Provides specific information about the spyware/grayware instances found in network traffic, such as the managed product that detected the spyware/grayware, the protocol the spyware/grayware used to enter your network, and specific information about the source and destination of the spyware/grayware
Data |
Description |
---|---|
Received |
The date and time Apex Central received the data from the managed product |
Generated |
The date and time the managed product generated the data |
Product Entity/Endpoint |
Depending on the related source:
|
Product |
The name of the managed product or service Example: Apex One, ScanMail for Microsoft Exchange |
Spyware/Grayware |
The name of the security threat |
Traffic/Connection |
The direction of the transmission |
Protocol |
The protocol that the threat used to enter the network Example: HTTP, SMTP, FTP |
Endpoint IP |
The IP address that the threat accessed |
Endpoint |
The IP address or name of the endpoint that the threat accessed |
Endpoint Port |
The IP port number that the threat accessed |
Endpoint MAC |
The MAC address that the threat accessed |
Source IP |
The source IP address of the detected threat |
Source Host |
The IP address or name of the endpoint from which the security threat originated |
Source Port |
The source IP address port number of the detected threat |
Source MAC |
The source MAC address of the detected threat |
User |
The logged on user name at the time of the event |
File |
The name of the file object that the threat accessed |
Result |
The result of the action taken by the managed product Example: successful, further action required |
Action |
The action taken by the managed product Example: File cleaned, File quarantined, File deleted |
Detections |
The total number of detections Example: Apex One detects 10 spyware/grayware instances of the same spyware/grayware on one computer. Detections = 10 |
Cloud Service Vendor |
The name of the cloud service vendor |