Proxy activity details

The Proxy Activity report allows you to review activity that's directed to ETP Proxy.

Proxy activity appears in a table. After you select a filter and dimension, you can select the type of data that you want to show in the table. In addition to data listed in the Proxy activity dimensions topic, you can show this data in the activity table.

Note: You must be an ETP administrator or a user with a specific permission to view the Proxy Activity report. For more information, see Enterprise Threat Protector roles.
Proxy activity detail Description
Detected Time Date and time the activity was detected.
Policy Policy that applies or was applied.
List Custom lists or threat categories associated with the activity.
Detection Method Indicates how activity was detected. This field may show any of these values:
  • Inline. Indicates the activity was detected at the time of access.
  • Lookback. Indicates the activity was discovered in log data based on behavior.
  • Offline Static. Indicates the activity was discovered offline or after content was downloaded as a result of static malware analysis.
  • Offline Dynamic. Indicates the activity was discovered in a sandbox environment as a result of dynamic malware analysis.
Resolved IP IP address that is resolved from the domain.
Is Event Indicates whether the activity produced an event. This dimension shows a value of True or False.
Category

The overall category of the event. This may be the AUP category or the threat event category such as malware, phishing, command and control, and DNS exfiltration.

If the domain does not appear in any lists, including threat, custom, or exception lists, the Unclassified category is shown.

Confidence Indicates whether activity is a known threat. If this information is not known, it shows as Unknown.
Connection ID ID associated with the activity.
On-Ramp Indicates whether traffic was forwarded to ETP Proxy. This field shows Yes or No.
Client Agents String for HTTP-based traffic that includes details about the end user's browser and system, such as the browser, browser version, operating system, command line tools, version of ETP Client, and more.
Layer 7 Protocol Application layer protocols such as HTTP and HTTPS.
Request Time Date and time the user made the request.
Response Time Date and time when a response to a request was provided.
URI Uniform Resource Identifier. Characters or string that identify a resource. For example, a URL is a URI.
Source Port The TCP/UDP port of the user’s machine.
Request Header Header fields in an HTTP request.
Request Strings The query string in an HTTP request.
File Name The name of the file that’s scanned by ETP.
Dictionaries The specific dictionary that’s used to scan uploaded content for data loss prevention (DLP).
Patterns The pattern in a dictionary that’s used to scan uploaded content for DLP.
File Type MIME file type that is downloaded or uploaded. An administrator may assign the block or monitor action to this file type in a policy.
File Size Size of the file that's scanned by ETP.
DLP Scan Status Shows the status of the DLP scan. For example, this status may indicate that the scan is complete and show the action that was taken on the document or text.
Upload A true value indicates that the recorded activity occurred when the user attempted to upload data.
Hash Hash of the HTTP response.