Dashboard dimensions

When you create a widget, you can group metrics by any one of these dimensions.
Dimension Definition
Severity Indicates the severity level. For more information, see Severity levels.
Category Category assigned to a threat type or an acceptable use policy category.
Domain Name or resolvable identifier for an IP address. This is the domain that is requested by the user. In a threat event, the domain is known or suspected to be malicious.
Reason Informs how a threat event was identified. Any of the following reasons may appear:
  • Akamai Intelligence. Indicates the threat event was identified by Akamai or a threat category.
  • Customer Intelligence. Indicates the threat event was found based on an administrator's custom list configuration.
  • Document Static Analysis. Indicates the threat event was found based on inline payload analysis of a document.
  • Executable Static Analysis. Indicates the threat event was found based on inline payload analysis of a document.
  • AV scan. Indicates the threat event was found by an antivirus scan.
Location A public IP address or a named collection of public IP addresses that belong to a region or geographic area in your network, such as a CIDR block for an office branch or company headquarters.

The location indicates where the event originated from.

Threat Name Name of the threat. If a specific name for a threat does not appear, ETP shows a name that classifies the threat. These classifications include:
  • Customer Lists. Domains or IP addresses in a custom list. The domains or IP addresses in these lists are defined by your organization.
  • Known Phishing. Domains or URLs that are used in a social engineering attack to fraudulently obtain personal or classified information. A phishing scam deceives victims to performing an activity that compromises their machine or reveals sensitive information.
  • Known Malware. Domains or URLs that direct victims to malicious websites or are used by applications to harm a network. Malware steals confidential data, compromises data integrity, and disrupts data availability.
  • Known CNC. Domains or URLs that are used for command and control communication. A command and control threat is used to steal data, distribute malware, and disrupt services.
  • File Sharing. Domains or URLs of file sharing services.
  • Aged Out. Indicates the domain was tracked as a threat for some time and it may still be a threat. If the proxy is enabled, the proxy determines whether the domain is still a threat.
  • Generic Risky. Indicates there’s risk that the domain may be malicious. If the proxy is enabled, the proxy determines whether it is malicious.
  • Unclassified. Indicates a threat is not yet classified by ETP.