Views:

The Transaction and IOC Details section provides information about transactions and indicators of compromise (IOCs) from the Correlation Graph.

The oldest transactions appear first. Trend Vision One lists the IOCs by highest risk level first and then by first seen time.

Procedure

  • Scroll through the Transactions and IOCs to identify information useful for analysis.
  • Click a correlation line in the Correlation Graph to display a summary as well as filter and limit the transactions and IOCs to ones that are directly related to the selected correlation line.
    • Click empty space in the Correlation Graph to remove the filter.
  • Click an internal host, external server, or email sender in the Correlation Graph section to display details about the selected internal host, external server, or email sender in the Transaction and IOC Details section.
    • Click empty space in the Correlation Graph to revert the Transaction and IOC Details back to the default.
  • Perform one of the following actions on items in the Transaction and IOC Details section:
    Item
    Action
    IP addresses, domains, uniform resource locators (URLs), and hash values
    Hover over dddna_summary_ip_domain_button=GUID-45B7939C-DDB8-447B-8DEF-9F6055E5B75A=1=en-us=Low.png and select one of the following:
    Note
    Note
    Depending on the location of the item on the screen, not all actions may be available.
    • Focus: Focus on the item in the Correlation Graph.
    • Copy to clipboard: Copy the value to your clipboard.
    • Threat Connect: Open Trend Micro Threat Connect in a new browser tab with a query for this object.
    • DomainTools (WHOIS): Open DomainTools in a new browser tab with a query for this IP address or domain.
    • VirusTotal: Open VirusTotal in a new browser tab with a query for this object.