Proactively Create and Allow Whitelist

Source

Source IP address of the security event

Expiry Date

Expiry date for this whitelist rule

Source Host

Source host name of the security event

Source User

Source user name of the security event

Destination

Destination IP address of the security event

Destination Host

Destination host name of the security event

Destination User

Destination user name of the security event

Entry Source

Entry source of the security event

Entry Origin

Engine that has created this security event

Indicator

Intel event's indicator

Indicator Type

Intel event's indicator type

Threat Level

Indicates the threat level in green, orange, etc.

Exclude Internal

Excludes security events which are internal to a network

URL

URL of the security event

Event Category

Event category of the security event

Event Attribute

Event attribute of the security event

Trigger

Event trigger of the security event

Trigger_id

Event trigger id of the security event

Path

The file path in case of smbfiles or IP addresses involved in transmission in case of smtp logs.

Site

The website involved with logs and event.

Query

The DNS query involved in the security event.

Status Code

The status code returned to the request/response for a HTTP request.

Dest_port

The port number of the destination machine to which the data is routed. 

Src_port

The port number of the source machine from where the data is sent.

Event_extra_attributes

The extra attributes related to an event.

Application

Application used by the security event

User Agent

User agent used by the security event

Protocol

Protocol used by the security event

Reason

Reason for creating this whitelist rule

xff_ip

HTTP header used to track the original IP address of a user connecting to a web server through a proxy or load balancer.