Provides general information about threats detected by Attack Discovery
|
Data |
Description |
|---|---|
|
Generated |
The date and time the managed product generated the data |
|
Received |
The date and time Apex Central received the data from the managed product |
|
Endpoint |
The name of the endpoint |
|
Product |
The name of the managed product or service |
|
Managing Server Entity |
The display name of the managed product server in Apex Central to which the endpoint reports |
|
Product Version |
The version of the managed product |
|
Tactics |
The MITRE ATT&CK™ tactic(s) detected For more information, see https://attack.mitre.org/tactics/enterprise/. |
|
Techniques |
The MITRE ATT&CK™ technique(s) detected For more information, see https://attack.mitre.org/techniques/enterprise/. |
|
Endpoint IP |
The IP address of the endpoint |
|
Risk Level |
The risk level assigned by Attack Discovery |
|
Pattern Version |
The Attack Discovery pattern number for the detection type |
|
Rule ID |
The serial number of the detection rule |
|
Rule Name |
The rules which specify behaviors to be detected by Attack Discovery |
|
Related Objects |
The number of detections Click the count to view additional details. For more information, see Detailed Attack Discovery Detection Information. |
|
Generated (Local Time) |
The time in the agent's local timezone when Attack Discovery detected the threat The time is displayed with the UTC offset. |
|
Instance ID |
The detection ID assigned to the event Entries having the same instance ID belong under the same event. |