home

Mobile Endpoint Security

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Issue Summary

The issue summary reports these parameters

  • Issue Status: Active, Resolved, or Ignored.

    For "Active" issues, an MES Console Administrator can change the status to "Ignored"

  • Issue: The name of the issue.
  • Device: The name of the issue.
  • Risk: High, Medium, or Low.
  • Issue Type: The high level category, such as Application, Configuration, File, Network, OS, or Web Content.
  • User: Typically the email address for the user associated with the device.
  • Dwell Time: The time between detection and resolution.
    Note:

    NOTE: For some network attacks, the Lookout for Work mobile app may not be able to communicate with Lookout until after the threat is resolved. In this case, because Lookout receives the issue after it is already resolved, the Dwell Time may be listed as 0s.

  • Device, Application, or Network Details: Lists the device owner or the compromised app, and includes a link to Device Details.
  • Classification: The specific category, such as Spyware or Trojan.
  • Family Name: Issues are often grouped into families based on their authorship, shared code, and common purpose or motivation
  • Classification Description: A definition of the issue classification that describes the general capabilities and behaviors.
  • Subclassification: The classification subclass such as Banking Trojan.
  • About <Family Name > : Provides greater detail around the issue and its potential impact.
  • Anomalies: Lists the Indicators of Compromise (IOCs) that indicate an issue.

    Additional information may be present for certain issue types:

Application Issues:

  • Application Details: Lists the app package and includes a link to the app analysis results.
  • Risk Summary: For Application issues, this lists a summary of risks and vulnerabilities as taken from the app's App Details page. Click View Full App Details to navigate to the page.

Network Issues:

  • Network Details: The name of the network that the device was connected to at the time of the detection.
  • Network Anomalies: Detected anomalies with the network itself.
  • Network: Detailed information about the network, including the SSID, network type, MAC address, TLS protocol version, proxy information, and VPN information.
  • Certificate Details: Information about relevant certificates.

Web Content Issues:

  • Device Response: Whether the content was blocked, and whether the user could proceed.
  • Content Classifications: All detected content types for the given URL.