Information provided in the Detection Information section may include the following:
-
Activity detected
-
Attack phase
-
Correlation Rule ID (ICID)
-
Detection name
-
Detection rule ID
-
Detection severity
-
Event class
-
Notable Object
-
Protocol
-
Reference
-
Targeted attack campaign
-
Targeted attack related
-
Threat
-
Threat description
-
Detection type
-
Timestamp
-
URL category
-
Virtual Analyzer risk level
Additional information may appear for specific correlated incidents.
Detection Types |
Description |
---|---|
Correlated Incident |
Events/detections that occur in a sequence or reach a threshold and define a pattern of activity |
Disruptive Application |
Any peer-to-peer, instant messaging, or streaming media applications considered to be disruptive because they may do the following:
|
Exploit |
Network and file-based attempts to access information |
Grayware |
Adware/grayware detections of all types and confidence levels |
Malicious Behavior |
Behavior that definitely indicates compromise with no further correlation needed, including the following:
|
Malicious Content |
File signature detections |
Malicious URL |
Websites that try to perform malicious activities |
Suspicious Behavior |
Behavior that could indicate compromise but requires further correlation to confirm, including the following:
|