The Threats section within the ASE product lists all of the confirmed threats that have been received by ASE from products operating in your account. Depending on the threat object type, ASE will perform additional checks to try and minimise false positives and negatives before accepting the threat. ASE will track the number of times the threat has been detected, which product last detected it and at what time.
The Threats section provides an overview of the threats your account has been exposed to and in conjuction with the Rules section can provide automated response to minimise exposure to the threat.
Navigate to Products, ASE and select Threats.
The available columns are:
- Threat - this is the threat type value, for example a URL or a document. Clicking the threat will open the ASE Activity report for further investigation.
- Threat Type - this is the type. The values are:
- Threat Category - this is the category of the threat as reported by the product where the threat originated.
- Last Detection - the last date and time that ASE received this threat.
- Last Detected by - the last product to publish the threat to ASE
- First Detection - the date and time that ASE first received this threat.
- First Detected by - the product that published the threat to ASE for the first time.
- Detection Count - the total number of times ASE has received this threat.
- Timeline - a visual representation of the number of times ASE has received the threat.
An example timeline is shown below:
The timeline illustrates each time the threat was detected and published to ASE.
Searching for Threats
To search for a specific threat, return to the main Threats view and click the Filter icon in the header bar.
This will open the filter bar which allows you to search using various criteria. To remove the filtering, click Reset Filters. After changing filters, remember to click Apply Filters to begin the search.