This topic describes the Suspicious Domain report. The following figure shows the Suspicious Domains report that lists all the potential suspicious domains and the risk score for each.
The following figure shows the different panels in this view.
The Suspicious Domains report has the following panels:
- Domain Heading
- Domain Fields
- Domain Histograms
- Domain Lists
Domain Heading Panel
The Domain Heading panel allows you to view the risk score, domain name (example, hmc.edu), time the report is generated, along with the start and end date when the report is executed.
Note: If the risk score is greater than or equal to 50, the color coding is red else the color coding is green.
Domain Fields Panel
The Domain Fields panel displays the following fields from the Mongo DB database.
Note: The values for the fields are based on the selected suspicious domain. All the fields are populated with values at run time.
Domain Histograms Panel
The Domain Histograms panel displays the Vertical Histogram which depicts the suspicious sub domains or internal IPs in dark blue color.
Domain List Panel
The Domain List panel lists the number of server Autonomous System Number (ASN) and top content types.
View the Suspicious Domains Report
Perform the following steps to view the suspicious domains report:
In the Security Analytics menu, click Reports.
The Manage tab is displayed.
Click Warehouse Analytics.
The Warehouse Analytics view is displayed, as shown below.
In the Warehouse Analytics toolbar, click View All Jobs.
A list of jobs along with their schedule name and time are displayed on the View tab.
Note: If no list is displayed, select a date from the calendar to view a list of jobs.
Double-click on an execution based on the Suspicious Domain.
The Suspicious Domains report is displayed.
Perform the following task: Click the Navigate button to investigate a suspicious domain.