date: 'March 19, 2016 05:56 PM'describes the date and time that a sample was detected for the alert. All alerts use the same set of field names, but their values vary depending on the samples detected in the alert period.
You can configure AutoFocus HTTP/HTTPS alerts to send notifications as plain text to a web server using standard HTTP requests or within a secure communications channel using HTTPS requests. Additionally, AutoFocus can authenticate a user on the web server receiving the HTTPS alerts with basic user authentication, providing another layer of security. All HTTPS requests use TLS 1.2 ciphers to negotiate security settings.
Use HTTP alerts to publish information about detected samples on a web page or a threat feed.
When creating an HTTP/HTTPS alert, provide the URL of a server that has been preconfigured to parse the name-value pairs from the alert. If you are configuring an HTTPS alert with basic authentication, provide the user credentials of an account on the server receiving the notifications. Refer to the following table of field names and possible data types for the field values. The data type describes how a value should be interpreted and stored by the server.
The number of unique samples detected within the alert period
The date and time that the alert was sent in the following format: Month DD, YYYY hh:mm [AM/PM]
A list of each sample detected and the details associated with it
The date and time that the sample was detected in the following format: Month DD, YYYY hh:mm [AM/PM]
The SHA256, SHA1, and MD5 hashes of the sample
The specific tag that triggered the alert for the sample
The tag type that triggered the alert. The different
alert_typevalues that can be displayed are:
The WildFire verdict assigned to the sample:
To focus your attention on samples that exhibit malicious behavior, AutoFocus does not send alerts for benign samples.
The name of the support account that created the alert
Recommended For You
Recommended videos not found.