Provides general information about threats detected by
Attack Discovery
Attack Discovery Detection Information
|
Data
|
Description
|
|
Generated
|
The date and time the managed product generated the
data
|
|
Received
|
The date and time Apex Central received
the data from the managed product
|
|
Endpoint
|
The name of the endpoint
|
|
Product
|
The name of the managed product or service
|
|
Managing Server Entity
|
The display name of the managed product
server in Apex Central
to which the endpoint reports
|
|
Product Version
|
The version of the managed product
|
|
Tactics
|
The MITRE
ATT&CK™ tactic(s) detected
For more information, see https://attack.mitre.org/tactics/enterprise/.
|
|
Techniques
|
The MITRE
ATT&CK™ technique(s) detected
For more information, see https://attack.mitre.org/techniques/enterprise/.
|
|
Endpoint IP
|
The IP address of the endpoint
|
|
Risk Level
|
The risk level assigned by Attack Discovery
|
|
Pattern Version
|
The Attack Discovery pattern number for the detection type
|
|
Rule ID
|
The serial number of the detection rule
|
|
Rule Name
|
The rules which specify behaviors to be detected by Attack
Discovery
|
|
Related Objects
|
The number of detections
Click the count to view additional details.
For more information, see Detailed Attack Discovery Detection
Information.
|
|
Generated (Local Time)
|
The time in the agent's local timezone when
Attack Discovery detected the threat
The time is displayed with the UTC offset.
|
|
Instance ID
|
The detection ID assigned to the event
Entries having the same instance ID belong under the same
event.
|