Viewing Network Detections

  1. Go to Detections > Network Detections.

    The Network Detections screen appears.

  2. Select the detection severity level by using the drop-down control.
  3. Select a time period.
  4. Select which appliances to include as data source.
  5. (Optional) Click the More icon beside Advanced, select Customize columns, select the columns to hide or display, and then click Apply to return to the modified Network Detections screen.
    Table 1. General Columns

    Column Name

    Preselected

    Timestamp

    X

    Data Source

    X

    Details

    X

    Source Host

    X

    Destination Host

    X

    Interested Host

    X

    Interested Network Group

     

    Peer Host

     

    Peer Network Group

     

    Peer IP Country

     
    Note:

    The default Timestamp column cannot be removed.

    Table 2. Email Columns

    Column Name

    Preselected

    Sender

     

    Recipients

     

    Email Subject

     

    User Account

     
    Table 3. Detection Information Columns

    Column Name

    Preselected

    Threat Description

    X

    Detection Name

    X

    Threat (Virtual Analyzer)

     

    Reference

     

    Detection Type

     

    Protocol

    X

    Transport Layer Security (TLS)

     

    Detection Severity

    X

    Attack Phase

    X

    URL Category

     

    Direction

     

    Notable Object

    X

    Note:

    The default Threat Description column cannot be removed.

  6. To run a basic search, type an IP address or host name in the search text box, and then press ENTER or click the magnifying glass icon.

    By default, Deep Discovery Director (Consolidated Mode) searches Network Detections by Source Host, Destination Host, and Interested Host.

  7. To run a saved search, click the Saved Searches icon, and then select a saved search.

    Deep Discovery Director (Consolidated Mode) provides the following built-in saved searches:

    Table 4. Built-in Saved Searches

    Name

    Filter Options

    Threats

    Detection type options include the following:

    • Malicious Content

    • Malicious Behavior

    • Suspicious Behavior

    • Exploit

    • Grayware

    • Malicious URL

    Known Threats

    File Detection Types: Known Malware

    Potential Threats

    • Virtual Analyzer Result: Has analysis results
    • File Detection type options include the following:

      • Highly Suspicious File

      • Heuristic Detection

    Email Threats

    Protocol options include the following:

    • IMAP4

    • POP3

    • SMTP

    Ransomware

    Detection name options include the following:

    • Ransomware-related detections

    Detections with Correlation Data

    Note:

    Deep Discovery Inspector must be integrated with Network Analytics servers to display correlation data.

  8. To create and apply an advanced search filter, click Advanced.

    For details, see Network Detections Advanced Search Filter.

  9. (Optional) Click the More icon beside Advanced, select Export, select a delimiter to use, and then click OK to export and download the currently filtered list of network detections to a CSV file with the chosen delimiter.