Dashboard dimensions

When you create a widget, you can group metrics by any one of these dimensions.
Dimension Definition
Severity Indicates the severity level. For more information, see Severity levels.
Category Indicates threat type, acceptable use policy (AUP) category, or application and visibility control (AVC) category.
Domain Name or resolvable identifier for an IP address. This is the domain that is requested by the user. In a threat event, the domain is known or suspected to be malicious.
Reason Informs how a threat event was identified. Any of the following reasons may appear:
  • Akamai Intelligence. Indicates the threat event was identified by Akamai or a threat category.
  • Customer Intelligence. Indicates the threat event was found based on an administrator's custom list configuration.
  • Document Static Analysis. Indicates the threat event was found based on inline payload analysis of a document.
  • Executable Static Analysis. Indicates the threat event was found based on inline payload analysis of a document.
  • AV scan. Indicates the threat event was found by an antivirus scan.
Location A public IP address or a named collection of public IP addresses that belong to a region or geographic area in your network, such as a CIDR block for an office branch or company headquarters.

The location indicates where the event originated from.

Threat Name Name of the threat. If a specific name for a threat does not appear, ETP shows a name that classifies the threat. These classifications include:
  • Customer Lists. Domains or IP addresses in a custom list. The domains or IP addresses in these lists are defined by your organization.
  • Known Phishing. Domains or URLs that are used in a social engineering attack to fraudulently obtain personal or classified information. A phishing scam deceives victims to performing an activity that compromises their machine or reveals sensitive information.
  • Known Malware. Domains or URLs that direct victims to malicious websites or are used by applications to harm a network. Malware steals confidential data, compromises data integrity, and disrupts data availability.
  • Known CNC. Domains or URLs that are used for command and control communication. A command and control threat is used to steal data, distribute malware, and disrupt services.
  • File Sharing. Domains or URLs of file sharing services.
  • Aged Out. Indicates the domain was tracked as a threat for some time and it may still be a threat. If the proxy is enabled, the proxy determines whether the domain is still a threat.
  • Generic Risky. Indicates there’s risk that the domain may be malicious. If the proxy is enabled, the proxy determines whether it is malicious.
  • Unclassified. Indicates a threat is not yet classified by ETP.