Nodes, expansions, and edges

Nodes can be expanded to add to the graph additional related nodes. To expand a node, right click on it: an expansion menu will appear with all the available expansions for that node type. To run an expansion, click on the corresponding item in the expansion menu.

Network analysis ring

The following expansion types are available, depending on the type of the node being expanded. All expansions respect the configured network and time ranges (and timezone).

Node type

Expansion name and description

Analysis report

  • Detections icon Detections Adds nodes representing hosts that downloaded the expanded node's sample.

  • Email icon Email messages Adds nodes representing email messages that contained the expanded node's sample.

Malicious reputation entry

  • Detections icon Detections Adds nodes representing threats that were detected in relation to the expanded node's entry.

  • DNS icon DNS lookups Adds nodes representing hosts whose IP address was seen in responses to DNS queries.

  • Email icon Email messages Adds nodes representing email messages that contained URLs hosted on the expanded node's entry.

Downloaded file

  • Detections icon Detections Adds nodes representing analysis reports for the expanded node's file.

  • Email icon Email messages Adds nodes representing email messages that contained in attachment the expanded node's file.

  • File icon File downloads Adds nodes representing hosts that downloded the expanded node's file.

Email address

  • Email recipient icon Recipient Adds nodes representing email messages that were received from the expanded node's email address.

  • Email sender icon Sender Adds nodes representing email messages that were sent from the expanded node's email address.

Email message

  • Detections icon Detections Adds nodes representing detections for the expanded node's message.

  • DNS icon DNS lookups Adds nodes representing the hostname of the URLs contained in the expanded node's message.

  • File icon File downloads Adds nodes representing files attached to the expanded node's message.

  • Email recipient icon Recipient Adds nodes representing email addresses that received the expanded node's message.

  • Email sender icon Sender Adds nodes representing email addresses that sent the expanded node's message.

  • Web request icon Web requests Adds nodes representing URLs contained in the expanded node's message.

Host

  • Detections icon Detections Adds nodes representing detected threats that affected the expanded node's host.

  • DNS icon DNS lookups Adds nodes representing the list of DNS look-ups performed by the expanded node's host.

  • File icon File downloads Adds nodes representing files downloaded by the expanded node's host.

  • Inbound traffic icon Inbound flows Adds nodes representing hosts that sent traffic to the expanded node's host.

  • Outbound traffic icon Outbound flows Adds nodes representing hosts that received traffic from the expanded node's host.

  • Web request icon Web requests Adds nodes representing web requests that were issued by the expanded node's host.

Hostname

  • Detections icon Detections Adds nodes representing threats that were detected in relation to the expanded node's entry.

  • DNS icon DNS lookups Adds nodes representing hosts whose IP address was seen in responses to DNS queries for the expanded node's entry.

  • Email icon Email messages Adds nodes representing email messages that contained URLs hosted on the expanded node's entry.

HTTP request

  • Email icon Email messages Adds nodes representing email messages that contained the expanded node's URL.

  • Web request icon Web requests Adds nodes representing hosts that accessed the expanded node's URL.

Info

  • Detections icon Detections Adds nodes representing hosts that were affected by the expanded node's threat.

Threat

  • Detections icon Detections Adds nodes representing hosts that were affected by the expanded node's threat.