Detailed Suspicious Threat Information
Provides specific information about suspicious threats on your network. Example: the managed product that detects the suspicious threat, specific information about the source and destination, the total number of suspicious threats on the network
Data |
Description |
|---|---|
Received |
Displays the time that Control Manager receives data from the managed product. |
Generated |
Displays the time that the managed product generates data. |
Product Entity |
Displays the entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name. |
Product |
Displays the name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange |
Mitigation Host |
Displays the host name of the mitigation server (Network VirusWall Enforcer or Threat Mitigator) |
Traffic/Connection |
Displays the direction of network traffic or the position on the network the suspicious threat originates. |
Protocol Group |
Displays the broad protocol group from which a managed product detects the suspicious threat. Example: FTP, HTTP, P2P |
Protocol |
Displays the protocol from which a managed product detects the suspicious threat. Example: ARP, Bearshare, BitTorrent |
Destination IP Address |
Displays the IP address of the endpoint the suspicious threat affects. |
|
Destination Host |
Displays the host name of the endpoint the suspicious threat affects. |
Destination Port |
Displays the port number of the endpoint the suspicious threat affects. |
Destination MAC Address |
Displays the MAC address of the endpoint the suspicious threat affects. |
|
Destination OS |
Displays the operating system running on the target host. |
|
Destination User <x> |
Displays the name used to log on to the target host. <x> is the user name |
|
Logon (Destination User <x>) |
Displays the logon timestamp. <x> represents the number of logon times and the specific timestamp. |
Source IP Address |
Displays the IP address of the source where the suspicious threat originates. |
Source Host Name |
Displays the host name of the source where the suspicious threat originates. |
Source Port |
Displays the port number of the source where the suspicious threat originates. |
Source MAC Address |
Displays the MAC address of the source where the suspicious threat originates. |
|
Source OS |
Displays the operating system running on the target source host. |
|
Source User <x> |
Displays the name used to log on to the target source host. <x> is the user names |
|
Logon (Source User <x>) |
Displays the logon timestamp on the source. <x> represents the number of logon times and the specific timestamp. |
Source Domain |
Displays the domain of the source where the suspicious threat originates. |
Security Threat Type |
Displays the specific type of security threat managed products detect. Example: virus, spyware/grayware, fraud |
Policy/Rule |
Displays the policy/rule the suspicious threat violates. |
Recipient |
Displays the recipient of the suspicious threat. |
Sender |
Displays the sender of the suspicious threat. |
Subject |
Displays the content of the subject line of the email containing spyware/grayware. |
|
Attachment File Name |
Displays the file and extension name of the attachment. |
|
Attachment File Type |
Displays the file type of the attachment. |
|
Attachment SHA-1 |
Displays the SHA-1 hash of the attachment. |
URL |
Displays the URL considered a suspicious threat. |
User |
Displays the user name logged on to the destination when a managed product detects a suspicious threat. |
IM/IRC User |
Displays the instant messaging or IRC user name logged on when Deep Discovery Inspector detects a violation. |
Browser/FTP Client |
Displays the Internet browser or FTP endpoint where the suspicious threat originates. |
File |
Displays the name of the suspicious file. |
File in Compressed File |
Displays whether the suspicious threat originates from a compressed file. |
|
Archive SHA-1 |
Displays the SHA-1 hash of the archived file. |
|
Archive File Type |
Displays the type of the archived file. |
Shared Folder |
Displays whether the suspicious threat originates from a shared folder. |
|
SHA-1 |
Displays the SHA-1 hash. |
|
Mitigation Action |
Displays the action the mitigation server takes against suspicious threats. Example: File cleaned, File dropped, File deleted |
Mitigation Result |
Displays the result of the action the mitigation server takes against suspicious threats. |
Source IP Group |
Displays the IP address group of the source where the suspicious threat originates. |
Source Network Zone |
Displays the network zone of the source where the suspicious threat originates. |
Endpoint Group |
Displays the IP address group of the endpoint the suspicious threat affects. |
Endpoint Network Zone |
Displays the network zone of the endpoint the suspicious threat affects. |
|
Detections |
Displays the total number of policy/rule violations managed products detect. Example: A managed product detects 10 violation instances of the same type on one computer. Detections = 10 |
|
C&C List Source |
Name of the list that contains the callback address
|
|
C&C Risk Level |
Severity level of the callback |
|
Remarks |
Displays descriptions related to the attack. |
|
C&C Server |
Displays the name, URL, or IP address of the C&C server. |
|
C&C Server Type |
Displays the server type. |
|
Malware Type |
Displays the malware type. |
