View domain details

When viewing a domain that is associated with threat events or with network traffic, you have the option to view domain details. Choosing to view more domain details directs you to either the Indicator Search page where information about the domain is provided or to a window where you can view Indicators of Compromise (IOC) details. The IOC Details window provides the same domain information that is available on the Indicator Search page.

How to

  1. In the navigation menu, do one of the following:
    • To view domain details based on threat events, select Monitoring > Events. Click the Threat Events tab.
      Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Threat Analytics > Events > Threat Events.
    • To view domain details based on network traffic, select Monitoring > Activity. Click the Network Traffic tab.
      Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Threat Analytics > Activity > Network Traffic.
  2. Filter events as needed. For more information see Filter data based on date and time and Filter event data.
  3. Click the Domain dimension.
  4. Do one of the following to view domain details for a domain that is available in the Top 6 domains:
    • For Threat Events, hover over a domain and click Domain Details. The Indicator Search page appears with domain information.
    • Hover over a domain and click the menu icon. From the menu, select More Details. The Indicator Search page appears with domain information.
  5. To view domain details from the list of domains in the list of grouped events or network traffic connections, do one of the following:
    • Click the information icon that is associated with a domain. The IOC Details appears in a separate window on the page.
    • Click the domain and in the menu that appears, select More Details. The Indicator Search page appears with domain information.