Monitoring Log

Use the Monitoring Logs screen to view all files collected by the monitoring process.

The following table lists all the details available for review:

Table 1. Monitoring Log

Column Name

Description

Detection Time

Date and time when the object was detected.

Rule Category

Classification based on the six stages of a targeted attack.

For details, see Rule Category.

Host

Endpoint where the object was found.

Objects

Number of objects found in the endpoint.

Upload Pending

Number of objects to be uploaded to Deep Discovery Analyzer.

High Suspicious Objects

Number of objects classified as highly suspicious by Deep Discovery Analyzer.

Use Filters to filter this list by Detection, Host, Objects, Category and Risk Level.

To view more details about a collected object, click the value in the Objects, Upload Pending or High Suspicious Objects column to open the Object List screen. This screen contains the following details for review:

Table 2. Object List

Column

Description

Object Name

Name of the object collected.

Object Type

Type of the object collected.

Analysis Result

Severity level based on the analysis by Deep Discovery Analyzer

File Path

Local path which specifies the location of the object in the endpoint

Upload Location

Uniform Naming Convention (UNC) path which specifies the location of the server where the object was sent.

Detection Time

Date and time when the object was detected.

Signer Name

Name of the signer, if the object was signed

Use the following options to manage the list:
  • The list can be filtered by Upload Status and Analysis Result.

  • Click Upload Location path to copy the UNC location to the clipboard.

    Note:

    The UNC path is given using the Windows format. It may be necessary to modify the path to use the copied string in a different operating system.