Viewing Synchronized Suspicious Objects

Deep Discovery Email Inspector can synchronize suspicious objects with an external source (for example, Apex Central, Deep Discovery Director, or Deep Discovery Analyzer). View synchronized suspicious objects to understand your risk, find related messages, and assess the relative prevalence of the suspicious object.

Note:

If Deep Discovery Email Inspector is registered to both Apex Central and Deep Discovery Director 3.0 (or later), Deep Discovery Email Inspector synchronizes suspicious objects from Deep Discovery Director and overwrites existing suspicious objects from Apex Central.

  1. Go to Detections > Suspicious Objects > Synchronized Suspicious Objects.
  2. Specify the search criteria.
    • Suspicious Object (IP address, host name, URL, file SHA-1, or file SHA-256)
    • Period (time range to filter based on the last synchronized time)
  3. Press ENTER.

    All suspicious objects matching the search criteria appear.

  4. View the results.

    Header

    Description

    Suspicious Object

    View the IP address, host name, URL, file SHA-1, or file SHA-256 associated with the synchronized suspicious object.

    Type

    View the suspicious object type (Domain, File, IP, or URL).

    Risk Level

    View the level of potential danger in a sample after Virtual Analyzer executes the file or opens the URL.

    Source

    View the source of the synchronized suspicious object.

    The source can be one of the following:

    • Apex Central

    • Deep Discovery Analyzer

    • Deep Discovery Director

    User-Defined

    View whether the synchronized suspicious object is user-defined or not.

    Expiration

    View the date and time the object is not considered suspicious.

    Last Synchronized

    View the date and time the entry was last synchronized with the source.
Parent topic: Suspicious Objects