Threat Intelligence Messages

Threat Intelligence Messages

Base Rule

General Threat Message

Activity

Malware Activity

Sub Rule

Detected Malware Activity

Malware

Phishing Activity

Sub Rule

Phishing Activity

Attack

Quarantine - High Confidence Phish Email

Sub Rule

Failed Phishing Activity

Failed Attack

Quarantine - Antispam Phish Policy

Sub Rule

Failed Phishing Activity

Failed Attack

Move to JMF - Antiphish Spoof Policy

Sub Rule

Failed Phishing Activity

Failed Attack

TS

N/A

N/A

N/A

SESSID

<session>

Text/String

Session information

COMMAND

<command>

Text/String

Command name

USERTYPE

N/A

N/A

Type of user

USERKEY

N/A

N/A

User key information hexadecimal value

WORKLOAD

 <vendorinfo>

Text/String

Audit log record type

RESULTCODE

N/A

N/A

Result

OBJECT

N/A

N/A

Object name

USER

<login>
<domain>

Text/String

Source user name

SIP

<sip>

IP Address

Source IP address

DETAILS

N/A

N/A

N/A

CreationTime

N/A

N/A

N/A

ID

N/A

N/A

N/A

Operation

N/A

N/A

N/A

OrganizationId

N/A

N/A

N/A

RecordType

N/A

N/A

N/A

UserKey

N/A

N/A

N/A

UserType

N/A

N/A

N/A

Version

N/A

N/A

N/A

Workload

N/A

N/A

N/A

Objectid

N/A

N/A

N/A

Userid

N/A

N/A

N/A

AttachmentData

N/A

N/A

N/A

FileName

N/A

N/A

N/A

FileType

N/A

N/A

N/A

FileVerdict

N/A

N/A

N/A

MalwareFamily

N/A

N/A

N/A

SHA256

<hash>

Text/String

N/A

DetectionMethod

<reason>

Text/String

N/A

DetectionType

N/A

N/A

N/A

EventDeepLink

<url>

Text/String

N/A

InternetMessageId

N/A

N/A

N/A

MessageTime

N/A

N/A

N/A

NetworkMessageId

N/A

N/A

N/A

P1Sender

<sender>

Text/String

Sender information

P2Sender

 <result>

Text/String

Sender information

Policy

<policy>
<tag2>

Text/String

Policy

PolicyAction

<action>
<tag3>

Text/String

Policy action

Recipients

<recipient>

Text/String

Recipient information

SenderIp

<sip>

IP Address

Sender IP information

subject

<subject>

Text/String

Subject

Verdict

<threatname>
<tag1>

Text/String

N/A