Threats

Updated 2 years ago by admin

The Threats section within the ASE product lists all of the confirmed threats that have been received by ASE from products operating in your account. Depending on the threat object type, ASE will perform additional checks to try and minimise false positives and negatives before accepting the threat. ASE will track the number of times the threat has been detected, which product last detected it and at what time.

The Threats section provides an overview of the threats your account has been exposed to and in conjuction with the Rules section can provide automated response to minimise exposure to the threat.

The core platform products will be the source of the threats that appear in this section. For maximum effectiveness, we recommend licensing Web Security, Email Security and LinkScan. Additional products will support ASE in the coming months.

Viewing Threats

Navigate to Products, ASE and select Threats.

The available columns are:

  • Threat - this is the threat type value, for example a URL or a document. Clicking the threat will open the ASE Activity report for further investigation.
  • Threat Type - this is the type. The values are:
    • URL
    • Hash - see Supported File Formats below
    • IP
    • Domain
  • Threat Category - this is the category of the threat as reported by the product where the threat originated.
  • Last Detection - the last date and time that ASE received this threat.
  • Last Detected by - the last product to publish the threat to ASE
  • First Detection - the date and time that ASE first received this threat.
  • First Detected by - the product that published the threat to ASE for the first time.
  • Detection Count - the total number of times ASE has received this threat.
  • Timeline - a visual representation of the number of times ASE has received the threat.

An example timeline is shown below:

The timeline illustrates each time the threat was detected and published to ASE.

Searching for Threats

To search for a specific threat, return to the main Threats view and click the Filter icon in the header bar.

This will open the filter bar which allows you to search using various criteria. To remove the filtering, click Reset Filters. After changing filters, remember to click Apply Filters to begin the search.

Supported File Formats

The ASE engine supports sharing file hashes for the following MIME types:

MIME Type

application/pdf

application/octet-stream

application/vnd.openxmlformats-officedocument.wordprocessingml

application/vnd.openxmlformats-officedocument.spreadsheetml

application/vnd.openxmlformats-officedocument.presentationml

application/msword

application/vnd.ms-word

application/vnd.ms-excel

application/vnd.ms-powerpoint


How did we do?