Mapping Between Event Types in the Request and Response

Views:

The following table lists the mapping relationships between event types in the request and response.

Event Type Mapping

Requested Event Type

Returned Event Type

Returned Event Subtype

Sample of Returned details Parameter

anti_spoof

Domain-based Authentication

Sender IP Match

SPF

DKIM

DMARC

DMARC - SPF

DMARC - DKIM

DMARC - Alignment

DMARC - Availability

threat

Malware

Predictive Machine Learning

{
    "threatNames": "Troj,SPY",
    "fileInfo": [{
            "fileName": "file1",
            "fileSha256": "abcd1234dae60bcae54516be6c9953b4bb9644e188606ceac00feebf95bbf10e",
            "threatName": "Troj,SPY"
        }
    ]
}

Pattern-based scanning

Ransomware

Violating URL

{
    "urlInfo": [{
            "url": "http://example.com",
            "extractType": "body"
        }
    ]
}

Virus

{
    "threatNames": "Troj",
    "fileInfo": [{
            "fileName": "file1",
            "fileSha256": "abcd1234dae60bcae54516be6c9953b4bb9644e188606ceac00feebf95bbf10e",
            "threatName": "Troj"
        }
    ]
}

Suspicious Objects

Suspicious Files

{
    "fileInfo": [{
            "fileName": "file1",
            "fileSha256": "abcd1234dae60bcae54516be6c9953b4bb9644e188606ceac00feebf95bbf10e"
        }
    ]
}

Suspicious URLs

{
    "urlInfo": [{
            "url": "http://example.com",
            "extractType": "body"
        }
    ]
}

Advanced Persistent Threat

Analyzed Advanced Threats (Files)

{
    "riskLevel": "3",
    "fileInfo": [{
            "fileName": "file1",
            "fileSha256": "abcd1234dae60bcae54516be6c9953b4bb9644e188606ceac00feebf95bbf10e",
            "riskLevel": "3"
        }
    ]
}

Analyzed Advanced Threats (URLs)

{
    "riskLevel": "3",
    "urlInfo": [{
            "url": "http://example1.com",
            "extractType": "attachment",
            "attachmentName": "file1.zip",
            "attachmentSha256": "30ce5b4bd4e74f258fea84746b18fdc4790828fc256419b51bf8bcc7e4d38ecc",
            "riskLevel": "3"
        }
    ]
}

Probable Advanced Threats

Note

The details parameter is returned only when the threat is detected by Social Engineering Attack Protection.

{
    "spamReport": {
        "enginePatternVersion": "9.0.0.1006;27324006",
        "spamResultHeader": "11-12.747600-7.000000",
        "spamRidHeader": "wjdoQEOKyrY5rof3b4z0VOZgbl4O3Ko30zWxVR+05p1F5bM86HNXD6PFjJEFr+olq+Ty"}
}

Scan Exception

Virtual Analyzer scan exception

Virtual Analyzer submission quota exception

Password protected attachment

Other exceptions

Web Reputation

{
    "urlInfo": [{
            "url": "http://example1.com",
            "extractType": "attachment",
            "attachmentName": "file1.zip",
            "attachmentSha256": "abcd1234dae60bcae54516be6c9953b4bb9644e188606ceac00feebf95bbf10e"
        }, {
            "url": "http://example2.com",
            "extractType": "attachment",
            "attachmentName": "file2.zip",
            "attachmentSha256": "ace8f873c55a3c0ee1d54a2dd1864a47bee3aab36cbeccd0a417e87054758756"
        }
    ]
}

spam

Spam

{
    "spamReport": {
        "enginePatternVersion": "9.0.0.1006;27324006",
        "spamResultHeader": "11-12.747600-7.000000",
        "spamRidHeader": "wjdoQEOKyrY5rof3b4z0VOZgbl4O3Ko30zWxVR+05p1F5bM86HNXD6PFjJEFr+olq+Ty"}
}

Graymail

Marketing message and newsletter

Social network notification

Forum notification

Bulk email message

phishing

Phishing

{
    "spamReport": {
        "enginePatternVersion": "9.0.0.1006;27324006",
        "spamResultHeader": "11-12.747600-7.000000",
        "spamRidHeader": "wjdoQEOKyrY5rof3b4z0VOZgbl4O3Ko30zWxVR+05p1F5bM86HNXD6PFjJEFr+olq+Ty"}
}

Business Email Compromise (BEC)

Detected by Antispam Engine

Detected by writing style analysis

Suspected by Antispam Engine

content_filter

Content

Attachment

dlp

Data Loss Prevention