Threat Connect
Threat Connect allows the administrator to view related threat information from the global intelligence database.
Data is only sent when the administrator manually clicks the “View in Threat Connect” button in the “Detection Details” view.
| Data Collected |
|
|---|---|
| Console Location |
|
| Console Settings |
Domain Exceptions
The administrator can add domains that they consider safe to an exception list.
Data is only collected when the administrator manually adds domain names on the management console.
| Data Collected |
|
|---|---|
| Console Settings | Administration > Network Analytics > Domain Exceptions
|
Priority Watch List
The administrator can add servers that they consider high-priority for tracking and reporting.
Data is only collected when the administrator manually adds IP addresses on the management console.
| Data Collected |
|
|---|---|
| Console Settings | Administration > Network Analytics > Priority Watch List
|
Registered Services
The administrator can add servers for specific services that their organization uses.
Data is only collected when the administrator manually adds domains name on the management console.
| Data Collected |
|
|---|---|
| Console Settings | Administration > Network Analytics > Registered Services
|
Trusted Internal Network
The administrator can specify IP addresses or ranges to treat as part of their trusted internal network.
Data is only collected when the administrator manually adds IP addresses or ranges on the management console.
| Data Collected |
|
|---|---|
| Console Settings | Administration > Network Analytics > Trusted Internal Network
|
Analysis Report - Correlated Events
The administrator can view the correlation data of a correlated event.
Data is only sent when the administrator manually clicks the “Correlation Data” icon on the “Correlated Events” screen.
| Data Collected |
|
|---|---|
| Console Settings | Detections > Correlated Events
|
Analysis Report - Synchronized Suspicious Objects
The administrator can view the correlation data of a synchronized suspicious object.
Data is only sent when the administrator manually clicks the “Correlation Data” icon on the “Synchronized Suspicious Objects” screen.
| Data Collected |
|
|---|---|
| Console Settings | Threat Intelligence > Product Intelligence > Synchronized Suspicious Objects
|
RCA Report
Endpoint analysis reports can be collected from Endpoint Sensor to help with correlation.
Data is automatically collected periodically when the administrator enables retrieval of endpoint analysis reports from Apex Central on the management console.
| Data Collected |
|
|---|---|
| Console Settings | Administration > Integrated Products/Services > Apex Central
|
Threat Connect in Correlative Events
Threat Connect allows the administrator to view related threat information from the global intelligence database.
Data is only sent when the administrator manually clicks the “Threat Connect” button in the “Correlation Data” view.
| Data Collected |
|
|---|---|
| Console Settings | The user manually triggers Threat Connect connection in the “Correlation Data” view of a correlated event.
|
Domain Tools in Correlative Events
The Domain Tools website allows the administrator to view related information for the item.
Data is only sent when the administrator manually clicks the “Domain Tools” button in the “Correlation Data” view.
| Data Collected |
|
|---|---|
| Console Settings | The user manually triggers “Domain Tools” connection in the “Correlation Data” view of a correlated.
|
VirusTotal
The VirusTotal website allows the administrator to view related information for the item.
Data is sent when the administrator manually clicks the “VirusTotal” button in the “Correlation Data” view.
Additionally, DDD-NAaaS may perform VirusTotal queries during analysis (for URLs only), which is not configurable and cannot be disabled.
| Data Collected |
|
|---|---|
| Console Settings | The user manually triggers VirusTotal connection in the Correlation Data icon of correlated events of "Detections" menu.
|