Severity |
Indicates the severity level. For more information,
see Severity levels. |
Category |
Category assigned to a threat type or an acceptable
use policy category. |
Domain |
Name or resolvable identifier for an IP address.
This is the domain that is requested by the user. In a threat event,
the domain is known or suspected to be malicious. |
Reason |
Informs how a threat event was identified. Any of
the following reasons may appear:
- Akamai
Intelligence. Indicates the threat event was
identified by Akamai or a threat
category.
- Customer
Intelligence. Indicates the threat event was
found based on an administrator's custom list
configuration.
- Document
Static Analysis. Indicates the threat event
was found based on inline payload analysis of a
document.
- Executable Static Analysis. Indicates the
threat event was found based on inline payload analysis of a
document.
- AV
scan. Indicates the threat event was found
by an antivirus scan.
|
Location |
A public IP address or a named collection of public
IP addresses that belong to a region or geographic area in your
network, such as a CIDR block for an office branch or company
headquarters. The location indicates where the
event originated from. |
Threat Name |
Name of the threat. If a specific name for a threat
does not appear, ETP shows a name that classifies the threat. These
classifications include:
- Customer
Lists. Domains or IP addresses in a custom
list. The domains or IP addresses in these lists are defined
by your organization.
- Known
Phishing. Domains or URLs that are used in a
social engineering attack to fraudulently obtain personal or
classified information. A phishing scam deceives victims to
performing an activity that compromises their machine or
reveals sensitive information.
- Known
Malware. Domains or URLs that direct victims
to malicious websites or are used by applications to harm a
network. Malware steals confidential data, compromises data
integrity, and disrupts data availability.
- Known
CNC. Domains or URLs that are used for
command and control communication. A command and control
threat is used to steal data, distribute malware, and
disrupt services.
- File
Sharing. Domains or URLs of file sharing
services.
- Aged
Out. Indicates the domain was tracked as a
threat for some time and it may still be a threat. If the
proxy is enabled, the proxy determines whether the domain is
still a threat.
- Generic
Risky. Indicates there’s risk that the
domain may be malicious. If the proxy is enabled, the proxy
determines whether it is malicious.
- Unclassified. Indicates a threat is not yet
classified by ETP.
|