📢 Read the latest Release Notes to learn what's new on Hunters! 💡

Perception Point

  • Updated on Apr 8, 2026
  • Published on May 29, 2023
Prev Next

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Perception Point Scans

✅

✅

perceptionpoint_scans

NDJSON

API/S3

Overview

imagePerceptionPoint is a cybersecurity company specializing in advanced threat prevention for email, cloud collaboration apps, and web browsers. Its platform detects and blocks phishing, malware, business email compromise (BEC), and zero-day attacks using AI-driven analysis and dynamic threat detection. Designed for speed and scalability, Perception Point provides real-time threat prevention, incident response, and forensic analysis to help organizations protect sensitive data and maintain secure communication channels.

Supported data types

Scans

Table name: perceptionpoint_scans

Perception Point scans are advanced security analyses performed on emails, cloud collaboration files, and web content to detect and block threats such as phishing, malware, business email compromise, and zero-day attacks. These scans use AI-driven threat detection, dynamic analysis, and file sandboxing to identify malicious content before it reaches users. By analyzing attachments, URLs, and embedded scripts in real time, Perception Point ensures proactive protection against cyber threats while minimizing false positives and response times for security teams.

Send data to Hunters

You can collect logs using 2 methods:

  • API - connect your Perception Point instance to Hunters using API by performing a few simple steps.

  • S3 storage - route logs to an S3 bucket and provide Hunters with the details.

Using API

To connect PerceptionPoint logs:

  1. Login to Perception Point platform and retrieve your Perception Point Client token.

  2. Complete the process on the Hunters platform, following this guide.

Using S3 storage

Alternatively, you can collect the these logs from your network to a shared storage service (e.g. to an S3 bucket) shared with Hunters. Click here for further instructions.

Expected format

Logs are expected in JSON format.

{
    "origin": "email",
    "sub_verdict": "MAL",
    "scan_layers": ["Anti Spam", "Anti Phishing"],
    "finished_at": "2022-04-11T10:55:21.624222",
    "group_keys": ["domain-gmail.com", ],
    "marked_as_fp_by": null,
    "evidence": [{
        "category": "",
        "confidence": 0.0,
        "description": "",
        "scan_id": "",
        "root_scan_id": "",
        "identifiers": "[]",
        "trace_id": "",
        "name": "new_sender_vector",
        "verdict": "",
        "key": "",
        "timestamp": 1649674510.30517,
        "data": {},
        "full_key": ""
    }],
    "sample": {
        "receiver_domain": "",
        "cc_addresses": "",
        "from_address": "",
        "recipients": "",
        "delivery_time": null,
        "return_path_address_main_domain": "gmail.com",
        "source_ip": "",
        "links": {},
        "sender_domain": "gmail.com",
        "headers": null,
        "to_addresses": "undisclosed-recipients:;",
        "sha1": "",
        "file_size": null,
        "pe_icon_link": null,
        "sha256": "",
        "message_id": "",
        "return_path_address_mail_box": "",
        "md5": ""
    },
    "images": [{
        "id": "",
        "links": {
            "image": ""
        },
        "description": "Email Image"
    }],
    "max_group_size": 18,
    "id": "",
    "verbose_automation_status": null,
    "organization_name": "",
    "confidence": 0.0,
    "max_external_bulk_size": 179627,
    "scan_engines": [],
    "verdict_changed_at": "2022-04-11T10:55:21.273247",
    "decisions": [],
    "sample_type_str": "email",
    "full_scan_id": "",
    "ir_decision": null,
    "highlighted": false,
    "parent_organization_name": "",
    "payload_type": "payloadless",
    "attachment": "",
    "sample_from": "",
    "search_descendants": [{
        "envelope_to": "",
        "from_address": "",
        "scan_layers": ["Anti Spam", "Anti Phishing"],
        "group_keys": ["domain-gmail.com", ],
        "parent_scan_id": "",
        "scan_traces_count": 0,
        "decisions": [{
            "verdict": "MAL",
            "decision_name": "IR - empty subject + undisclosed recipients"
        }],
        "subject": "",
        "verbose_status": "CMP",
        "scan_id": "",
        "sample_type_str": "email",
        "source": "",
        "sample_from": "",
        "sample_sha256": "",
        "recipients": "",
        "verbose_verdict": "MAL",
        "malicious_file_link": null,
        "to_addresses": "undisclosed-recipients:;",
        "verdict_changed_by": "System",
        "receiver_domain": "",
        "original_message_id": "",
        "source_ip": "",
        "upload": "",
        "headers": null,
        "reply_to": "",
        "sample_title": ""
    }],
    "verbose_status": "CMP",
    "verbose_verdict": "MAL",
    "is_highlighted": null,
    "organization_id": 377,
    "was_requested_for_investigation": false,
    "queued_for_bulk_action": false,
    "verbose_origin": "Exchange",
    "sample_to": "",
    "attachments_names": null,
    "root_scan_summary": {
        "verbose_verdict": "MAL",
        "is_fn": false,
        "sub_verdict": "MAL",
        "was_requested_for_investigation": false
    },
    "handle_status": "AAP",
    "root_scan_id": "",
    "created_at": "2022-04-11T10:55:08.732808",
    "verbose_confidence": null,
    "verbose_action": "SCANNED",
    "is_fn": false,
    "sample_file_type": "eml",
    "sub_origin": "",
    "sample_title": "",
    "sample_to_type": "user",
    "sample_from_type": "user"
}