home

Mobile Endpoint Security

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Interact with Research App Details

When you submit an LQL query in the Research query area, any matching applications appear in the results area below the query entry area. After reviewing the query results, selecting any application listed in the query result area takes you to the application page containing summary and detailed information about the application. Descriptions of the data on each of the application research tabs follows here:

  • Summary: Displays summary information on the individual application. Summary item details are on other tabs, which the user can access directly by clicking the value of a summary object, displayed in blue. Example: Clicking the value for Sessions under Dynamic Analysis displays the Dynamic Analysis tab with the details for the Sessions value.

    Any value displayed in green on the summary or any detail tab, is a potential data query pivot point, explained in more detail in Research Query Pivots.

  • Behaviors: Displays information about the application’s observed behaviors and synthesized intelligence, including:
    • any threat detection information
    • the application’s capabilities and associated risk weighting
    • unusual asset characteristics
    • platform-specific security exceptions
    • all remote hosts (IP/FQDN) the application attempted to communicate with
    • a list of application’s files and the actions observed (read/write)
  • Dynamic Analysis: Displays information about the application’s activities observed during dynamic analysis, including:
    • the number of dynamic analysis sessions conducted on the application
    • file read/write operations
    • remote host communications (IP Flows)
    • DNS resolution requests
    • telephony activity

      Dynamic analysis is available only for Android applications. In addition, not all applications have a Dynamic Analysis tab initially as the Dynamic Analysis process might not have been completed by the time you view the application in the MES console.

  • Metadata: Displays information including:
    • the application signing certificate(s)
    • the operating system permissions/entitlements used by the application
    • the intents (actions) the application can take or request
    • application entry points which represent the ways in which the operating system/device or user interacts with the application
  • Package: Displays information including:
    • platform-specific application package metadata
    • the executables included in the application package
    • other assets included in the application package
    • executable and asset file hash values