Views:
Information provided in the Detection Information section may include the following:
  • Activity detected
  • Attack phase
  • Correlation Rule ID (ICID)
  • Detection name
  • Detection rule ID
    Tip
    Tip
    Click the detection rule number to view more details about the rule in the Threat Encyclopedia.
  • Detection severity
  • Detection type
  • Event class
  • MITRE ATT&CK™ Framework
    • Tactics
    • Techniques
    Tip
    Tip
    Click the tactic or technique to view more details on the MITRE website.
    © ATT&CK™ is a trademark of the MITRE Corporation.
  • Notable Object
  • Protocol
  • Reference
  • Targeted attack campaign
  • Targeted attack related
  • Threat
  • Threat description
  • Timestamp
  • URL category
  • Virtual Analyzer risk level
Note
Note
Additional information may appear for specific correlated incidents.

Detection Types

Detection Types
Description
Correlated Incident
Events/detections that occur in a sequence or reach a threshold and define a pattern of activity
Disruptive Application
Any peer-to-peer, instant messaging, or streaming media applications considered to be disruptive because they may do the following:
  • Affect network performance
  • Create security risks
  • Distract employees
Exploit
Network and file-based attempts to access information
Grayware
Adware/grayware detections of all types and confidence levels
Malicious Behavior
Behavior that definitely indicates compromise with no further correlation needed, including the following:
  • Positively-identified malware communications
  • Known malicious destination contacted
  • Malicious behavioral patterns and strings
Malicious Content
File signature detections
Malicious URL
Websites that try to perform malicious activities
Suspicious Behavior
Behavior that could indicate compromise but requires further correlation to confirm, including the following:
  • Anomalous behavior
  • False or misleading data
  • Suspicious and malicious behavioral patterns and strings