Event Report

Updated 3 years ago by admin

The ASE product generates a detailed Event Report for every rule that triggers when threat objects are exchanged between core products within the USS platform.

The Event Report is a snapshot detailing when the event started, how the threat was confirmed and what action was taken in accordance with the configured rules. If notifications are enabled for a rule, a link to the specific Event Report will be included in the message for rapid visualisation of action taken.

The Event Report contains:

  • The date and time that the event took place.
  • The full threat object.
  • Threat Category - the category of the threat as reported by the product where the threat originated.
  • First Detection - the date and time that ASE first received this threat.
  • Last Detected - the last date and time that ASE received this threat.
  • Detection Count - the total number of times ASE has received this threat.
  • Rules Triggered - the rules that matched.
  • Threat Location - the geolocation of the source of the threat.
  • Threat Analytics - the results of multiple static analysis and machine learning verification checks.
  • Threat Path - a visualisation of the product where the threat originated and the other products the threat was shared with.
  • Threat Timeline - a visualisation of the elapsed time between the beginning and end of the event. The start time is when the originating product first detected the threat and the end time is the time that ASE finished taking action. Each segment can be clicked to reveal additional detail that took place at that time point.

How did we do?