• Akamai Intelligence. Indicates the threat event was identified by Akamai or a threat category.
• Customer Intelligence. Indicates the threat event was found based on an administrator's custom list configuration.
• Document Static Analysis. Indicates the threat event was found based on inline payload analysis of a document.
• Executable Static Analysis. Indicates the threat event was found based on inline payload analysis of a document.
• AV scan. Indicates the threat event was found by an antivirus scan.

The location indicates where the event originated from.

• Customer Lists. Domains or IP addresses in a custom list. The domains or IP addresses in these lists are defined by your organization.
• Known Phishing. Domains or URLs that are used in a social engineering attack to fraudulently obtain personal or classified information. A phishing scam deceives victims to performing an activity that compromises their machine or reveals sensitive information.
• Known Malware. Domains or URLs that direct victims to malicious websites or are used by applications to harm a network. Malware steals confidential data, compromises data integrity, and disrupts data availability.
• Known CNC. Domains or URLs that are used for command and control communication. A command and control threat is used to steal data, distribute malware, and disrupt services.
• File Sharing. Domains or URLs of file sharing services.
• Aged Out. Indicates the domain was tracked as a threat for some time and it may still be a threat. If the proxy is enabled, the proxy determines whether the domain is still a threat.
• Generic Risky. Indicates there’s risk that the domain may be malicious. If the proxy is enabled, the proxy determines whether it is malicious.
• Unclassified. Indicates a threat is not yet classified by ETP.