Exported Excel files

Advanced EDR gives you the option to export, to an Excel file, extended information about the programs detected by any of the advanced detection technologies it incorporates. For more information about this file, see section Details of blocked programs. To download it, click the icon in the upper-right corner of the list. Select the Export list and details option. You will download an Excel file with extended details of all threats on the list.

Field Description Values

Date

Action date.

Date

Hash

String identifying the blocked file.

Character string

Policy

Name of the policy that blocked the file. Available in the Detections by advanced security policies list.

Character string

Threat

Threat name. Available in the following lists:

  • Malware activity

  • PUP activity

  • Currently blocked programs being classified

  • History of blocked programs

Character string

User

User account under which the threat was run.

Character string

Computer

Name of the computer where the threat was detected.

Character string

Path

Threat name, device, and folder where the file is located on the user’s computer.

Character string

Accessed data

The threat accessed files located on the user’s computer. Available in the following lists:

  • Malware activity

  • PUP activity

  • Currently blocked programs being classified

  • History of blocked programs

Binary value

Action

Action logged on the system.

  • Downloaded from

  • Communicates with

  • Accesses data

  • Accesses

  • Is accessed by

  • LSASS.EXE opens

  • LSASS.EXE is opened by

  • Is run by

  • Runs

  • Is created by

  • Creates

  • Is modified by

  • Modifies

  • Is loaded by

  • Loads

  • Is deleted by

  • Deletes

  • Is renamed by

  • Renames

  • Is killed by

  • Kills process

  • Process suspended

  • Creates remote thread

  • Thread injected by

  • Is opened by

  • Opens

  • Creates

  • Is created by

  • Creates key pointing to EXE file

  • Modifies key to point to EXE file

  • Tries to stop

  • Ended by

Command Line

Command-line parameters associated with the action.

Character string

Event date

Date and time when the event was logged on the customer’s computer.

Character string

Times

Number of times the action was executed. A single action executed several times consecutively will appear only once in the list.

Numeric value

Path/URL/Registry Key/IP:Port

Action entity. It can have different values depending on the action type.

  • Registry Key: For actions that involve modifying the Windows registry.

  • IP:Port: For actions that involve communicating with a local or remote computer.

  • Path: For actions that involve access to the computer hard disk.

  • URL: For actions that involve access to a URL.

File Hash/Registry Value/Protocol-Direction/Description

This field complements the entity.

  • File Hash: For actions that involve access to a file.

  • Registry Value: For actions that involve access to the registry.

  • Protocol-Direction: For actions that involve communicating with a local or remote computer. Possible values are:

    • TCP

    • UDP

    • Bidirectional

    • Unknown

    • Description

Trusted

Indicates whether the blocked file is digitally signed.

Binary value

Fields in the List and details exported file