Deep Discovery Director (DDD), from version 3.5, not only has the ability to consolidate and manage Suspicious Objects (SO), which are generated by Virtual Analyzer, but could also do aggregation of detections from managed products including Deep Discovery Inspector (DDI) or Deep Discovery Email Inspector (DDEI).
If enterprise has many DD products and all are managed by DDD, the Administrator could view the suspicious object list and related detections from DDD console together.
This article gives your more details about viewing suspicious objects related detections from the DDD web console.
To view suspicious object synchronized from Virtual Analyzer, on the DDD web console, got to Threat Intelligence > Product Intelligence > Synchronized Suspicious Objects.
As shown in the following image, suspicious object detections can be sorted by Object, Type, Risk Level, Sync Source, Expiration, and Detections.
As for the detection, there are two detection types with different icons. One is Network Detection and another one is Email Messages Detection. Administrators will be able to see the number of related detections for a specific suspicious object.
- Network Detection - the detection source is from Deep Discovery Inspector (DDI)
- Email Message Detection - the detection source is from Deep Discovery Email Inspector (DDEI)
By clicking on a number under the Network Detection or Email Messages column, the Administrator could drill-down to the Network Detection or Email Messages screen to see the related detection details.
In this example we clicked on the number 2 under the Network Detection column.
If an Administrator would like to focus on detection from certain DD products, for example, find related detections from the head office DDI or from DDEI only, the Administrator can hover over the Network Detection or Email Messages icon in the column title and select Display Settings to do some filtering for managed devices.