Viewing Suspicious Hosts

A suspicious host is an IP address or host name with the potential to expose systems to danger or loss. View suspicious hosts to understand your risk, find related messages, and assess the relative prevalence of the suspicious host.

  1. Go to Detections > Suspicious Objects > Hosts.
  2. Specify the search criteria.
    • Host (IP address or host name)
    • Period
  3. Press ENTER.

    All suspicious objects matching the search criteria appear.

  4. View the results.

    Header

    Description

    Host

    View the IP address or host name used by the suspicious object.

    Port

    View the port number used by the suspicious object.

    Risk Level

    View the level of potential danger in a sample after Virtual Analyzer executes the file or opens the URL.

    Related Messages

    View the messages containing the same suspicious object.

    Latest Message Recipients

    View the most recent recipients of the email message containing suspicious objects.

    Latest Detection

    View the date and time Virtual Analyzer last found the suspicious object in a submitted object.