home

Mobile Endpoint Security

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Mobile Endpoint Security

Threat Event Fields

Common Threat Detail Fields

All THREAT events include a details block with the following fields:

"events": [
  {
    "type": "THREAT",
    "id": "1581",
    "eventTime": "2017-01-03T20:59:41.000Z",
    "details": {
      "type": "APPLICATION",
      "id": "487e5ed1-5fcb-4700-bb44-5cc33a089e81",
      "action": "IGNORED",
      "description": "!description!",
      "severity": "HIGH",
      "classifications": ["WORM"],
      "assessments": [
        "classification": "WORM",
        "id": "487e5ed1-5fcb-4700-bb44-5cc33a089e81",
        "severity": "HIGH",
      ],
      ...  
    },      
    "target": {...},      
  }
]
Field Type Description
 
type
 String Indicates the type of threat event. One of APPLICATION, CONFIGURATION, FILE, NETWORK, OS.
id
 UUID Unique ID identifying this particular threat encounter.
action
 enum Indicates the action of the event. One of DETECTED, RESOLVED, IGNORED.
description
 String A description of the threat, when available.
severity
 enum

Indicates the severity of the event. One of LOW, MEDIUM, HIGH, NONE.

If a threat consists of multiple assessments, this lists the highest severity present.

classifications
 enum array

Indicates the classifications for this event. Classifications for each threat type are listed in the respective threat specific topics.

The API returns an UNKNOWN classification if it cannot determine the threat type or classification. If the threat consists of multiple classifications (such as an installed application that has more than one vulnerability), review the assessments block for the individual severities and IDs.

assessments
 array For threats with multiple classifications, an array of threat assessments. An Application threat, for example, may consist of multiple threat assessments.
  assessments:
classification
 String The classification of the assessment. Classifications for each threat type are listed in the following sections.
   assessments: id
 UUID Unique ID identifying the assessment.
   assessments: severity
 String Indicates the severity of the assessment. One of LOW, MEDIUM, HIGH.

Last updated: September 30, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.