Data in alert notifications and scheduled reports
Note: If you select Text
format for the report, columns and values in the report are shown in a
pipe-delimited format.
Data | Description |
---|---|
Details | Includes the following information about the event or
alert:
Note: If the report is in text format, domain, detection, action
taken, and confidence data appear as separate pipe-delimited
values.
|
Location | The location of the user who made the request. The provided location is also a link to the Locations page in ETP. |
Policy | The policy that is associated with the location. The provided policy name is also a link to the Policies page in ETP. |
List | The list where this domain is a confirmed or suspected threat. The provided list name is also a link to the Custom Lists page. |
Affected Internal IP | The private or internal IP address of a machine in your network that communicates with the security connector and is known to be compromised. This value appears in a scheduled report when an Affected Internal IP is detected in a DNS security connector event. This data does not appear in alert notifications. |
Count or DNS Count | The total number of alerts or events that are associated with the domain. The count for a domain is also a link to the Threat Events report. |
URI(s) | Uniform Resource Identifier. Characters or string that identify a resource. For example, a URL. As a result of grouping data by domain and locations, more than one URI may be listed in alert notifications and scheduled report results. |
Reason(s) | Informs how a threat event was identified. Any of the
these reasons may appear:
As a result of grouping data by domain and locations, more than one reason may be provided in alert notifications and scheduled report results. |
HTTP Count | The total number of alerts or events that are associated with HTTP traffic. |