Attack Discovery Detection Information

Provides general information about threats detected by Attack Discovery

Table 1. Attack Discovery Detection Information

Data

Description

Generated

The date and time the managed product generated the data

Received

The date and time Apex Central received the data from the managed product

Endpoint

The name of the endpoint

Product

The name of the managed product or service

Managing Server Entity

The display name of the managed product server in Apex Central to which the endpoint reports

Product Version

The version of the managed product

Tactics

The MITRE ATT&CK™ tactic(s) detected

For more information, see https://attack.mitre.org/tactics/enterprise/.

Techniques

The MITRE ATT&CK™ technique(s) detected

For more information, see https://attack.mitre.org/techniques/enterprise/.

Endpoint IP

The IP address of the endpoint

Risk Level

The risk level assigned by Attack Discovery

Pattern Version

The Attack Discovery pattern number for the detection type

Rule ID

The serial number of the detection rule

Rule Name

The rules which specify behaviors to be detected by Attack Discovery

Related Objects

The number of detections

Click the count to view additional details.

For more information, see Detailed Attack Discovery Detection Information.

Generated (Local Time)

The time in the agent's local timezone when Attack Discovery detected the threat

The time is displayed with the UTC offset.

Instance ID

The detection ID assigned to the event

Entries having the same instance ID belong under the same event.