Security module lists

The security lists show the information collected by Advanced EPDR in connection with computer protection activities. They provide highly detailed information because they contain the raw data used to generate the widgets.

There are two ways to access the security lists:

From the top menu, select Status. From the side panel, select Security. Click any of the available widgets to access its associated list. Depending on the item you click on the widget, you access different lists with predefined filters.

Or
From the top menu, select Status. From the My lists side panel, click Add. A dialog box opens that shows all lists available in Advanced EPDR.
Select any of the lists in the Security section. The list opens with no filters applied.

Select any of the entries on the list to open a new page with more details about that particular item.

Computer protection status

This list shows all computers on the network, with filters that enable you to search for computers and mobile devices that are unprotected for some specific reason.

To ensure correct operation of the security software, the computers on the network must communicate with the Cytomic cloud. For the list of URLs that must be accessible from your computers, see section Access to service URLs.

Field	Description	Values
Computer	Computer name.	Character string
Computer status	Agent reinstallation: Reinstalling the agent. Agent reinstallation error. Protection reinstallation: Reinstalling the protection. Protection reinstallation error. Pending restart. Computer isolation status: Computer in the process of being isolated. Isolated computer. Computer in the process of stopping being isolated. “RDP attack containment” mode: Computer in “RDP attack containment” mode. Ending "RDP attack containment" mode. Verbose mode: Computer in Verbose mode.	Icon
Group	Folder in the Advanced EPDR folder tree that the computer belongs to.	Character string 'All' group Native group Active Directory group
Advanced protection	Advanced protection status.	Installing Error. If it is a known error, the cause of the error appears. If it is an unknown error, the error code appears instead. Enabled Disabled No license
Antivirus	Antivirus protection status.	Installing Error. If it is a known error, the cause of the error appears. If it is an unknown error, the error code appears instead. Enabled Disabled No license
Updated protection	Indicates whether or not the installed protection module is updated to the latest version released. Point the mouse to the field to see the version of the installed protection.	Updated Not updated (7 days without updating since last release) Pending restart
Knowledge	Indicates whether or not the signature file found on the computer is updated to the latest version. Point the mouse to the field to see the date that the file was last updated.	Updated Not updated (3 days without updating since last release)
Connection to knowledge	Indicates whether the computer can communicate with the Cytomic cloud to send monitored events and download security intelligence.	Connection OK One or more services are not accessible Information not available
Last connection	Date when the Advanced EPDR status was last sent to the Cytomic cloud.	Date
Fields in the Computer Protection Status list

Fields displayed in the exported file

Field	Description	Values
Client	Customer account the service belongs to.	Character string
Computer type	Type of device.	Workstation Laptop Server Mobile device
Computer	Computer name.	Character string
IP address	The computer primary IP address.	Character string
Domain	Windows domain the computer belongs to.	Character string
Description	Description assigned to the computer.	Character string
Group	Folder in the Advanced EPDR folder tree that the computer belongs to.	Character string
Agent version	Internal version of the Cytomic agent module.	Character string
Installation date	Date when the Advanced EPDR software was successfully installed on the computer.	Date
Last update on	Date the agent was last updated.	Date
Platform	Operating system installed on the computer.	Windows Linux macOS Android
Operating system	Operating system installed on the computer, internal version, and patch status.	Character string
Updated protection	Indicates whether or not the installed protection module is updated to the latest version released.	Binary value
Protection version	Internal version of the protection module.	Character string
Updated knowledge	Indicates whether or not the signature file found on the computer is the latest version.	Binary value
Last update on	Date the signature file was last updated.	Date
Advanced protection File antivirus Mail antivirus Web browsing antivirus Firewall Device control Web access control Program blocking Anti-Theft	Status of the associated protection.	Not installed Error: If it is a known error, the cause of the error appears. If it is an unknown error, the error code appears instead. Enabled Disabled No license
Advanced protection mode (Windows)	Current configuration of the advanced protection module. Operating mode.	Audit Hardening Lock
Advanced protection mode (Linux)	Current configuration of the advanced protection module. Malicious activity detection.	Audit Do not detect Block
Isolation status	Indicates whether or not the computer is isolated from the rest of the network.	Isolated Not isolated
Error date	If an error occurred installing Advanced EPDR, date and time of the error.	Date
Installation error	If an error occurred installing Advanced EPDR, error description.	Character string
Installation error code	Shows codes that identify the installation error occurred.	Codes are separated by “;”: Error code Extended error code Extended error subcode
Other security products	Name of any third-party antivirus product found on the computer at the time of installing Advanced EPDR.	Character string
Connection for web protection	Shows the status of the connection between the computer and the servers that store the dangerous URL database.	OK With problems
Connection for collective intelligence	Shows the status of the connection between the computer and the servers that store signature files and security intelligence.	OK With problems
Connection for sending events	Shows the status of the connection between the computer and the servers that receive the events monitored on protected computers.	OK With problems
“RDP attack containment” mode	Status of the “RDP attack containment” mode.	All No Yes
Fields in the Computer Protection Status exported file

Filter tool

Field	Description	Values
Computer type	Type of device.	Workstation Laptop Server Mobile device
Search computer	Computer name.	Character string
Last connection	Date when the Advanced EPDR status was last sent to the Cytomic cloud.	All Less than 24 hours ago Less than 3 days ago Less than 7 days ago Less than 30 days ago More than 3 days ago More than 7 days ago More than 30 days ago
Updated protection	Indicates whether or not the installed protection is updated to the latest version released.	All Yes No Pending restart
Platform	Operating system installed on the computer.	All Windows Linux macOS Android
Updated knowledge	Indicates whether or not the signature file found on the computer is the latest version.	Binary value
Connection to knowledge servers	Indicates whether the computer can communicate with the Cytomic cloud to send monitored events and download security intelligence.	All OK With problems: One or more services are not accessible
Protection status	Status of the protection module installed on the computer.	Installing... Properly protected Protection with errors Disabled protection No license Install error
Isolation status	Computer isolation status.	Not isolated Isolated Isolating Stopping isolation
“RDP attack containment” mode	Status of the “RDP attack containment” mode.	All No Yes
Filters available in the Computer Protection Status list

Computer Details page

Click a row in the list to open the computer details page. For more information, see Computer details.

Malware/PUP activity

This list shows the threats detected on the computers protected by Advanced EPDR. It provides you with the necessary information to find the source of a problem, assess the severity of an incident and, if required, take the necessary remediation measures and update the organization security policies.

Field	Comment	Values
Computer	Name of the computer where the threat was detected.	Character string
Threat	Name of the detected threat.	Character string
Path	Full path to the infected file.	Character string
Run sometime	The threat ran and the computer might be compromised.	Binary value
Accessed data	The threat accessed data on the user computer.	Binary value
Made external connections	The threat communicated with remote computers to send or receive data.	Binary value
Action	Action taken on the malware.	Quarantined Blocked Disinfected Deleted Detected Allowed (audit mode)
Date	Date when the threat was detected on the computer.	Date
Fields in the Malware/PUP Activity list

Fields displayed in the exported file

The context menu of the Malware/PUP Activity list shows two options: Export and Export List and Details. This section describes the content of the file generated when you select Export. For more information about the Export List and Details option, see Exported Excel files.

Field	Comment	Values
Computer	Name of the computer where the threat was detected.	Character string
Threat	Name of the detected threat.	Character string
Path	Full path to the infected file.	Character string
Action	Action taken on the malware.	Quarantined Blocked Disinfected Deleted Allowed Allowed (audit mode)
Run	The threat ran and the computer might be compromised.	Binary value
Accessed data	The threat accessed data on the user computer.	Binary value
External connections	The threat communicated with remote computers to send or receive data.	Binary value
Excluded	The threat was excluded by you to allow it to run.	Binary value
Date	Date when the threat was detected on the computer.	Date
Dwell time	Time that the threat was on the customer network without classification.	Character string
User	User account under which the threat was run.	Character string
MD5	MD5 hash of the detected file.	Character string
SHA-256	SHA-256 hash of the detected file.	Character string
Infection source computer	Name of the computer, if the infection attempt originated from another computer on the customer network.	Character string
Infection source IP address	IP address of the computer, if the infection attempt originated from another computer on the customer network.	Character string
Infection source user	The user that was logged in to the computer the infection attempt originated from, if applicable.	Character string
Fields in the Malware/PUP Activity exported file

Filter tool

Field	Comment	Values
Search	Computer: Device on which the threat was detected. Threat: Name of the threat. Hash: String that identifies the file. Infection source: Search by the user, IP address, or name of the computer the infected file came from.	Character string
Type	Type of threat.	Malware PUP
Dates	Set a time period, from the current moment back.	Last 24 hours Last 7 days Last month Last year
Run	The threat ran and the computer might be compromised.	Binary value
Action	Action taken on the threat.	Quarantined Blocked Disinfected Deleted Allowed Detected
Accessed data	The threat accessed data on the user computer.	Binary value
External connections	The threat communicated with remote computers to send or receive data.	Binary value
Filters available in the Malware/PUP Activity list

Details page

This page shows detailed information about the program classified as malware/PUP. See Malware and PUP detection.

Exploit activity

This list shows all computers with programs compromised by vulnerability exploit attempts. It provides you with the necessary information to find the source of a problem, assess the severity of an incident and, if required, take the necessary remediation measures and update the organization security policies.

Field	Comment	Values
Computer	Name of the computer where the threat was detected.	Character string
Compromised program or driver	Program affected by the exploit attack, or vulnerable driver loaded.	Character string
Exploit technique	Identifier of the technique used to exploit the program or driver vulnerability.	Character string
Exploit run	Indicates whether the exploit managed to run or was blocked before it could affect the vulnerable program.	Binary value
Action	Allowed (audit mode): The user is informed that the exploit has carried out its programmed actions. Because audit mode is enabled, threats are detected, but they are not blocked or removed. See Audit mode Allowed: The anti-exploit protection is configured in Audit mode. The exploit ran. Allowed: The anti-exploit protection is configured in Audit mode. The exploit ran. Not applicable if the exploit technique is Vulnerable driver. Blocked: The exploit was blocked before it could run. Allowed by the user: The computer user was asked for permission to end the compromised process, but decided to let the exploit run. Process ended: The exploit was deleted, but managed to partially run. Not applicable if the exploit technique is Vulnerable driver. Pending restart: The user was informed of the need to restart the computer to completely remove the exploit. In the meantime, the exploit continues to run. Not applicable if the exploit technique is Vulnerable driver.	Enumeration
Date	Date when the exploit attempt was detected on the computer.	Date
Fields in the Exploit Activity list

Fields displayed in the exported file

The context menu of the Exploit Activity list shows two options: Export and Export List and Details. This section describes the content of the file generated when you select Export. For more information about the Export List and Details option, see Exported Excel files.

Field	Comment	Values
Computer	Name of the computer where the threat was detected.	Character string
Compromised program or driver	Program affected by the exploit attack, or vulnerable driver loaded.	Character string
Exploit technique	Identifier of the technique used to exploit the program vulnerability.	Enumeration
User	User account under which the program that received the exploit attack was run.	Character string
Action	Allowed: The anti-exploit protection is configured in Audit mode. The exploit ran. Not applicable if the exploit technique is Vulnerable driver. Blocked: The exploit was blocked before it could run. Allowed by the user: The computer user was asked for permission to end the compromised process, but decided to let the exploit run. Process ended: The exploit was deleted, but managed to partially run. Not applicable if the exploit technique is Vulnerable driver. Pending restart: The user was informed of the need to restart the computer to completely remove the exploit. In the meantime, the exploit continues to run. Not applicable if the exploit technique Vulnerable driver. Allowed (Audit mode): The user is informed that the exploit carried out its programmed actions. Because Audit mode is enabled, threats are detected, but they are not blocked or removed. See Audit mode.	Enumeration
Exploit run	Indicates whether the exploit managed to run or was blocked before it could affect the vulnerable program.	Binary value
Date	Date when the exploit attempt was detected on the computer.	Date
Fields in the Exploit Activity exported file

Filter tool

Field	Comment	Values
Search	Computer: Device on which the threat was detected. Hash: String that identifies the compromised program. Compromised program: Name or path of the compromised file.	Enumeration
Dates	Set a time period, from the current moment back.	Last 24 hours Last 7 days Last month
Exploit run	Indicates whether the exploit managed to run or was blocked before it could affect the vulnerable program.	Binary value
Action	Allowed (Audit mode): The user is informed that the exploit carried out its programmed actions. Because Audit mode is enabled, threats are detected, but they are not blocked or removed. See Audit mode. Allowed: The anti-exploit protection is configured in Audit mode. The exploit ran. Not applicable if the exploit technique is Vulnerable driver. Blocked: The exploit was blocked before it could run. Allowed by the user: The computer user was asked for permission to end the compromised process, but decided to let the exploit run. Process ended: The exploit was deleted, but managed to partially run. Not applicable if the exploit technique is Vulnerable driver. Pending restart: The user was informed of the need to restart the computer to completely remove the exploit. In the meantime, the exploit continues to run. Not applicable if the exploit technique is Vulnerable driver.	Enumeration
Filters available in the Exploit Activity list

Details page

This page shows detailed information about the program classified as an exploit. See Exploit detection.

If the exploit technique is Vulnerable driver, see Driver details

Blocks by advanced security policies

This list shows all programs blocked by advanced security policies. These policies prevent the execution of scripts and unknown programs that use advanced infection techniques.

Field	Comment	Values
Computer	Name of the computer where the threat was detected.	Character string
User	User account under which the threat tried to run.	Character string
Path	Full path to the blocked file.	Character string
Action	Action taken on the file.	Detected Blocked Allowed (audit mode)
Policy	For more information, see Advanced security policies.	PowerShell with suspicious parameters PowerShell run by the user Unknown script Locally compiled program Document with macros Registry modification to run when Windows starts Program blocking by MD5 value Program blocking by name
Date	Date when the threat was detected on the computer.	Date
Fields in the Blocks by Advanced Security Policies list

Fields displayed in the exported file

The context menu of the Blocks by Advanced Security Policies list shows two options: Export and Export List and Details. This section describes the content of the file generated when you select Export. For more information about the Export List and Details option, see Exported Excel files.

Field	Comment	Values
Computer	Name of the computer where the threat was detected.	Character string
Policy	For more information, see Advanced security policies.	PowerShell with suspicious parameters PowerShell run by the user Unknown script Locally compiled program Document with macros Registry modification to run when Windows starts Program blocking by MD5 value Program blocking by name
Path	Full path to the file.	Character string
Action	Action taken on the file.	Detected Blocked Allowed (audit mode)
Date	Date when the threat was detected on the computer.	Date
User	User account under which the threat tried to run.	Character string
MD5	MD5 hash of the blocked program.	Character string
SHA-256	SHA-256 hash of the blocked program.	Character string
Fields in the Blocks by Advanced Security Policies exported file

Filter tool

Field	Comment	Values
Search	Computer: Name of the device where the detection was made. Compromised program: Name of the program blocked by the security policy. User: Searches by the name of the user that was logged in to the computer at the time the detection was made.	Character string
Dates	Set a time period, from the current moment back.	Last 24 hours Last 7 days Last month Last year
Action	Action taken on the threat.	Blocked Detected
Policy applied	For more information, see Advanced security policies.	PowerShell with suspicious parameters PowerShell run by the user Unknown script Locally compiled program Document with macros Registry modification to run when Windows starts Program blocking by MD5 value Program blocking by name
Filters available in the Blocks by Advanced Security Policies list

Details page

This page shows detailed information about the program blocked by the advanced security policies. See Block by advanced security policy.

Threats detected by the antivirus

This list provides complete, consolidated information about all detections made on all supported platforms and for all infection vectors used by hackers to infect computers on the network.

Field	Description	Values
Computer	Name of the computer where the threat was detected.	Character string
IP address	The computer primary IP address.	Character string
Group	Group within the Advanced EPDR group tree that the computer belongs to.	Character string 'All' group Native group Active Directory group
Threat type	Type of detected threat.	Viruses and ransomware Spyware Hacking tools and PUPs Phishing Suspicious items Dangerous actions blocked Tracking cookies Malware URLs Other
Path	Location of the threat on the file system.	Character string
Action	Action taken by Advanced EPDR.	Deleted Disinfected Quarantined Blocked Process ended Allowed (audit mode)
Date	Date when the attack was detected.	Date
Fields in the Threats Detected by the Antivirus list

Fields displayed in the exported file

Field	Description	Values
Client	Customer account the service belongs to.	Character string
Computer type	Type of device.	Workstation Laptop Mobile device Server
Computer	Name of the computer where the threat was detected.	Character string
Malware name	Name of the detected threat.	Character string
Threat type	Type of detected threat.	Viruses and ransomware Spyware Hacking tools and PUPs Phishing Suspicious items Dangerous actions blocked Tracking cookies Malware URLs Other
Malware type	Threat subclass.	Character string
Action	Action taken by Advanced EPDR.	Quarantined Deleted Blocked Process ended Allowed (audit mode)
Detected by	Engine that detected the threat.	Device control File protection Firewall Mail protection On-demand scan Web access control Web protection
Detection path	Location of the threat on the file system.	Character string
Excluded	The threat was excluded from the scans by the administrator to allow it to run.	Binary value
Date	Date when the attack was detected.	Date
Group	Group within the Advanced EPDR group tree that the computer belongs to.	Character string
IP address	Primary IP address of the computer where the detection was made.	Character string
Domain	Windows domain the computer belongs to.	Character string
Description	Description assigned to the computer by the network administrator.	Character string
Fields in the Threats Detected by the Antivirus exported file

Filter tool

Field	Description	Values
Computer	Name of the computer where the threat was detected.	Character string
Dates	Range: Set a time period, from the current moment back. Custom range: Choose specific dates from a calendar.	Last 24 hours Last 7 days Last month Last year
Computer type	Type of device.	Workstation Laptop Mobile device Server
Threat type	Type of threat.	Viruses and ransomware Spyware Hacking tools and PUPs Phishing Suspicious items Dangerous actions blocked Tracking cookies Malware URLs Other
Filters available in the Threats Detected by the Antivirus list

Details page

This page shows detailed information about the detected virus.

Field	Description	Values
Threat	Threat name.	Character string
Action	Action taken by Advanced EPDR. See Restoring items from quarantine.	Quarantined Deleted Blocked Process ended Allowed (audit mode)
Computer	Name of the computer where the threat was detected. It includes a link to the Computer Details page.	Character string
Computer type	Type of device.	Workstation Laptop Server Mobile device
IP address	The computer primary IP address.	Character string
Logged-in user	Operating system user under which the threat was loaded and run.	Character string
Detection path	Location of the threat on the file system.	Character string
Name	Threat name.	Character string
Threat type	Type of threat.	Character string
Malware type	Type of malware.	Viruses and ransomware Spyware Hacking tools and PUPs Phishing Suspicious items Dangerous actions blocked Tracking cookies Malware URLs Other
Detected by	Module that detected the item.
Date	Date when the attack was detected.	Date
Details accessible from the Threats Detected by the Antivirus list

Blocked devices

This list provides details of the network computers that have restricted access to peripherals.

Field	Description	Values
Computer	Computer name.	Character string
Group	Folder in the Advanced EPDR folder tree that the computer belongs to.	Character string ‘All' group Native group Active Directory group
Name	Name assigned manually to the device by you to make identification easier.	Character string
Type	Type of device affected by the security settings.	Removable storage drives Imaging devices CD/DVD drives Bluetooth devices Modems Mobile devices
Action	Action taken on the device.	Block Allow read access Allow read and write access
Date	Date and time when the action was taken.	Date
Fields in the Blocked Devices list

Fields displayed in the exported file

Field	Description	Values
Client	Customer account the service belongs to.	Character string
Computer type	Type of device.	Workstation Laptop Mobile device Server
Computer	Computer name.	Character string
Original name	Name of the blocked device.	Character string
Name	Name assigned to the device by you.	Character string
Type	Type of device.	Removable storage drives Imaging devices CD/DVD drives Bluetooth devices Modems Mobile devices
Instance ID	ID of the affected device.	Character string
Number of detections	Number of times the disallowed operation was detected on the device.	Numeric value
Action	Action taken on the device.	Block Allow read access Allow read and write access
Detected by	Module that detected the disallowed operation.	Device control
Date	Date when the disallowed operation was detected.	Date
Group	Folder in the Advanced EPDR folder tree that the computer belongs to.	Character string
IP address	The computer primary IP address.	Character string
Domain	Windows domain the computer belongs to.	Character string
Description	Description assigned to the computer by you.	Character string
Fields in the Blocked Devices exported file

Filter tool

Field	Description	Values
Computer type	Type of device.	Workstation Laptop Mobile device Server
Search computer	Computer name.	Character string
Dates	Range: Set a time period, from the current moment back. Custom range: Choose specific dates from a calendar.	Last 24 hours Last 7 days Last month
Device type	Type of device affected by the security settings.	Removable storage drives Imaging devices CD/DVD drives Bluetooth devices Modems Mobile devices
Name	Device name.	Character string
Filters available in the Blocked Devices list

Details page

This page shows detailed information about the blocked device.

Field	Description	Values
Device	Name of the blocked device.	Character string
Action	Action taken by Advanced EPDR.	Quarantined Deleted Blocked Process ended
Computer	Name of the computer where the device was blocked.	Character string
Computer type	Type of computer.	Workstation Laptop Server Mobile device
IP address	The computer primary IP address.	Character string
Original name	Name of the blocked device.	Character string
Name	Name assigned to the device by you. To edit it, click the icon.	Character string
Device type	Type of device.	Removable storage drives Imaging devices CD/DVD drives Bluetooth devices Modems Mobile devices
Instance ID	ID of the affected device.	Character string
Blocked by	Module that detected the item.	Device control
Number of detections	Number of detected blocks.	Numeric value
Date	Date when the attack was detected.	Date
Details accessible from the Blocked Devices list

Intrusion attempts blocked

This list shows the network attacks received by the computers on the network and blocked by the firewall.

Field	Description	Values
Computer	Name of the computer that received the network attack.	Character string
IP address	IP address of the primary network interface of the computer that received the network attack.	Character string
Group	Group within the Advanced EPDR group tree that the computer belongs to.	Character string
Intrusion type	Indicates the type of intrusion detected. For more information about each type of network attack, see Block intrusions.	All intrusion attempts ICMP Attack UDP Port Scan Header Lengths UDP Flood TCP Flags Check Smart WINS IP Explicit Path Land Attack Smart DNS ICMP Filter Echo Request OS Detection Smart DHCP SYN Flood Smart ARP TCP Port Scan
Date	Date and time Advanced EPDR logged the attack on the computer.	Date
Fields in the Intrusion Attempts Blocked list

Fields displayed in the exported file

Field	Description	Values
Client	Customer account the service belongs to.	Character string
Computer type	Type of device.	Character string
Computer	Name of the computer that received the network attack.	Character string
Intrusion type	Indicates the type of intrusion detected. For more information about each type of network attack, see Block intrusions.	ICMP Attack UDP Port Scan Header Lengths UDP Flood TCP Flags Check Smart WINS IP Explicit Path Land Attack Smart DNS ICM Filter Echo Request OS Detection Smart DHCP SYN Flood Smart ARP TCP Port Scan
Local IP address	IP address of the computer that received the network attack.	Character string
Remote IP address	IP address of the computer that launched the network attack.	Character string
Remote MAC address	Physical address of the computer that launched the network attack, provided it is on the same subnet as the computer that received the attack.	Character string
Local port	In TCP and UDP attacks, this section indicates the port where the intrusion attempt was received.	Numeric value
Remote port	In TCP and UDP attacks, this section indicates the port from which the intrusion attempt was launched.	Numeric value
Number of detections	Number of intrusion attempts of the same type received.	Numeric value
Action	Action taken by the firewall according to its settings. For more information, see Firewall (Windows computers).	Block
Detected by	Detection engine that detected the network attack.	Firewall
Date	Date the network attack was logged.	Date
Group	Folder in the Advanced EPDR folder tree that the computer belongs to.	Character string
IP address	IP address of the primary network interface of the computer that received the network attack.	Character string
Domain	Windows domain the computer belongs to.	Character string
Description	Description assigned to the computer by you.	Character string
Fields in the Intrusion Attempts Blocked exported file

Filter tool

Field	Description	Values
Dates	Range: Set a time period, from the current moment back. Custom range: Choose specific dates from a calendar.	Last 24 hours Last 7 days Last month
Intrusion type	Indicates the type of intrusion detected. For more information about each type of network attack, see Block intrusions.	All intrusion attempts ICMP Attack UDP Port Scan Header Lengths UDP Flood TCP Flags Check Smart WINS IP Explicit Path Land Attack Smart DNS ICMP Filter Echo Request OS Detection Smart DHCP SYN Flood Smart ARP TCP Port Scan
Computer type	Type of device.	Workstation Laptop Mobile device Server
Filters available in the Intrusion Attempts Blocked list

Details page

This page shows detailed information about the network attack detected.

Field	Description	Values
Intrusion type	Indicates the type of intrusion detected. For more information about each type of network attack, see Block intrusions.	ICMP Attack UDP Port Scan Header Lengths UDP Flood TCP Flags Check Smart WINS IP Explicit Path Land Attack Smart DNS ICM Filter Echo Request OS Detection Smart DHCP SYN Flood Smart ARP TCP Port Scan
Action	Action taken by Advanced EPDR.	Blocked
Computer	Name of the computer where the threat was detected.	Character string
Computer type	Type of device.	Workstation Laptop Mobile device Server
IP address	The computer primary IP address.	Character string
Local IP address	IP address of the computer that received the network attack.	Character string
Remote IP address	IP address of the computer that launched the network attack.	Character string
Remote MAC address	Physical address of the computer that launched the network attack, provided it is on the same subnet as the computer that received the attack.	Character string
Local port	In TCP and UDP attacks, this section indicates the port where the intrusion attempt was received.	Numeric value
Remote port	In TCP and UDP attacks, this section indicates the port from which the intrusion attempt was launched.	Numeric value
Detected by	Module that detected the item.	Firewall
Number of detections	Number of successive times the same type of attack occurred between the same source and target computers.	Numeric value
Date	Date when the attack was detected.	Date
Details accessible from the Intrusion Attempts Blocked list

Web access by category

Field	Description	Values
Category	Category that the accessed web page belongs to.	Enumeration of all supported categories.
Allowed access attempts	Number of accesses allowed to pages belonging to the category specified in the Category field.	Numeric value
Allowed devices	Number of computers allowed to access pages belonging to the category specified in the Category field.	Numeric value
Denied access attempts	Number of access attempts denied to pages belonging to the category specified in the Category field.	Numeric value
Denied computers	Number of computers denied to access pages belonging to the category specified in the Category field.	Numeric value
Fields in the Web Access by Category list

Fields displayed in the exported file

Field	Description	Values
Category	Category that the accessed web page belongs to.	Enumeration of all supported categories.
Allowed access attempts	Number of accesses allowed to pages belonging to the category specified in the Category field.	Numeric value
Allowed devices	Number of computers allowed to access pages belonging to the category specified in the Category field.	Numeric value
Denied access attempts	Number of access attempts denied to pages belonging to the category specified in the Category field.	Numeric value
Denied computers	Number of computers denied to access pages belonging to the category specified in the Category field.	Numeric value
Fields in the Web Access by Category exported file

Filter tool

Field	Description	Values
Dates	Range: Set a time period, from the current moment back. Custom range: Choose specific dates from a calendar.	Last 24 hours Last 7 days Last month Last year
Category	Category that the accessed web page belongs to.	Enumeration of all supported categories.
Filters available in the Web Access by Category list

Web access by computer

This list shows all computers on the network and web page visits allowed or denied (sorted by category).

Field	Description	Values
Computer	Computer name.	Character string
IP address	The computer primary IP address.	Character string
Group	Group within the Advanced EPDR group tree that the computer belongs to.	Character string 'All' group Native group Active Directory group
Category	Category that the accessed web page belongs to.	Enumeration of all supported categories.
Allowed access attempts	Number of accesses allowed to pages belonging to the category specified in the Category field.	Numeric value
Denied access attempts	Number of access attempts denied to pages belonging to the category specified in the Category field.	Numeric value
Fields in the Web Access by Computer list

Fields displayed in the exported file

Field	Description	Values
Client	Customer account the service belongs to.	Character string
Computer type	Type of device.	Workstation Laptop Mobile device Server
Computer	Computer name.	Character string
Category	Category that the accessed web page belongs to.	Enumeration of all supported categories.
Allowed access attempts	Number of accesses allowed to pages belonging to the category specified in the Category field.	Numeric value
Denied access attempts	Number of access attempts denied to pages belonging to the category specified in the Category field.	Numeric value
Group	Group within the Advanced EPDR group tree that the computer belongs to.	Character string
IP address	The computer primary IP address.	Character string
Domain	Windows domain the computer belongs to.	Character string
Description	Description assigned to the computer by you.	Character string
Fields in the Web Access by Category exported file

Filter tool

Field	Description	Values
Dates	Range: Set a time period, from the current moment back. Custom range: Choose specific dates from a calendar.	Last 24 hours Last 7 days Last month
Category	Category that the accessed web page belongs to.	Enumeration of all supported categories.
Computer type	Type of device.	Workstation Laptop Mobile device Server
Computer	Computer name.	Character string
Filters available in the Web Access by Category list

Network attack activity

This list shows all network attacks detected and blocked by the Network Attack Protection module.

Field	Description	Values
Computer	Computer name.	Character string
Network attack	Name of the network attack. For more information, see https://www.pandasecurity.com/en/support/card?id=700145	Character string.
Local IP address	The computer local IP address.	IP address
Action	Action taken.	Detected Blocked
Remote IP address	IP address from which the attack originated.	IP address
Date	Date the attack was detected or blocked.	Date
Fields in the Network Attack Activity list

Fields displayed in the exported file

Field	Description	Values
Computer	Computer name.	Character string
Network attack	Type of network attack.	Character string
Action	Action taken on the attack.	Detected Block
Local IP address	The computer local IP address.	IP address
Remote IP address	Remote IP address of the attack.	IP address
Local port	Local port on which the attack was detected or blocked.	Character string
Remote port	Remote port from which the attack was detected or blocked.	Character string
Date	Date the attack was detected.	Date
Number of occurrences	Number of detections of the same type of attack with the same source IP address in the space of an hour.	Character string
Fields in the Network Attack Activity exported file

Filter tool

Field	Description	Values
Computer	Computer name.	Character string
Network attack	Type of network attack.	Character string
Dates	Date range.	Last 24 hours Last 7 days Last month
Action	Action taken on the threat.	Detected Blocked
Filters available in the Network Attack Activity list

Details page

Field	Description	Values
Network attack	Type of network attack. For more details, click the icon.	Character string
Action	Action taken on the detection. For more information about how to manage detected threats blocked, see Stopping detecting suspicious network traffic.	Detected Blocked
Computer	Name of the computer where the threat was detected, IP address, and folder it belongs to in the group tree.	Name: Name of the computer. IP address: IP address of the computer where the attack was detected. Group: Folder within the Advanced EPDR group tree that the computer belongs to.
Local IP address	The computer local IP address.	IP address
Remote IP address	Remote IP address of the network attack.	IP address
Local port	Local port on which the attack was detected or blocked.	Character string
Remote port	Remote port from which the attack was detected or blocked.	Character string
Detection date	Date the network attack was detected.	Date
Number of occurrences	Number of detections of the same type of attack with the same source IP address in the space of an hour.	Character string
Fields on the Network Attack Detection page