Provides specific information about suspicious threats on your network, such as the managed product that detected the suspicious threat, specific information about the source and destination, and the total number of suspicious threats on the network
|
Data |
Description |
|---|---|
|
Received |
The date and time Apex Central received the data from the managed product |
|
Generated |
The date and time the managed product generated the data |
Product Entity |
The display name of the managed product server in Apex Central |
Product |
The name of the managed product or service Example: Apex One, ScanMail for Microsoft Exchange |
|
Mitigation Host |
The host name of the mitigation server (for example, Network VirusWall Enforcer or Threat Mitigator) |
Traffic/Connection |
The direction of the transmission |
|
Protocol Group |
The broad protocol group from which the managed product detected the threat Example: FTP, HTTP, P2P |
|
Protocol |
The protocol from which the managed product detected the suspicious threat Example: ARP, BitTorrent |
Destination IP Address |
The IP address that the threat accessed |
|
Destination Host |
The display name of the endpoint that the threat accessed |
Destination Port |
The IP port number that the threat accessed |
Destination MAC Address |
The MAC address that the threat accessed |
|
Destination OS |
The operating system on the endpoint that the threat accessed |
|
Destination User <x> |
The name used to log on to the target host <x> is the user name |
|
Logon (Destination User <x>) |
The logon timestamp <x> represents the number of logon times and the specific timestamp |
Source IP Address |
The source IP address of the detected threat |
Source Host Name |
The name of the endpoint from which the security threat originated |
Source Port |
The source IP address port number of the detected threat |
Source MAC Address |
The source MAC address of the detected threat |
|
Source OS |
The operating system on the endpoint from which the security threat originated |
|
Source User <x> |
The name used to log on to the target source host <x> is the user names |
|
Logon (Source User <x>) |
The logon timestamp on the source <x> represents the number of logon times and the specific timestamp |
Source Domain |
The domain of the endpoint from which the threat originated |
Security Threat Type |
The type of security threat Example: virus, spyware/grayware, fraud |
Policy/Rule |
The policy or rule that triggered the detection |
Recipient |
The recipient(s) of the transmission that triggered the detection |
Sender |
The sender of the transmission that triggered the detection |
Subject |
The subject of the email message that triggered the detection |
|
Attachment File Name |
The file name and extension of the attachment |
|
Attachment File Type |
The file type of the attachment |
|
Attachment SHA-1 |
The SHA-1 hash value of the attachment |
|
URL |
The URL considered a suspicious threat |
|
User |
The user name logged on to the destination when the managed product detected the threat |
|
IM/IRC User |
The instant messaging or IRC user name logged on when Deep Discovery Inspector detects a violation. |
|
Browser/FTP Client |
The web browser or FTP endpoint where the suspicious threat originates. |
File |
The name of the file object or the program that executed the process |
File in Compressed File |
The name of the affected file object in the compressed archive |
|
Archive SHA-1 |
The SHA-1 hash value of the archived file object |
|
Archive File Type |
The type of archived file object |
|
Shared Folder |
Displays whether the suspicious threat originates from a shared folder |
|
SHA-1 |
The SHA-1 hash value of the file object |
|
Mitigation Action |
The action taken by the mitigation server Example: File cleaned, File dropped, File deleted |
Mitigation Result |
The result of the action taken by the mitigation server |
|
Source IP Group |
The IP address group of the source where the suspicious threat originates |
|
Source Network Zone |
The network zone of the source where the suspicious threat originates |
|
Endpoint Group |
The IP address group of the endpoint the suspicious threat affects |
|
Endpoint Network Zone |
The network zone of the endpoint the suspicious threat affects |
|
Detections |
The total number of detections Example: A managed product detects 10 violation instances of the same type on one computer. Detections = 10 |
|
C&C List Source |
The C&C list source that identified the C&C server
|
|
C&C Risk Level |
The risk level of the C&C callback |
|
Remarks |
Additional information about the event |
|
C&C Server |
The name, URL, or IP address of the C&C server |
|
C&C Server Type |
The type of C&C server |
|
Malware Type |
The type of malware |