Data in alert notifications and scheduled reports
Note: If you select Text format for the report, columns and values in the report are shown in a pipe-delimited format.
|Details||Includes the following information about the event or
Note: If the report is in text format, domain, detection, action taken, and confidence data appear as separate pipe-delimited values.
|Location||The location of the user who made the request. The provided location is also a link to the Locations page in ETP.|
|Policy||The policy that is associated with the location. The provided policy name is also a link to the Policies page in ETP.|
|List||The list where this domain is a confirmed or suspected threat. The provided list name is also a link to the Custom Lists page.|
|Affected Internal IP||The private or internal IP address of a machine in your network that communicates with the security connector and is known to be compromised. This value appears in a scheduled report when an Affected Internal IP is detected in a DNS security connector event. This data does not appear in alert notifications.|
|Count or DNS Count||The total number of alerts or events that are associated with the domain. The count for a domain is also a link to the Threat Events report.|
|URI(s)||Uniform Resource Identifier. Characters or string that identify a resource. For example, a URL. As a result of grouping data by domain and locations, more than one URI may be listed in alert notifications and scheduled report results.|
|Reason(s)||Informs how a threat event was identified. Any of the
these reasons may appear:
As a result of grouping data by domain and locations, more than one reason may be provided in alert notifications and scheduled report results.
|HTTP Count||The total number of alerts or events that are associated with HTTP traffic.|