Views:

The Transaction and IOC Details section provides information about transactions and IOCs from the Correlation Graph section.

The oldest transactions are listed first. IOCs are listed by highest risk level first and then by first seen time.

Procedure

  • Scroll through the Transactions and IOCs lists to identify information useful for analysis.
  • Click on a correlation line in the Correlation Graph section to display a summary and to filter and limit the transactions and IOCs that are displayed in the Transaction and IOC Details section to ones that are directly related to the selected correlation line.
    Tip
    Tip
    Click on an empty space in the Correlation Graph section to remove the filter.
  • Click on an internal host, external server, or email sender in the Correlation Graph section to display details about the selected internal host, external server, or email sender in the Transaction and IOC Details section.
    Tip
    Tip
    Click on an empty space in the Correlation Graph section to revert the Transaction and IOC Details section back to normal.
  • Perform one of the following actions on Transaction and IOC Details section items:
    Item
    Action
    IP addresses, domains, URLs, and hash values
    Hover over the triangle icon (dddna_summary_ip_domain_button=GUID-45B7939C-DDB8-447B-8DEF-9F6055E5B75A=1=en-us=Low.png) and select one of the following:
    Note
    Note
    Depending on the location of the item on the screen, not all actions may be available.
    • Focus: Focus on the item in the Correlation Graph.
    • Copy to clipboard: Copy the value to your clipboard.
    • Threat Connect: Open Trend Micro Threat Connect in a new browser tab with a query for this object.
    • DomainTools (WHOIS): Open DomainTools in a new browser tab with a query for this IP address or domain.
    • VirusTotal: Open VirusTotal in a new browser tab with a query for this object.