Threat situations

Threat situations are system-defined resources used to block threats and suspicious traffic as part of threat inspection policy. Threat situations are dynamically updated by Forcepoint.

Threat situations define traffic signature patterns used by deep packet inspection to identify potentially malicious traffic. Threat situations are organized into the following threat categories.

Table 1. Threat categories and sub-categories
Parent category Description Sub-categories
Attack-related anomalies Network traffic typically seen prior to or following an attack.
  • Suspected attack-related anomalies
  • Attack-related anomalies
Protocol violations Enforces strict compliance for a variety of protocols including TCP, HTTP, DNS, and others. May come with an increased risk of false positives if enabled. N/A
Compromise and successful attacks Attacks designed to exploit known vulnerabilities or traffic patterns associated with attempts to gain unauthorized access to a system through bypassing normal security mechanisms.
  • Suspected compromise
  • Compromise
  • Successful attacks
  • Potential compromise
Denial of Service Attacks designed to overwhelm the network, servers, and associated services in order to deny service to legitimate users.
  • Suspected denial of service
  • Denial of Service
  • Potential Denial of Service
Disclosure Attacks designed to leak sensitive and confidential information including user names, source code, directory, configuration, and file contents.
  • Suspected disclosure
  • Disclosure
  • Potential disclosure
Probe Scanning activity designed to gather intelligence and identify vulnerabilities.
  • Suspected probe
  • Probe
  • Potential probe
Botnet Botnet traffic typically indicating that malware has been installed, allowing remote control of the device to steal data or use it as a launch pad for further attacks
  • Suspected botnet
  • Botnet
  • Potential botnet
Malicious routing Attacks that attempt to misuse network protocols to avoid or bypass security filters. N/A
Spyware, malware, and adware Services that are known to demonstrate malicious or undesirable behavior. Includes downloading of unauthorized software that can lead to further compromise. N/A
Other suspicious traffic Uncategorized suspicious traffic that does not conform to normal usage. May come with an increased risk of false positives if enabled. N/A

Threat category rules define a confidence level for all situations within top-level threat categories. Threat exceptions can be applied to threat categories, sub-categories, or individual threat situations.