Views:
The following table describes the suspicious objects that Deep Discovery Analyzer synchronizes from Deep Discovery Director or Trend Vision One.
Field
Description
Object
The IP address, domain, URL, or SHA-1 hash value of the file
Type
IP address, Domain, URL, or File SHA-1
Source
The source (Deep Discovery Director or Trend Vision One) that added the suspicious object
Risk level
If the suspicious object is:
  • IP address or domain: The risk level that typically shows is either High or Medium (see risk level descriptions below). This means that high- and medium-risk IP addresses/domains are treated as suspicious objects.
  • URL: The risk level that shows is High or Medium
  • File SHA-1: The risk level that shows is always High
Risk level descriptions:
  • High: Known malicious or involved in high-risk connections
  • Medium: IP address/domain/URL is unknown to reputation service
Expiration
Date and time Virtual Analyzer will remove the object from the Suspicious Objects tab
Last synchronized
Date and time the object was last synchronized from Deep Discovery Director or Trend Vision One
The following table describes the tasks you can perform on the Synchronized Suspicious Objects tab.
Task
Steps
Export All
Click Export All to save all the objects to a CSV file.
Data Filters
If there are too many entries in the table, limit the entries by performing these tasks:
  • Select an object type from the Type drop-down list.
  • Type a keyword in the Search keyword text box.
Records and Pagination Controls
The panel at the bottom of the screen shows the total number of objects. If all objects cannot be displayed at the same time, use the pagination controls to view the objects that are hidden from view.
Keywords: suspicious objects