Policy Results Threats Attributes

The following table lists and describes the attributes Oracle® Communications Security Shield Cloud Service (Security Shield) displays for creating custom Policy Threats reports.

Table B-3 Attributes for Use by Customers

Attributes	Description
Note: On-screen, an icon precedes each Policy Results Threat attribute to identify the data type.	# - The data type is numeric. A - The data type is text. Clock - The data type is time.
Action Taken	The action Security Shield performed after detecting the threat.
Aggregated Time	Indicates the time at which the record was written to the database.
Alert Reason	The text of the alert for a specific threat. Alerts include the following: Suspicious No Value call:spam_risk Suspicious No Value call:spoofed_call Suspicious No Value call:call_center_call Suspicious No Value call:fraud_risk Invalid/CLI Spoofing Malicious Behavior Detected - Possible TDOS launched by internal network Suspected TDOS Suspected Traffic Pumping
Applied Policy	The name of the applied policy. For example, Fraud Detect Rule.
Call End Time	The ending time of a call. The Call End time might not display when: one of the parties has not terminated the call. a network provider or a system in your organization's network has not canceled the call. when Security Shield has not received the call termination update to Security Shield. when the Session Border Controller has not sent the call termination update to Security Shield.
Call Insights	Provides the following information: Application-to-Person (A2P)—Reason codes specific to application-to-person messaging. For example, verification codes, appointment reminders, One Time Passcodes, verification messages, or other calls sent to a user. Person-to-Person (P2P)—Reason codes specific to human-to-human calls. Number Type—The line type or phone type information. Activity—Reason codes related to the amount of activity Security Shield observed for the number, compared to what is expected for a good user. For example, the number of communications transactions to or from the number, the quantity of unique numbers communicated with, and the number of accounts communicated with. Alert reasons and names displayed in the notification message text include: ACL Match—acl match ACL Match and Allow—allowed CLI Spoofing Suspected—invalid numbers (to=from) Country Code (Destination) Does Not Exist—invalid country code International Calls Fraud Suspected—fraud-like activity Suspected Fraudulent Destination—high-risk destination Suspected Toll Fraud—toll fraud-like activity Suspected Traffic Pumping—traffic pumping-like activity TDoS Suspected—denial of service-like activity
Call Frequency Limit Exceeded	Indicates that the number of successful calls made to a destination phone number exceeds the frequency threshold limit.
Call Reputation Grade	The Call Reputation Grade based on the Reputation Score. The Reputation grades include: Critical Risk High Risk Significant Risk Severe Risk Suspicious Good Acceptable Unknown Note: When the call score is -1, unknown indicates the call is blocked by the customer's blocklist and Security Shield did not perform the reputation score calculation.
Call Score	The reputation score for the call.
Call Stage	The stage of the call associated with the call record. For example: initiate, mid-call, terminate, and update.
Call Start Time	The time at which the call started. Note: Call Start Time always displays a value.
Call Terminate State Trigger	Describes the trigger that lead the call to the determinant stage.
Call Termination Initiator	Describes the actor that terminated the call. For example, the caller, callee, Session Border Controller, Security Shield, or other.
Call Termination Reason	Describes the reason for call termination. For example: Canceled, Bye, noAnswer, errorResponse, or other.
Call Type	The call type in policy context. For example,International, Suspect, Toll Free, Premium Rate Service, and National.
Called Number	The called number from the TO header of the SIP call.
Called Number Score	The score assigned by Security Shield to the called number.
Calling Number	The calling number on record from the FROM header of the SIP call.
Calling Number Score	The score assigned by Security Shield to the called number.
Carrier Name	The name of the telecom carrier of record. If no data is provided, Security Shield cannot know or access this information. When Security Shield records contain no carrier for this calling number, the field displays empty.
Country Name	The location of the Calling Number for inbound Calls.
Decision	The decision for whether or not the policy was applied. Values: True \| False. Note: This field must be Boolean and cannot be null or missing.
Enforcement Action Comment	Comments about why Security Shield performed the particular action. Comments include the following: Suspected Toll Fraud Suspected TDOS Suspected Traffic Pumping Suspected Anonymous FDCPA rule enforced ACL Allow Enforced ACL Exclude Enforced Blocklist Enforced CLI Verification Failed Score Enforced
Enforcement Action Trigger	The trigger causing Security Shield to apply the final outcome. Triggers include: Anonymous Call center call Enterprise lookup (for outbound calls) Fraud risk Managed list Outbound call frequency limit Reputation score Spam risk STIR TN validation unsuccessful Spoofed call Third party Threats
Final Outcome	The enforcement action Security Shield applied, as determined by the Policy Decision Engine based on policy rules. Call actions include: Allow Exclude Redirect Reject Rate limit
Ingress	A call direction parameter. Values: True-indicates the call is inbound. False-indicates the call is outbound.
Lookup Number	The phone number sent from the Session Border Controller to the Policy Decision Engine for enforcement determination. Inbound calls—When the SIP INVITE includes a P-Asserted Identity (PAI) header, Security Shield sends the User portion of the PAI header in the Lookup Number field. When the SIP INVITE includes multiple PAI headers, Security Shield uses the phone number of the first tel PAI header. When no tel PAI header exists, Security Shield uses the User portion of the first SIP PAI header. Outbound calls—Security Shield sends the User portion of the TO header.
PDE Call End Time	The time at which the Policy Decision Engine initiates termination of a dangling call.
PDE Server ID	The unique ID of the Policy Decision Engine server. Used by Oracle personnel.
Policy Response Time	The number of milliseconds added to the call to send the policy request to the Policy Decision Engine, receive the policy response, and act on the response.
Policy Version	The version of the applied policy.
Realm	The realm for incoming and outgoing calls.
SBC Receive Time	The time at which the Policy Decision Engine receives the request from the Session Border Controller.
SBC Receive Time	The time at which the Policy Decision Engine receives the request from the Session Border Controller.
SBC Response Time	The time at which the Policy Decision Engine sends the response to the Session Border Controller.
SBC Server ID	The unique ID of the Session Border Controller server.
Service Provider	Name of the Service Provider
Threat Count	The total number of calls received based on the Threat ID.
Threat ID	The unique ID of the particular threat associated with a call.
Threat Timestamp	The timestamp showing when Security Shielddetected the threat.
Threat Vector Type	The name of the threat vector. Threat vectors include: Call Center Call Fraud Risk Spam Risk Spoofed Call Toll Fraud Traffic Pumping

Table B-4 Attributes Reserved for Oracle Personnel

Attribute	Description
Aggregated Time	The time at which the record was written to the database. Used by Oracle employees for tracking and debugging.
GBUA Processed Timestamp	Used by the Security Shield team for tracking and debugging purposes.
PDE Server ID	The unique ID of the Policy Decision Engine server.
Policy Response Time	The number of milliseconds added to the call to send the policy request to the Policy Decision Engine, receive the policy response, and act on the response.