This data view provides detailed information about threats detected by the Attack Discovery.
|
Data |
Description |
|---|---|
|
Object |
Displays the name of the object targeted by the detected threat |
|
Object Type |
Displays the type of object targeted by the detected threat |
|
First Logged |
Displays the time when the threat detection was first logged by Attack Discovery |
|
File Path |
Displays the file path of the object targeted by the detected threat |
|
Signer |
Displays the certificate signer |
|
File MD5 |
Displays the MD5 hash value of the object file |
|
File SHA-1 |
Displays the SHA-1 hash value of the object file |
|
File SHA-256 |
Displays the SHA-256 hash value of the object file |
|
Process Command |
Displays the process command that triggered the threat detection |
|
User Name |
Displays the account name associated with the object |
|
User Domain |
Displays the domain name of the detected user account |
|
Impersonated User Name |
Displays the user name that the threat impersonated |
|
Destination IP |
Displays the IP address that the threat accessed |
|
Destination Port |
Displays the IP port number that the threat accessed |
|
Destination Domain |
Displays the domain name that the threat accessed |
|
Registry Data |
Displays the registry data that the threat accessed |
|
Registry Key |
Displays the registry key that the threat accessed |
|
Registry Value |
Displays the registry value that the threat accessed |
|
Windows Event Source Name |
Displays the Windows event source that the threat accessed |