Viewing Affected Hosts - Host Details

  1. Go to Detections > Affected Hosts.
  2. To display Affected Hosts - Host Details, do one of the following:
    • Click any detection link associated with an affected host.

    • Click the IP address of an affected host.

    Details about the host are displayed.

  3. Select the detection severity level by using the drop-down control.
  4. Select a time period.
  5. (Optional) Click the customize columns icon beside Advanced Search, select one or more optional columns for display, and click Apply to return to the modified Host Details screen.
    Table 1. General Columns

    Column Name

    Preselected

    Timestamp

    X

    Details

    X

    Data Source

    X

    Source Host

     

    Destination Host

     

    Interested Host

     

    Interested Network Group

     

    Peer Host

    X

    Peer Network Group

     

    Peer IP Country

     
    Note:

    The default Timestamp, Details, and Threat Description columns cannot be removed.

    Table 2. Email Columns

    Column Name

    Preselected

    Sender

     

    Recipients

     

    Email Subject

     

    User Account

     
    Table 3. Detection Information Columns

    Column Name

    Preselected

    Threat Description

    X

    Detection Name

    X

    Threat (Virtual Analyzer)

     

    Reference

     

    Detection Type

     

    Protocol

    X

    Transport Layer Security (TLS)

     

    Detection Severity

    X

    Attack Phase

    X

    URL Category

     

    Direction

    X

    Notable Object

    X

  6. To run a basic search, type an IP address or host name in the search text box, and then press ENTER or click the magnifying glass icon.

    By default, Deep Discovery Director (Consolidated Mode) searches Affected Hosts - Host Details by Peer Host.

  7. To run a saved search, click the Saved Searches icon, and then select a saved search.

    Deep Discovery Director (Consolidated Mode) provides the following built-in saved searches:

    Table 4. Built-in Saved Searches

    Name

    Filter Options

    Threats

    Detection type options include the following:

    • Malicious Content

    • Malicious Behavior

    • Suspicious Behavior

    • Exploit

    • Grayware

    • Malicious URL

    Known Threats

    File Detection Types: Known Malware

    Potential Threats

    • Virtual Analyzer Result: Has analysis results

    • File Detection type options include the following:

      • Highly Suspicious File

      • Heuristic Detection

    Ransomware

    Detection name options include the following:

    • Ransomware-related detections

  8. To create and apply an advanced search filter, click Advanced.

    For details, see About Affected Hosts - Host Details Advanced Search Filter.

  9. Click Export to export the currently filtered list of host details.

    The Export dialog appears.

  10. Confirm the filters and select a delimiter to use.
  11. Click OK to export and download the currently filtered list of host details to a CSV file with the chosen delimiter.