Mobile Endpoint Security

Mobile Endpoint Security Security Service Edge

Mobile Endpoint Security Security Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Mobile Endpoint Security

Mobile Endpoint Security Contents

MES Console

Small and Medium Business Solutions (SMB)

MDMs

SIEM Integrations

QRadar Integration

Mapping Lookout Events to QRadar LEEF Fields

Threat event common fields

Network threat fields

Application and File threat fields

Configuration threat fields

OS threat fields

Web Content threat fields

MES APIs

Threat event common fields

These fields exist in the details of all Lookout events where event.type=THREAT.


Lookout event field	Type	LEEF field	Description
`event.details. classifications`	enum	`cat`	Threat Category is tied directly to the `event.details.classifications` field. One of ADWARE,APP_DROPPER,BACKDOOR,BOT,CHARGEWARE,CLICK_FRAUD,DATA_LEAK,DENYLISTED_APP,EXPLOIT,RISKWARE,ROOT_ENABLER,SPAM,SPYWARE,SURVEILLANCEWARE,TOLL_FRAUD,TROJAN,VIRUS,VULNERABILITY,WORM,ACCESS_CONTROL_VIOLATION,AGENT_OUTDATED,DEVELOPER_MODE_ENABLED,NO_DEVICE_LOCK,NON_APP_STORE_SIGNER,OUT_OF_DATE_OS,OUT_OF_DATE_ASPL,PCP_DISABLED,ROOT_JAILBREAK,SIDELOADED_APP,UNENCRYPTED,UNKNOWN_SOURCES_ENABLED,USB_DEBUGGING_ENABLED,VPN_NOT_ENABLED,ACTIVE_MITM,PORT_SCAN,ROGUE_WIFI,DENYLISTED_CONTENT,MALICIOUS_CONTENT,UNAUTHORIZED_CONTENT,PHISHING_CONTENT
`event.details. type`	enum	`lookoutEventType`	One of `NETWORK, APPLICATION, FILE, CONFIGURATION, OS, WEB_CONTENT`
`event.details.id`	GUID	`lookoutThreatId`	Lookout's internal GUID for the threat.
`event.details.action`	enum	`lookoutAction`	The state of the threat action. One of `DETECTED, RESOLVED, IGNORED`.
`event.details.severity`	enum	`lookoutSeverity`	The threat severity. One of `LOW, MEDIUM, HIGH`.
`event.details.classifications`	Array	`lookoutClassifications`	The Lookout threat classification. One of ADWARE,APP_DROPPER,BACKDOOR,BOT,CHARGEWARE,CLICK_FRAUD,DATA_LEAK,DENYLISTED_APP,EXPLOIT,RISKWARE,ROOT_ENABLER,SPAM,SPYWARE,SURVEILLANCEWARE,TOLL_FRAUD,TROJAN,VIRUS,VULNERABILITY,WORM,ACCESS_CONTROL_VIOLATION,AGENT_OUTDATED,DEVELOPER_MODE_ENABLED,NO_DEVICE_LOCK,NON_APP_STORE_SIGNER,OUT_OF_DATE_OS,OUT_OF_DATE_ASPL,PCP_DISABLED,ROOT_JAILBREAK,SIDELOADED_APP,UNENCRYPTED,UNKNOWN_SOURCES_ENABLED,USB_DEBUGGING_ENABLED,VPN_NOT_ENABLED,ACTIVE_MITM,PORT_SCAN,ROGUE_WIFI,DENYLISTED_CONTENT,MALICIOUS_CONTENT,UNAUTHORIZED_CONTENT,PHISHING_CONTENT

Last updated: November 20, 2024

lookout-footer

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.