Views:

The network analytics report consists of three main sections: Summary, Correlation Graph, and Transaction and IoC Details.

Summary

The Summary includes the following information:
  • Severity
  • Number of detected internal hosts and indicators of compromise (IOCs)
  • Attack patterns
  • High-level overview of the malicious activity of the correlated event
To export the correlation data of this correlated event, click Export then select Printer-friendly or CSV.
Click the up carat (dddna_summary_collapse=GUID-30E62BCB-0E12-4C53-967D-71834FAF56FD=1=en-us=Low.png) to collapse and down carat (dddna_summary_expand=GUID-CA101720-956C-4123-A237-5A030D727B17=1=en-us=Low.png) to expand the Summary section.

Correlation Graph

The Correlation Graph provides a visual representation of correlations made between the selected suspicious object and other related objects.
Click dddna_graph_filter=GUID-1A803C70-BBB6-4F2B-BF16-6B5CFFFAC409=1=en-us=Low.png next to the Playback Bar to display or hide the advanced search filter.

Transaction and IOC Details

The Transaction and IOC Details section provides details about each transaction represented in the correlation graph and each detected Indicator of Compromise (IOC).
The report lists transactions from oldest to most recent. Listed transactions might have occurred in a single day or span several months, depending on the correlations found by Deep Discovery Director - Network Analytics. The report lists IOCs from oldest to most recent.
Use on the right carat (dddna_trans_iocs_collapse=GUID-90155883-8966-4D26-B6AC-D0918BEC3089=1=en-us=Low.png) to collapse and left carat to expand (dddna_trans_iocs_expand=GUID-ACD57F7E-4D64-4EAF-B624-D22B51459C24=1=en-us=Low.png) the Transaction and IOC Details section.