Views:

You can view a comprehensive report for each Predictive Machine Learning log detection by clicking the View link under the Details column.

The Log Details screen consists of two sections:

  • Top banner: Specific details related to this particular log detection

  • Bottom tab controls: Details related to the Predictive Machine Learning threat, including threat probability scores, file information, and other endpoints across your network that have the same detection

The following table discusses the information provided in the top banner.

Table 1. Log Details - Top Banner

Section

Description

Detection time / Action

Indicates when this specific log detection occurred and the action that the agent took on the threat

File name

Indicates the name of the file that triggered the detection on the specified endpoint

Tip:

Click Add to Exception List to quickly add the file hash value of the affected file to the global Predictive Machine Learning Exception list. View the entire exception list on the Predictive Machine Learning Settings screen.

For more information, see Configuring Predictive Machine Learning Settings.

Important:

The detected file name for this detection may not be the same as the file name detected on other agents. Predictive Machine Learning associates detections according to file hash values, not specific file names. View the Affected Endpoints tab to verify the file name on other endpoints.

Endpoint information

Displays the logged on user at the time of the detection, the endpoint name, and the IP address of the endpoint

Channel information

Displays the channel from which the threat originated and the folder location on the endpoint the threat transferred to

The following table discusses the information provided on the bottom tabs.

Table 2. Log Details - Tab Information

Tab

Description

Threat Indicators

Provides the results of the Predictive Machine Learning analysis

  • Threat Probability: Indicates how closely the file/process matched the malware model

  • Probable Threat Type: Indicates the most likely type of threat contained in the file after Predictive Machine Learning compared the analysis to other known threats

  • Threat Identifiers: Provides a list a API functions used by the file/process that may be indicative of the detected threat type

    Important:

    API function identification is only one factor in the determination of the threat type. Predictive Machine Learning uses many other file features and analysis methods to calculate the threat probability and probable threat type.

  • Similar Known Threats: Provides a list of known threat types that exhibit similar file/process features to the detection

File Details

Provides general details related the file properties and certificate information for this specific detection log

Affected Endpoints

Displays a list of other agents on your network with the same Predictive Machine Learning detection and provides specific details about the detections on the other agents
Parent topic: Viewing Predictive Machine Learning Logs