low risk detections for the selected object. These are detections with suspicious characteristics.
   Potential Threat	View the number of potential threat risk detections for the selected object. These are detections for sample submission to Virtual Analyzer.
   User Defined Risk	View the number of detections for user-defined objects. These detections might include the following: Untrusted Server Certificate or user-defined policy.
   Latest Detection	View the date and time for the most recent occurrence of the malicious or suspicious object detected in Deep Discovery Web Inspector.

4. Under Detections, click on the number to view more detailed information about detections for that file.
   The All Detections screen opens with the results filtered for that file SHA1.

   See Viewing All Detections.