- whether a domain is a threat
- whether a specific type of threat is active in your network
- the risk level and the number of events associated with a specific application
In an event or activity report, you are also redirected to the Indicator Search page when you choose to view More Details for a domain and threat name. When viewing threat or access control events, you can also select the information icon associated with a domain to view Indicators of Compromise (IOC) details in a separate window. The IOC details that appear provide the same information that is on the Indicator Search page.
Search by domain
- A graph illustrating the number of DNS requests that occurred for the domain in the specified time period.
- A table showing the complete history of the domain as tracked by ETP. For example, the table shows when the application began tracking the domain as a threat.
- Additional information about the domain, such as domain name registrar, detected threat type, and more. For more information see Indicator search: domain information
- If the domain is associated with a specific threat, the name of the threat appears. You can hover over the threat name to read more information about the threat. The window that appears provides a threat description, the severity level, external links, and a graph with the number of events related to this threat from the last 30 days.
Search by threat name
- Definition of threat. Defines the threat and describes how it spreads and affects a network.
- Other known names of threat. If the threat is known by other names, these names are also listed.
- Severity level. Indicates the severity level that is associated with the threat. For more about these levels, see Severity levels.
- Threat type. Indicates the type of threat. For example, this field indicates if it’s a worm, malware, trojan, or another threat type.
- External links. For additional information about the threat, external links to resources on the Internet are also provided.
- Events. If there are events associated with the threat or threat type, a graph appears with a total number of events that occurred during a specified time period.
Search by application name
You can search by the application name to learn whether an application is a risk to your organization. An application search provides this information:
- Risk level associated with the application. For more information about the risk levels, see Application visibility and control.
- Application category and description of the category
- Indicates whether ETP Proxy is required to use the application. If ETP Proxy is not required, ETP may still be able to identify the application based on its hostname.
- The known URLs that are associated with the application.
- Events associated with an application. A graph shows the total number of events that occurred during the specified time period.
- History of when ETP started tracking the application.