Web Content Threat Detail Fields
In addition to the Common Threat Detail Fields, the
details block for
THREAT events of
type=WEB_CONTENT also includes the following fields:
"details": {
...,
"assessments": [...],
"pcpReportingReason":"OBJECTIONABLE_CONTENT",
"pcpDeviceResponse":"BLOCKED",
"pcpUserAction":"BACK_TO_SAFETY",
"pcpCategories":"PORNOGRAPHY",
"url":"http://doyoureallyexpectanexamplehere.com",
}| Field | Type | Description |
|---|---|---|
|
enum | The reason for the threat event. One of
OBJECTIONABLE_CONTENT, MALICIOUS, PHISHING, BLACKLISTED, ANALYSIS |
|
enum | The Lookout client response to the threat event, based on the Protections policy configured in the MES Console. One of
NONE, BLOCKED, REDIRECTED_USER_MAY_PROCEED |
|
enum | The device user's response to the threat. One of
BACK_TO_SAFETY, WARNING_IGNORED, WHITELISTED |
|
enum | The categorization(s) of the URL, from:
RESERVED, PORNOGRAPHY, SEX_EROTICA, VIOLENCE, CRIMINAL_SKILLS, HACKING, HATE_SPEECH, ILLEGAL_DRUGS, CRIMINAL_ACTIVITIES, AD_FRAUD, COMMAND_AND_CONTROL_CENTERS, COMPROMISED_LINKS_TO_MALWARE, MALWARE_CALL_HOME, MALWARE_DISTRIBUTION_POINT, PHISHING_FRAUD, SPAM_URLS, SPYWARE_QUESTIONABLE_SOFTWARE, ONLINE_ADS, BOTNET, NUDITY, OK, GAMBLING, SEXUALLY_SUGGESTIVE, R_RATED, AGGRESSIVE, CHILD_ABUSE_IMAGES, PIRACY, SCHOOL_CHEATING, SELF_HARM, TORRENT_REPOSITORY, TERRORISM |
|
String | The URL that triggered the PCP response. |
