Synchronized Suspicious Objects List

The following table describes the suspicious objects that Deep Discovery Analyzer synchronizes from Deep Discovery Director.

Field

Description

Object

The IP address, domain, URL, or SHA-1 hash value of the file

Type

IP address, Domain, URL, or File SHA-1

Risk level

If the suspicious object is:

  • IP address or domain: The risk level that typically shows is either High or Medium (see risk level descriptions below). This means that high- and medium-risk IP addresses/domains are treated as suspicious objects.

  • URL: The risk level that shows is High or Medium

  • File SHA-1: The risk level that shows is always High

Risk level descriptions:

  • High: Known malicious or involved in high-risk connections

  • Medium: IP address/domain/URL is unknown to reputation service

Expiration

Date and time Virtual Analyzer will remove the object from the Suspicious Objects tab

Last synchronized

Date and time the object was last synchronized from Deep Discovery Director.

The following table describes the tasks you can perform on the Synchronized Suspicious Objects tab.

Task

Steps

Export/Export All

Select one or several objects and then click Export to save the objects to a CSV file.

Click Export All to save all the objects to a CSV file.

Data Filters

If there are too many entries in the table, limit the entries by performing these tasks:

  • Select an object type from the Type drop-down list.

  • Type a keyword in the Search keyword text box.

Records and Pagination Controls

The panel at the bottom of the screen shows the total number of objects. If all objects cannot be displayed at the same time, use the pagination controls to view the objects that are hidden from view.