Provides specific information about suspicious threats
on your network, such as the managed product that detected the suspicious threat,
specific information about the source and destination, and the total number of
suspicious threats on the network
Detailed Suspicious Threat Information Data View
|
Data
|
Description
|
|
Received
|
The date and time Apex Central received
the data from the managed product
|
|
Generated
|
The date and time the managed product generated the
data
|
|
Product Entity
|
The display name of the managed product
server in Apex Central
|
|
Product
|
The name of the managed product or service
Example: Apex One, ScanMail for Microsoft Exchange
|
|
Mitigation Host
|
The host name of the mitigation server (for example,
Network VirusWall Enforcer or Threat
Mitigator)
|
|
Traffic/Connection
|
The direction of the transmission
|
|
Protocol Group
|
The broad protocol group from which the managed product
detected the threat
Example: FTP, HTTP, P2P
|
|
Protocol
|
The protocol from which the managed product detected the
suspicious threat
Example: ARP, BitTorrent
|
|
Destination IP Address
|
The IP address that the threat accessed
|
|
Destination Host
|
The display name of the endpoint that the threat
accessed
|
|
Destination Port
|
The IP port number that the threat accessed
|
|
Destination MAC Address
|
The MAC address that the threat accessed
|
|
Destination OS
|
The operating system on the endpoint that the threat
accessed
|
|
Destination User <x>
|
The name used to log on to the target host
<x> is the user name
|
|
Logon (Destination User <x>)
|
The logon timestamp
<x> represents the number of logon times and the
specific timestamp
|
|
Source IP Address
|
The source IP address of the detected threat
|
|
Source Host Name
|
The name of the endpoint from which the security
threat originated
|
|
Source Port
|
The source IP address port number of the detected
threat
|
|
Source MAC Address
|
The source MAC address of the detected threat
|
|
Source OS
|
The operating system on the endpoint from which the
security threat originated
|
|
Source User <x>
|
The name used to log on to the target source host
<x> is the user names
|
|
Logon (Source User <x>)
|
The logon timestamp on the source
<x> represents the number of logon times and the
specific timestamp
|
|
Source Domain
|
The domain of the endpoint from which the threat
originated
|
|
Security Threat Type
|
The type of security threat
Example: virus, spyware/grayware, fraud
|
|
Policy/Rule
|
The policy or rule that triggered the
detection
|
|
Recipient
|
The recipient(s) of the transmission that triggered
the detection
|
|
Sender
|
The sender of the transmission that triggered the
detection
|
|
Subject
|
The subject of the email message that triggered the
detection
|
|
Attachment File Name
|
The file name and extension of the
attachment
|
|
Attachment File Type
|
The file type of the attachment
|
|
Attachment SHA-1
|
The SHA-1 hash value of the
attachment
|
|
URL
|
The URL considered a suspicious
threat
|
|
User
|
The user name logged on to the destination when the
managed product detected the threat
|
|
IM/IRC User
|
The instant messaging or IRC user name logged on when Deep
Discovery Inspector detects a violation.
|
|
Browser/FTP Client
|
The web browser or FTP endpoint where the suspicious
threat originates.
|
|
File
|
The name of the file object or the program that
executed the process
|
|
File in Compressed File
|
The name of the affected file object in the
compressed archive
|
|
Archive SHA-1
|
The SHA-1 hash value of the archived file
object
|
|
Archive File Type
|
The type of archived file object
|
|
Shared Folder
|
Displays whether the suspicious threat originates from a
shared folder
|
|
SHA-1
|
The SHA-1 hash value of the file
object
|
|
Mitigation Action
|
The action taken by the mitigation server
Example: File cleaned, File dropped, File deleted
|
|
Mitigation Result
|
The result of the action taken by the mitigation
server
|
|
Source IP Group
|
The IP address group of the source where the suspicious
threat originates
|
|
Source Network Zone
|
The network zone of the source where the suspicious
threat originates
|
|
Endpoint Group
|
The IP address group of the endpoint the suspicious
threat affects
|
|
Endpoint Network Zone
|
The network zone of the endpoint the suspicious threat
affects
|
|
Detections
|
The total number of detections
Example: A managed product detects 10 violation instances of the same type on one
computer.
Detections = 10
|
|
C&C List Source
|
The C&C list source that identified the C&C
server
|
|
C&C Risk Level
|
The risk level of the C&C
callback
|
|
Remarks
|
Additional information about the
event
|
|
C&C Server
|
The name, URL, or IP address of the C&C
server
|
|
C&C Server Type
|
The type of C&C server
|
|
Malware Type
|
The type of malware
|