Proxy activity details

The Proxy Activity report allows you to review activity that's directed to ETP Proxy.

Proxy activity appears in a table. After you select a filter and dimension, you can select the type of data that you want to show in the table. In addition to data listed in the Proxy activity dimensions topic, you can show this data in the activity table.

Note: You must be an ETP super administrator or a user with a specific permission to view the Proxy Activity report. For more information, see Enterprise Threat Protector roles.
Proxy activity detail Description
Detected Time Date and time the activity was detected.
Policy Policy that applies or was applied.
List Custom lists or threat categories associated with the activity.
Detection Method Indicates how activity was detected. This field may show any of these values:
  • Inline. Indicates the activity was detected at the time of access.
  • Lookback. Indicates the activity was discovered in log data based on behavior.
  • Offline Static. Indicates the activity was discovered offline or after content was downloaded as a result of static malware analysis.
  • Offline Dynamic. Indicates the activity was discovered in a sandbox environment as a result of dynamic malware analysis.
Resolved IP IP address that is resolved from the domain.
Is Event Indicates whether the activity produced an event. This dimension shows a value of True or False.
Category

The overall category of the event. This may be the AUP category or the threat event category such as malware, phishing, command and control, and DNS exfiltration.

If the domain does not appear in any lists, including threat, custom, or exception lists, the Unclassified category is shown.

Confidence Indicates whether activity is a known threat. If this information is not known, it shows as Unknown.
Connection ID ID associated with the activity.
On-Ramp Indicates whether traffic was forwarded to ETP Proxy. This field shows Yes or No.

Indicates whether traffic was forwarded to ETP Proxy. This field shows Yes or No.

Detail Description
Layer 7 Protocol Application layer protocols such as HTTP and HTTPS.
Request Time Date and time the user made the request.
Response Time Date and time when a response to a request was provided.
URI Uniform Resource Identifier. Characters or string that identify a resource. For example, a URL is a URI.
Source Port The TCP/UDP port of the user’s machine.
Hash Hash of the HTTP response.