The Dossier Impacted Devices report provides a comprehensive, one-page report detailing impacted devices information obtained when conducting a threat indicator search on a threat indicator. Data displayed in the report is taken directly from reporting logs and is limited to 100 devices and includes up to 30 days of history. The Impacted Devices report includes the following information:
Impacted Devices
- LAST ACCESSED: The date on which an impacted device last accessed a threat.
- DEVICE IP ADDRESS: The IP address of the impacted device reported to have accessed a threat.
- DEVICE NAME: The name of the impacted device.
- SOURCE: The source for the information on the impacted device.
- QUERY COUNT: The number of times the impacted device has queried a threat.
The Dossier Impacted Devices report also contains the following features:
Search Field
The search field is located at the top of the page and is used to search for threat indicators. You can run a search based on domain name, IP address, hostname, URL, email, or hash value.
Resources
Click Resources located on the top right-hand side of the Summary page to display a drop-down list containing additional Dossier and TIDE resources.
Resources include the following:
Dossier & TIDE Quick Start Guide
Dossier User Guide
Dossier API Calls Reference
Dossier Source Descriptions
Threat Classification Guide
The names of your custom lists are displayed in this section of the Summary report.
Add to Custom List
Dossier allows you to perform custom list management. Domains and IP addresses can be added directly to your custom lists through any of Dossier’s reports pages, including the Impacted Devices report page.
Adding a Domain or IP Address to a Custom List in Dossier
To add a domain or IP address to a custom list in Dossier, complete the following:
- From the Cloud Services Portal, click Research -> Dossier.
- Run a Dossier search on the domain name or IP address.
- On the Dossier Impacted Devices report page, click Add to Custom List located at the top, right-hand side of the Action bar.
- On the Add to Custom List page, select what custom list or lists from among the list of available custom lists to add the domain or IP address by clicking the blue arrow
associated with the custom list. If you cannot locate the custom list you want to add the domain or IP address to, you can use the search feature to search for the custom list. Alternatively, you can click
to add the domain or IP address to all custom lists. If you inadvertently add the domain or IP address, in the Selected column of custom lists, you can click the blue arrow associated with the custom list to remove the domain or IP address from it. - Once you have added the domain or IP address to your custom list or lists, you can save your configuration by clicking Add.
- You should now see the name of the custom list or lists where the domain or IP address has been added populating the Custom Lists section of the Impacted Devices report page.
Export
Click Export to export the Dossier Report file. You can choose to include any or all of the report sections by placing a check in the box associated with a specific section of the report. You can choose from among the following sections:
- Summary
- Impacted Devices
- Current DNS
- Related Domains
- Related URLS
- Related IPs
- Related File Samples
- Related Contacts
- Reports
- Timeline
- Threat Actor
- MITRE ATT&CK
- WHOIS Record
- Raw Whois
When you have finished selecting what sections of the report to export, click Export in the bottom right-hand corner of the dialogue box. Your report will be exported in PDF format.
Close
Click Close to close the Summary Report page. Closing the Summary Report page returns you to default Dossier search page.
Click here to return to the main Dossier Threat Indicator Report page.