Evidence: Verification sidebar
The Evidence sidebar is expanded by clicking an evidence link in the Evidence column of the Threats tab. Click the to close the sidebar.
The evidence type of Verification is displayed at the top of the sidebar.
Click the to access the Network event details page and the full details of the associated event.
A brief description of the evidence is provided.
Threat details
- Threat
-
Name of the detected security risk.
- Threat class
-
Name of the detected security risk class.
- First seen Last seen
-
A graph with the timestamp from when the evidence was first and last seen.
The Duration is displayed below the graph.
Verifier summary
A summary of the verifier is displayed. For more details, click the link to view the Verifier pop-up.
- Verification outcome
-
Indicates the event outcome. Possible values:.
-
Blocked: The threat was blocked by the VMware NSX Network Detection and Response or by a third party application.
-
Failed: The threat failed to reach its goal. This could be caused by the C&C server being offline, the attacker made coding errors, etc.
-
Succeeded: The threat was verified to have reached its goal. This could be its check-in attempt to the C&C server completed and data was received from the malicious endpoint.
-
- Confidence
-
The confidence that the algorithm has correctly identified the evidence.
- Verifier name
-
The name of the event verifier.
- Verifier message
-
A message from the verifier which provides further information about the outcome, for example, which third party application blocked the threat.
Detector summary
A summary of the detector is displayed. For more details, click the link to view the Detector pop-up.
- Detector name
-
The name of the detector.
- Goal
-
Short description of the goal of the detector.
- ATT&CK categorization
-
Displays the detected MITRE ATT&CK technique.