The following sections outline the features that collect data, the data transmitted, and the locations on the product console where you can disable the features.
- Threat Connect
- Domain Exceptions
- Priority Watchlist
- Registered Services
- Trusted Internal Network
- Analysis Report
- RCA Report
- Threat Connect in Correlative Events
- Email Encryption
To see where this data is processed, refer to our list of data centers and authorized data subprocessors and their locations.
Threat Connect
Threat Connect allows the administrator to view related threat information from the global intelligence database.
Data is only sent when the administrator manually clicks the “View in Threat Connect” button in the “Detection Details” view.
| Data collected |
|
|---|---|
| Console location |
The user manually triggers Threat Connect connection in the “Detection Details” view of a network detection.
|
| Console settings |
View in Threat Connect |
| Data collected |
|
|---|---|
| Console location |
The user manually triggers Threat Connect connection in the “Detection Details” view of an email detection.
|
| Console settings |
View in Threat Connect |
Domain Exceptions
The administrator can add domains that they consider safe to an exception list.
Data is only collected when the administrator manually adds domain names on the management console.
| Data collected | Domain name |
|---|---|
| Console location | Administration > Network Analytics > Domain Exceptions |
| Console settings |
Domain Exceptions |
Priority Watchlist
The administrator can add servers that they consider high-priority for tracking and reporting.
Data is only collected when the administrator manually adds IP addresses on the management console.
| Data collected | IP address |
|---|---|
| Console location | Administration > Network Analytics > Priority Watch List |
| Console settings |
Priority Watch List |
Registered Services
The administrator can add servers for specific services that their organization uses.
Data is only collected when the administrator manually adds domains name on the management console.
| Data collected | IP address |
|---|---|
| Console location | Administration > Network Analytics > Registered Services |
| Console settings |
Registered Services |
Trusted Internal Network
The administrator can specify IP addresses or ranges to treat as part of their trusted internal network.
Data is only collected when the administrator manually adds IP addresses or ranges on the management console.
| Data collected |
|
|---|---|
| Console location | Administration > Network Analytics > Trusted Internal Network |
| Console settings |
Analysis Report
The administrator can view the correlation data of a correlated event.
Data is only sent when the administrator manually clicks the “Correlation Data” icon on the “Correlated Events” screen.
| Data collected |
|
|---|---|
| Console location | Detections > Correlated Events |
| Console settings |
|
The administrator can view the correlation data of a synchronized suspicious object.
Data is only sent when the administrator manually clicks the “Correlation Data” icon on the “Synchronized Suspicious Objects” screen.
| Data collected |
|
|---|---|
| Console location | Threat Intelligence > Product Intelligence > Synchronized Suspicious Objects |
| Console settings |
|
RCA Report
Endpoint analysis reports can be collected from Endpoint Sensor to help with correlation.
Data is automatically collected periodically when the administrator enables retrieval of endpoint analysis reports from Apex Central on the management console.
| Data collected |
|
|---|---|
| Console location | Administration > Integrated Products/Services > Apex Central |
| Console settings |
|
Threat Connect in Correlative Events
Threat Connect allows the administrator to view related threat information from the global intelligence database.
Data is only sent when the administrator manually clicks the “Threat Connect” button in the “Correlation Data” view.
| Data collected |
|
|---|---|
| Console location |
The user manually triggers Threat Connect connection in the “Correlation Data” view of a correlated event. |
| Console settings |
Threat Connect |
Email Encryption
In the Domain List screen, the administrator can specify email domains for email encryption and an email address for receiving key files to complete the domain registration process.
In the Identification screen, the administrator can specify the email address that is used to sign messages with domains that are not part of the Domain List.
| Data collected |
|
|---|---|
| Console location | Appliances > Email Encryption |
| Console settings |
|
