Threat event details
Threat events appear in a table. After you select a filter and dimension, you can select the type of data that you want to show in the table. In addition to data listed in the Event Dimensions help topic, you can show this data in the events table.
Event Table Column / Attribute | Description |
---|---|
Detected Time | The time when the event was detected in your local time. |
Correlation | If your organization uses a security connector, this
column indicates whether there is a security connector event that
correlates to the threat event. If there is a correlation, the column
includes a View link that you can click in the Correlation table column.
This link directs you to Correlation Security Connector Event(s) for
Threat Event dialog where event information is provided. Additionally, this column may show the values None or N/A. None indicates that while a sinkhole action was taken on the event, there is no correlation to a Security Connector event yet. N/A indicates that a Security Connector event correlation is not applicable because a sinkhole action was not taken on the event. This attribute or data column does not apply to AUP events. |
Query Type | DNS resource record type associated with the request. |
Hash | Hash of the HTTP response for threats. |
Response Time | Time when a response to a request was provided. This attribute is available only when ETP Proxy is enabled. |
Reason | Informs how a threat event was identified. Any of these
reasons may appear:
|
Destination IP | IP address of the destination (origin) website. This attribute is available only when ETP Proxy is enabled. |
Connection ID | Uniquely identifies a connection in a network. This attribute is available only when ETP Proxy is enabled. |
Deep Scan Report | If static or dynamic malware analysis is enabled and a threat was detected, a deep scan report is available for download here. For more information on a deep scan report, see Deep scan report. |
On Ramp | Indicates whether traffic was forwarded to ETP Proxy. This field shows Yes or No. |
This information appears in the Details tab.
Event Detail | Description |
---|---|
Request Time | Date and time when the request was made. |
Request Header(s) | Header fields in an HTTP request. |
Response Header(s) | Header fields in an HTTP response. |