Threat event details

The Threat Events report allows you to review specific events and event details.

Threat events appear in a table. After you select a filter and dimension, you can select the type of data that you want to show in the table. In addition to data listed in the Event Dimensions help topic, you can show this data in the events table.

Event Table Column / Attribute Description
Detected Time The time when the event was detected in your local time.
Correlation If your organization uses a security connector, this column indicates whether there is a security connector event that correlates to the threat event. If there is a correlation, the column includes a View link that you can click in the Correlation table column. This link directs you to Correlation Security Connector Event(s) for Threat Event dialog where event information is provided.

Additionally, this column may show the values None or N/A. None indicates that while a sinkhole action was taken on the event, there is no correlation to a Security Connector event yet. N/A indicates that a Security Connector event correlation is not applicable because a sinkhole action was not taken on the event.

This attribute or data column does not apply to AUP events.

Query Type DNS resource record type associated with the request.
Hash Hash of the HTTP response for threats.
Response Time Time when a response to a request was provided.

This attribute is available only when ETP Proxy is enabled.

Reason Informs how a threat event was identified. Any of these reasons may appear:
  • Akamai Intelligence: Indicates threat event was identified by Akamai or a threat category.
  • Customer Intelligence: Indicates threat event was found based on an administrator's custom list configuration.
  • Document Static Analysis: Indicates threat event was found based on inline payload analysis of a document.
  • Executable Static Analysis: Indicates threat event was found based on inline payload analysis of a document.
  • AV scan: Indicates threat event was found by an antivirus scan.
Destination IP IP address of the destination (origin) website.

This attribute is available only when ETP Proxy is enabled.

Connection ID Uniquely identifies a connection in a network.

This attribute is available only when ETP Proxy is enabled.

Deep Scan Report If static or dynamic malware analysis is enabled and a threat was detected, a deep scan report is available for download here. For more information on a deep scan report, see Deep scan report.
On Ramp Indicates whether traffic was forwarded to ETP Proxy. This field shows Yes or No.
When you click the information icon beside an event in the events table, additional information is also available for an HTTP event.

This information appears in the Details tab.

Event Detail Description
Request Time Date and time when the request was made.
Request Header(s) Header fields in an HTTP request.
Response Header(s) Header fields in an HTTP response.