API concepts

To understand this API's various URL resources and the data it exchanges, you need to familiarize yourself with these concepts:

  • Configuration ID: When you sign up for ETP, you receive a configuration and associated ID. You need to use this parameter for all operations in the ETP Reporting API. See List Configurations in the ETP Configuration API to obtain this value.

  • Filters: You can filter report data by crafting a Filter object, supplied in the operation URL. You specify filter values to either include or exclude data from the report. You can include additional filter entries and values to further parse report data. See the Filter object type.

  • AUP Event: AUP events provide details on a detected or blocked threat, as directed by the acceptable use policy assigned to your location. You can investigate false positives or provide additional details on why a specific page was blocked.

  • DNS Event: DNS Events provide details on detected threats when accessing a malicious domain. ETP then on-ramps the traffic to Nevada for further analysis.

  • Network traffic transaction: Network traffic transactions provide details on all network traffic that is directed to ETP, including suspicious traffic or traffic that bypasses ETP Proxy. If traffic was dropped, the connection data reports why.

  • Proxy network traffic connection: Proxy network traffic connections provide details on the network traffic that's directed to proxy. Information such as internal client IP, username, group name, and more are logged in this report. The Proxy Activity report also shows what action was applied to traffic.

  • Security Connector Events: Security Connecter events provide details on malicious or suspicious traffic that ETP routes to a sinkhole device per the policy configuration. ETP collects information about the user device or machine that made the request, such as the internal IP address of the end user's machine. This information allows you or an IT administrator to identify compromised machines in your network.

  • Threat Event: Threat events provide details on a detected or blocked threat, as directed by your custom ETP security lists. You can look at traffic details to gain insight on malicious websites or phishing campaigns.

  • Data retention policy: Enterprise Threat Protector (ETP) stores entries for 30 days, after which data becomes unavailable.