Security Connector event details

The Security Connector report allows you to review specific events and details associated with the information collected by the security connector.

Security Connector events are organized in the events table based on the following information: 

Columns in the Security Connector Events Table
Event Table Column Description
Event Time The time that the event was detected by the security connector.
Connector Name Name of the security connector.
Affected Internal IP The private or internal IP address of a machine in your network that communicates with the security connector and is known to be compromised.
Affected Machine Name Name of the compromised machine in your network. The machine name appears if your organization has configured DNS Pointer (PTR) records on the DNS name server that communicates with the security connector. Enterprise Threat Protector performs a reverse IP address lookup to show this information.
Hostname Hostname in the host header or Server Name Identification (SNI).
Destination Port Destination TCP/UDP port of packets.
URL If the full URL is not available from the security connector, then the provided URL is based only on the hostname of the request.
Hit Count Number of connections that were captured and logged by the security connector as a result of the internal IP address, destination port, layer 4 protocol, hostname, user-agent string, and URL.
Correlated Threat Event Indicates if there is a correlating threat event. If there is a correlation, the column includes a View link for an ETP administrator or report viewer to see the corresponding threat event in a separate dialog. The dialog also contains a link to the Threat Events report where a filter is applied to show the corresponding event information based on the domain and event ID.
When you click the information icon to view more details about a Security Connector event, in addition to some of the information above, the following event information is also available.

You can also see some of this data in the Security Connector events tables where grouped events are listed.

Security Connector Event Details
Event Detail Description
Source Port The TCP/UDP port of the user’s machine.
Connector IP The IP address of the security connector.
Layer 4 Protocol Transport layer protocol that applies to the event. In this case, whether Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP) was used. If these protocols are not used, no information is shown in this field.
User Agent User-agent string for HTTP-based traffic that includes details about the end user's browser and system, such as the browser, browser version, operating system, command line tools, and more.
Layer 7 Protocol Application layer protocol that was used to communicate with the security connector. For example, HTTP or Transport Layer Security (TLS).