Network Threats
This view provides detailed visibility, filtering and analysis for threats recorded by the Multicloud Defense threat analysis engine and summarized in Network Threats.
Network Threats
Tables and Fields available in Network Threats are as follows:
|
Event Details |
Description |
|---|---|
|
Date and Time |
ISO 8601 format: YYYY-MM-DD T HH:MM:SS:S Example: |
|
Type |
AV, DLP, DPI |
|
CSP Account |
Multicloud Defense CSP Account |
|
Gateway |
Multicloud Defense Gateway |
|
Region |
Region of the Multicloud Defense Gateway |
|
Level |
DEBUG, INFO, NOTICE, WARNING, ERROR, CRITICAL, ALERT, EMERGENCY |
|
Session ID |
.. |
|
Service |
Description |
|---|---|
|
Src IP |
Source IP Address |
|
Src Port |
Source Port |
|
Dest IP |
Destination IP Address |
|
Dest Port |
Destination Port |
|
Protocol |
UDP, TCP |
|
Application Info |
Description |
|---|---|
|
Client App Name |
Application name associated with client side of the session. Example: |
|
Payload App Name |
HTTP application name associated with webserver host. Example: |
|
Service App Name |
Application name associated with server side of the session Example: |
|
Action |
Description |
|---|---|
|
Action |
ALLOW, DENY |
|
State |
ESTABLISHED, CLOSE, CLOSED, CLOSE_WAIT, TIME_WAIT, FIN_WAIT, LAST_ACK |
|
HTTP Request |
Description |
|---|---|
|
Host |
Host portion of URL |
|
Method |
GET, PUT, POST, HEAD, DELETE, PATCH, OPTIONS |
|
URI |
URI Identifier RFC 3986 |
|
FQDN |
Description |
|---|---|
|
FQDN |
Fully Qualified Domain Name |
|
Category Name |
Category classification of the FQDN. Example: |
|
Reputation |
Reputation score of the FQDN |
|
Rule |
Description |
|---|---|
|
ID |
ID number/description of Multicloud Defense Rule. Example 59 (egress-prod-apt-80) |