Event_Details
Threat Discovery Appliance logs the details of each Internet threat it identifies. The Event Details screen on the product console may contain any of the following information, depending on the protocol, file and other factors:
|
Security risk details |
|
Name |
Description |
|
Date |
Date and time the incident occurred |
|
VLAN ID |
Virtual local area network ID |
|
Detection name |
Name of the known threat |
|
Detection by |
Scan engine that detected the threat |
|
Traffic direction |
File/detection direction |
|
Type |
Type of Internet threat |
|
Detection Type |
Type of detection, such as Potential threat, Known threat, or Outbreak Containment Service |
|
Severity |
Degree of potential risk of the threat |
|
Protocol |
Protocol used by the threat |
|
Intelligent rule ID |
Network Content Correlation Engine rule number triggered by the file |
|
Suspicious behavior |
Network Content Correlation Engine rule reason triggered by the session data or network traffic |
|
Mitigation |
Status of mitigation (Mitigated or Un-Mitigated) |
|
Outbreak Containment Services |
Status of block action (Blocked or Un-Blocked) |
|
Host name |
Host or product name |
|
Source IP address |
IP address and host name of the source of the threat |
|
Source port |
Port number of the source of the threat |
|
Source MAC address |
MAC address and vendor name of the source of the threat |
|
Source group |
Group name of the source of the threat |
|
Source network zone |
Network zone of the source of the threat |
|
Source Active Directory Domain\Account |
Active Directory domain name and account used to log on to the source of the threat and the corresponding timestamp |
|
Destination IP address |
IP address and host name of the threat destination |
|
Destination port |
Port number of the threat destination |
|
Destination MAC address |
MAC address of the threat destination |
|
Destination group |
Group name of the threat destination |
|
Destination network zone |
Network zone of the threat destination |
|
Destination Active Directory Domain\Account |
Active Directory domain name and account used to log on to the destination of the threat |
|
Event details for traffic through various protocols |
|
Name |
Description |
|
User name |
Name of the logged on user |
|
Sender |
Email address that sent the suspicious file |
|
Recipient |
Email address of the suspicious file recipient |
|
Subject |
Subject of the suspicious email |
|
User agent |
Client application used with a particular network protocol |
|
Target share |
Shared folder where the malicious file is dropped |
|
Channel name |
Name of the IRC channel |
|
File details |
|
Name |
Description |
|
File name |
Name of the file tagged as a potential/known risk |
|
File size |
Size of the file tagged as a potential/known risk |
|
File extension |
Extension of the file tagged as potential/known risk |
|
File name in archive |
Name of the file in the archive tagged as potential/known risk |
|
Additional event details |
|
Name |
Description |
|
Authentication |
Whether the protocol requires authentication |
|
URL |
Link included in the email or the instant message content |
|
BOT command |
Command used in IRC for BOTs |
|
BOT URL |
URL used in IRC for BOTs |
|
Constraint Type |
Reasons Threat Discovery Appliance stops scanning files in the network |
See also: