Viewing Affected Hosts - Correlation Data

Deep Discovery Director - Network Analytics is a transparent solution that provides advanced threat analysis using correlation data. If a detection has correlation data, you can access it through Deep Discovery Director.

  1. To view correlation data for any event, click the Correlation Data icon under the Details column on the Affected Hosts - Host Details screen.
    Note:
    • Deep Discovery Inspector must be integrated with Network Analytics servers to display correlation data.

    • The Correlation Data icon is present only if there is correlation data for that event.

    The Deep Discovery Director - Network Analytics Correlation Data screen appears.

  2. Use the following sections for advanced analysis of malicious activity:
    • Summary

      Provides a high-level overview of the malicious activity, risk level, and risk analysis for this correlation data.

    • Correlation Graph

      Provides a visual representation of correlations made between the detection object selected in Deep Discovery Director and other related events as they occur over time.

    • Transaction Details

      Provides details about each transaction represented in the correlation graph. Transactions are listed from oldest correlated events at the top to the most recent correlated event at the bottom.

    Tip:

    Information displayed in the Deep Discovery Director - Network Analytics Correlation Data screen is created dynamically. The number of correlations and details about interactions and malicious activity between hosts presented in the Deep Discovery Director - Network Analytics Correlation Data screen can change over time. You can access the correlation data for a specific detection at a later time to see if additional analysis details are available.

  3. Use the information in the Deep Discovery Director - Network Analytics Installation and Deployment Guide to assist in advanced analysis.