Click the Details link in the far right column of a threat report in the Threat Report Search Reports table to see details for that threat report, if available.

The information on the Threat Report Details page varies depending on the feed source and type of indicator. The following table describes the fields on this page.

Field

Description

Title

The feed name and the unique ID of the report.

Report Details

This section includes:

  • ID – the unique ID of the report

  • Link – if available, a link to the report on the website of the feed source

  • Updated – when the report was last updated

  • MD5s – the number of suspicious MD5s

  • SHA-256s – the number of suspicious SHA-256s

  • IPs – the number of suspicious IP addresses

  • Domains – the number of suspicious domains

  • Queries – the number of queries in the report

Report Tags

One or more descriptive strings from the feed provider to help explain what the report is about. For example, tags can describe a specific threat, a threat category, a targeted industry, a known threat actor, or geographic information. Not all reports have tags.

Feed Description

The description of the feed given by the provider.

Report Description

The description of this report from the feed provider.

Report Score

The threat score of this report. Report scores range from minus 100 to 100, with lower scores meaning lower threat and higher scores meaning higher threat. Threat scores are one factor in the calculation of Alert severity.

Ignore this Report?

Ignore any future instances of this report so that they do not trigger alerts.

Report Indicators

A table of indicators that the report references (IPs, MD5s, SHA-256s, domains, queries). If the Type is MD5, clicking the indicator name links to the Binary Search page for that MD5.