Embedded Files
About PerceptionPoint
About PerceptionPoint
Perception Point is an AI-powered Prevention-as-a-Service platform offering comprehensive, multi-layered defense for the modern digital workspace. It rapidly detects and blocks advanced threats, including zero-days and Account Takeover (ATO) attempts, across key communication channels like email, web browsers, and cloud collaboration apps.
Main Log Types:
Main Log Types:
SCANS: These logs detail the execution of every content scan (email, file, or URL) processed by the security engines, providing the granular outcome and initial verdict of the analysis.
CASES: These are suspicious security incidents, such as Account Takeover (ATO) attempts or anomalous activities, that the system escalates and requires investigation and remediation by the SOC team.
AUDIT: These are general audit logs that record every action within the system, including successful and failed user logins.
Product Configuration
Product Configuration
Extracting the API Key and Zone ID from the Perception Point System
Extracting the API Key and Zone ID from the Perception Point System
The API Key and Zone ID are essential credentials required for authentication and communication with the Perception Point API service.
Log in to the Perception Point System: Access the Perception Point management portal and log in with your user credentials.
Locate the API Key:
Navigate to the system Settings or Integrations area within the portal (typically found under Settings, Integrations, or API).
Look for an option to generate or view the API Token or API Key.
Copy and securely save the displayed API Key.
Note: The API Key may only be displayed once upon creation.
Locate the Zone ID:
The Zone ID is often the base URL (Endpoint) specific to your organization's API, or a unique value found under the API/Integrations settings.
The required API address (for example, https://<YOUR-ZONE-NAME>.perception-point.io/api/...). The "ZONE" is the variable part of the URL.
Monitoring Configuration Requirements
Monitoring Configuration Requirements
Perception Point Admin user.
Parser
Parser
There are 3 processors for the connector because there are 3 types of events: AUDIT, SCANS, and CASES.
PerceptionAUDIT.jsonparser.properties & PerceptionAudit.sdkrfilereader.properties
PerceptionSCAN.jsonparser.properties & PerceptionSCAN.sdkrfilereader.properties
PerceptionCASES.jsonparser.properties & PerceptionCASES.sdkrfilereader.properties
Rules
Rules
Audit admin monitoring
Successful logins/failed logins
Creation of Cases in Perception Point
Notes
Notes
"Failed Login" events are classified as CASES events, not AUDIT events, because they are considered a "true incident" .
Troubleshooting
Troubleshooting
Page updated
Report abuse