PerceptionPoint

  • Updated on Feb 7, 2025
  • Published on May 29, 2023
Prev Next
Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

PerceptionPoint Scans

✅

✅

perceptionpoint_scans

NDJSON

API/S3

Overview

imagePerceptionPoint is a cybersecurity company specializing in advanced threat prevention for email, cloud collaboration apps, and web browsers. Its platform detects and blocks phishing, malware, business email compromise (BEC), and zero-day attacks using AI-driven analysis and dynamic threat detection. Designed for speed and scalability, Perception Point provides real-time threat prevention, incident response, and forensic analysis to help organizations protect sensitive data and maintain secure communication channels.

Supported data types

Scans

Table name: perceptionpoint_scans

Perception Point scans are advanced security analyses performed on emails, cloud collaboration files, and web content to detect and block threats such as phishing, malware, business email compromise, and zero-day attacks. These scans use AI-driven threat detection, dynamic analysis, and file sandboxing to identify malicious content before it reaches users. By analyzing attachments, URLs, and embedded scripts in real time, Perception Point ensures proactive protection against cyber threats while minimizing false positives and response times for security teams.

Send data to Hunters

You can collect logs using 2 methods:

  • API - connect your PerceptionPoint instance to Hunters using API by performing a few simple steps.

  • S3 storage - route logs to an S3 bucket and provide Hunters with the details.

Using API

To connect PerceptionPoint logs:

  1. Login to PerceptionPoint platform and retrieve your PerceptionPoint Client token.

  2. Complete the process on the Hunters platform, following this guide.

Using S3 storage

Alternatively, you can collect the these logs from your network to a shared storage service (e.g. to an S3 bucket) shared with Hunters. Click here for further instructions.

Expected format

Logs are expected in JSON format.

{
    "origin": "email",
    "sub_verdict": "MAL",
    "scan_layers": ["Anti Spam", "Anti Phishing"],
    "finished_at": "2022-04-11T10:55:21.624222",
    "group_keys": ["domain-gmail.com", ],
    "marked_as_fp_by": null,
    "evidence": [{
        "category": "",
        "confidence": 0.0,
        "description": "",
        "scan_id": "",
        "root_scan_id": "",
        "identifiers": "[]",
        "trace_id": "",
        "name": "new_sender_vector",
        "verdict": "",
        "key": "",
        "timestamp": 1649674510.30517,
        "data": {},
        "full_key": ""
    }],
    "sample": {
        "receiver_domain": "",
        "cc_addresses": "",
        "from_address": "",
        "recipients": "",
        "delivery_time": null,
        "return_path_address_main_domain": "gmail.com",
        "source_ip": "",
        "links": {},
        "sender_domain": "gmail.com",
        "headers": null,
        "to_addresses": "undisclosed-recipients:;",
        "sha1": "",
        "file_size": null,
        "pe_icon_link": null,
        "sha256": "",
        "message_id": "",
        "return_path_address_mail_box": "",
        "md5": ""
    },
    "images": [{
        "id": "",
        "links": {
            "image": ""
        },
        "description": "Email Image"
    }],
    "max_group_size": 18,
    "id": "",
    "verbose_automation_status": null,
    "organization_name": "",
    "confidence": 0.0,
    "max_external_bulk_size": 179627,
    "scan_engines": [],
    "verdict_changed_at": "2022-04-11T10:55:21.273247",
    "decisions": [],
    "sample_type_str": "email",
    "full_scan_id": "",
    "ir_decision": null,
    "highlighted": false,
    "parent_organization_name": "",
    "payload_type": "payloadless",
    "attachment": "",
    "sample_from": "",
    "search_descendants": [{
        "envelope_to": "",
        "from_address": "",
        "scan_layers": ["Anti Spam", "Anti Phishing"],
        "group_keys": ["domain-gmail.com", ],
        "parent_scan_id": "",
        "scan_traces_count": 0,
        "decisions": [{
            "verdict": "MAL",
            "decision_name": "IR - empty subject + undisclosed recipients"
        }],
        "subject": "",
        "verbose_status": "CMP",
        "scan_id": "",
        "sample_type_str": "email",
        "source": "",
        "sample_from": "",
        "sample_sha256": "",
        "recipients": "",
        "verbose_verdict": "MAL",
        "malicious_file_link": null,
        "to_addresses": "undisclosed-recipients:;",
        "verdict_changed_by": "System",
        "receiver_domain": "",
        "original_message_id": "",
        "source_ip": "",
        "upload": "",
        "headers": null,
        "reply_to": "",
        "sample_title": ""
    }],
    "verbose_status": "CMP",
    "verbose_verdict": "MAL",
    "is_highlighted": null,
    "organization_id": 377,
    "was_requested_for_investigation": false,
    "queued_for_bulk_action": false,
    "verbose_origin": "Exchange",
    "sample_to": "",
    "attachments_names": null,
    "root_scan_summary": {
        "verbose_verdict": "MAL",
        "is_fn": false,
        "sub_verdict": "MAL",
        "was_requested_for_investigation": false
    },
    "handle_status": "AAP",
    "root_scan_id": "",
    "created_at": "2022-04-11T10:55:08.732808",
    "verbose_confidence": null,
    "verbose_action": "SCANNED",
    "is_fn": false,
    "sample_file_type": "eml",
    "sub_origin": "",
    "sample_title": "",
    "sample_to_type": "user",
    "sample_from_type": "user"
}